mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-23 22:11:24 +01:00
IMP(shellcheck): quote variable in tests (SC2086)
This commit is contained in:
Thibault Ayanides
parent
dba1dae963
commit
bc1aa65b91
@ -11,7 +11,7 @@ test_audit() {
|
||||
local test_file="/etc/crontab"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 $test_file
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -21,8 +21,8 @@ test_audit() {
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user $test_file
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -38,5 +38,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@ test_audit() {
|
||||
local test_file="/etc/cron.hourly"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 $test_file
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -21,8 +21,8 @@ test_audit() {
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user $test_file
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -38,5 +38,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@ test_audit() {
|
||||
local test_file="/etc/cron.daily"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 $test_file
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -21,8 +21,8 @@ test_audit() {
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user $test_file
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -38,5 +38,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@ test_audit() {
|
||||
local test_file="/etc/cron.weekly"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 $test_file
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -21,8 +21,8 @@ test_audit() {
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user $test_file
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -38,5 +38,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@ test_audit() {
|
||||
local test_file="/etc/cron.monthly"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 $test_file
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -21,8 +21,8 @@ test_audit() {
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user $test_file
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -38,5 +38,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@ test_audit() {
|
||||
local test_file="/etc/cron.d"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 $test_file
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -21,8 +21,8 @@ test_audit() {
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user $test_file
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -38,5 +38,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -22,28 +22,28 @@ test_audit() {
|
||||
|
||||
touch /etc/cron.allow /etc/at.allow
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user /etc/cron.allow
|
||||
chown $test_user:$test_user /etc/at.allow
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" /etc/cron.allow
|
||||
chown "$test_user":"$test_user" /etc/at.allow
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "/etc/cron.allow ownership was not set to"
|
||||
register_test contain "/etc/at.allow ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
useradd "$test_user"
|
||||
chmod 777 /etc/cron.allow
|
||||
chmod 777 /etc/at.allow
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "/etc/cron.allow permissions were not set to"
|
||||
register_test contain "/etc/at.allow permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
|
||||
@ -11,7 +11,7 @@ test_audit() {
|
||||
local test_file="/etc/ssh/sshd_config"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 $test_file
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -21,8 +21,8 @@ test_audit() {
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user $test_file
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -38,5 +38,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -10,10 +10,10 @@ test_audit() {
|
||||
local test_user="testsshduser"
|
||||
local test_file="/etc/ssh/ssh_host_test_key"
|
||||
|
||||
touch $test_file
|
||||
touch "$test_file"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 $test_file
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -23,8 +23,8 @@ test_audit() {
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user $test_file
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -40,5 +40,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -10,10 +10,10 @@ test_audit() {
|
||||
local test_user="testsshduser"
|
||||
local test_file="/etc/ssh/ssh_host_test_key.pub"
|
||||
|
||||
touch $test_file
|
||||
touch "$test_file"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 $test_file
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -23,8 +23,8 @@ test_audit() {
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user $test_file
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -40,5 +40,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -18,5 +18,5 @@ test_audit() {
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "[ OK ] ^IgnoreRhosts[[:space:]]*yes is present in /etc/ssh/sshd_config"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all}
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
}
|
||||
@ -14,8 +14,8 @@ test_audit() {
|
||||
|
||||
describe Tests purposely failing
|
||||
local targetfile="/home/secaudit/worldwritable"
|
||||
touch $targetfile
|
||||
chmod 777 $targetfile
|
||||
touch "$targetfile"
|
||||
chmod 777 "$targetfile"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some world writable files are present"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
@ -9,8 +9,8 @@ test_audit() {
|
||||
|
||||
describe Tests purposely failing
|
||||
local targetfile="/home/secaudit/unowned"
|
||||
touch $targetfile
|
||||
chown 1200 $targetfile
|
||||
touch "$targetfile"
|
||||
chown 1200 "$targetfile"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some unowned files are present"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
@ -9,8 +9,8 @@ test_audit() {
|
||||
|
||||
describe Tests purposely failing
|
||||
local targetfile="/home/secaudit/ungrouped"
|
||||
touch $targetfile
|
||||
chown 1200:1200 $targetfile
|
||||
touch "$targetfile"
|
||||
chown 1200:1200 "$targetfile"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some ungrouped files are present"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
@ -14,8 +14,8 @@ test_audit() {
|
||||
|
||||
describe Tests purposely failing
|
||||
local targetfile="/home/secaudit/suid_file"
|
||||
touch $targetfile
|
||||
chmod 4700 $targetfile
|
||||
touch "$targetfile"
|
||||
chmod 4700 "$targetfile"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some suid files are present"
|
||||
register_test contain "$targetfile"
|
||||
|
||||
@ -15,8 +15,8 @@ test_audit() {
|
||||
|
||||
describe Tests purposely failing
|
||||
local targetfile="/home/secaudit/sgid_file"
|
||||
touch $targetfile
|
||||
chmod 2700 $targetfile
|
||||
touch "$targetfile"
|
||||
chmod 2700 "$targetfile"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some sgid files are present"
|
||||
register_test contain "$targetfile"
|
||||
|
||||
@ -11,7 +11,7 @@ test_audit() {
|
||||
local test_file="/etc/passwd"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 $test_file
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -21,8 +21,8 @@ test_audit() {
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user $test_file
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -38,5 +38,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@ test_audit() {
|
||||
local test_file="/etc/shadow"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 $test_file
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -21,8 +21,8 @@ test_audit() {
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user $test_file
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -38,5 +38,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@ test_audit() {
|
||||
local test_file="/etc/group"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 $test_file
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -21,8 +21,8 @@ test_audit() {
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
chown $test_user:$test_user $test_file
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -38,5 +38,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -11,9 +11,9 @@ test_audit() {
|
||||
local test_file=".test"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd --create-home $test_user
|
||||
touch /home/$test_user/$test_file
|
||||
chmod 777 /home/$test_user/$test_file
|
||||
useradd --create-home "$test_user"
|
||||
touch "/home/$test_user/$test_file"
|
||||
chmod 777 "/home/$test_user/$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Group Write permission set on FILE"
|
||||
register_test contain "Other Write permission set on FILE"
|
||||
@ -29,5 +29,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
userdel -r $test_user
|
||||
userdel -r "$test_user"
|
||||
}
|
||||
|
||||
@ -11,12 +11,12 @@ test_audit() {
|
||||
local test_file=".forward"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd --create-home $test_user
|
||||
touch /home/$test_user/$test_file
|
||||
useradd --create-home "$test_user"
|
||||
touch "/home/$test_user/$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "$test_file present"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
userdel -r $test_user
|
||||
userdel -r "$test_user"
|
||||
}
|
||||
|
||||
@ -11,12 +11,12 @@ test_audit() {
|
||||
local test_file=".netrc"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd --create-home $test_user
|
||||
touch /home/$test_user/$test_file
|
||||
useradd --create-home "$test_user"
|
||||
touch "/home/$test_user/$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "$test_file present"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
userdel -r $test_user
|
||||
userdel -r "$test_user"
|
||||
}
|
||||
|
||||
@ -11,9 +11,9 @@ test_audit() {
|
||||
local test_file=".netrc"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd --create-home $test_user
|
||||
touch /home/$test_user/$test_file
|
||||
chmod 777 /home/$test_user/$test_file
|
||||
useradd --create-home "$test_user"
|
||||
touch "/home/$test_user/$test_file"
|
||||
chmod 777 "/home/$test_user/$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -28,5 +28,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
userdel -r $test_user
|
||||
userdel -r "$test_user"
|
||||
}
|
||||
|
||||
@ -11,12 +11,12 @@ test_audit() {
|
||||
local test_file=".rhosts"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd --create-home $test_user
|
||||
touch /home/$test_user/$test_file
|
||||
useradd --create-home "$test_user"
|
||||
touch "/home/$test_user/$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "$test_file present"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
userdel -r $test_user
|
||||
userdel -r "$test_user"
|
||||
}
|
||||
@ -11,11 +11,11 @@ test_audit() {
|
||||
local dir="/etc/passwd"
|
||||
|
||||
describe Tests purposely failing
|
||||
echo "$test_user:x:1100:1100::/home/$test_user:" >> $dir
|
||||
echo "$test_user:x:1100:1100::/home/$test_user:" >> "$dir"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "is referenced by /etc/passwd but does not exist in /etc/group"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -11,14 +11,14 @@ test_audit() {
|
||||
local dir="/etc/passwd"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
temp=$(tail -1 $dir)
|
||||
echo $temp >> $dir
|
||||
useradd "$test_user"
|
||||
temp=$(tail -1 "$dir")
|
||||
echo "$temp" >> "$dir"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Duplicate username"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
sed -i '$ d' $dir
|
||||
userdel $test_user
|
||||
sed -i '$ d' "$dir"
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -11,14 +11,14 @@ test_audit() {
|
||||
local dir="/etc/group"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_group
|
||||
temp=$(tail -1 $dir)
|
||||
echo $temp >> $dir
|
||||
useradd "$test_group"
|
||||
temp=$(tail -1 "$dir")
|
||||
echo "$temp" >> "$dir"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Duplicate group"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
sed -i '$ d' $dir
|
||||
userdel $test_group
|
||||
sed -i '$ d' "$dir"
|
||||
userdel "$test_group"
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@ test_audit() {
|
||||
local test_user="testemptypassworduser"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
useradd "$test_user"
|
||||
sed -i "s/$test_user:\!/$test_user:/" /etc/shadow
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some accounts have an empty password"
|
||||
@ -26,5 +26,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -10,18 +10,18 @@ test_audit() {
|
||||
local test_user="testshadowuser"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
usermod -aG shadow $test_user
|
||||
useradd "$test_user"
|
||||
usermod -aG shadow "$test_user"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some users belong to shadow group"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd --no-user-group -g shadow $test_user
|
||||
useradd --no-user-group -g shadow "$test_user"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some users have shadow id as their primary group"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@ test_audit() {
|
||||
local test_user="testetcpasswduser"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
useradd "$test_user"
|
||||
sed -i "s/$test_user:x/+:$test_user:x/" /etc/passwd
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some accounts have a legacy password entry"
|
||||
@ -27,6 +27,6 @@ test_audit() {
|
||||
|
||||
# cleanup
|
||||
groupdel $test_user
|
||||
useradd $test_user
|
||||
userdel $test_user
|
||||
useradd "$test_user"
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@ test_audit() {
|
||||
local test_user="testetcshadowusr"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
useradd "$test_user"
|
||||
sed -i "s/$test_user:/+:$test_user:/" /etc/shadow
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some accounts have a legacy password entry"
|
||||
@ -26,6 +26,6 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@ test_audit() {
|
||||
local test_user="testetcgroupuser"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
useradd "$test_user"
|
||||
sed -i "s/$test_user:x/+:$test_user:x/" /etc/group
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some accounts have a legacy group entry"
|
||||
@ -26,5 +26,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
|
||||
@ -26,30 +26,30 @@ test_audit() {
|
||||
run noncompliant path="$PATH:." /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
describe Tests purposely failing
|
||||
mkdir -m 770 $dir
|
||||
mkdir -m 770 "$dir"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Group Write permission set on directory $dir"
|
||||
run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
# clean
|
||||
rmdir $dir
|
||||
rmdir "$dir"
|
||||
|
||||
describe Tests purposely failing
|
||||
mkdir -m 707 $dir
|
||||
mkdir -m 707 "$dir"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Other Write permission set on directory $dir"
|
||||
run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
# clean
|
||||
rmdir $dir
|
||||
rmdir "$dir"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd $test_user
|
||||
mkdir -m 700 $dir
|
||||
chown userrootpathtest:userrootpathtest $dir
|
||||
useradd "$test_user"
|
||||
mkdir -m 700 "$dir"
|
||||
chown "$test_user":"$test_user" "$dir"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "$dir is not owned by root"
|
||||
run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
# clean
|
||||
rmdir $dir
|
||||
userdel $test_user
|
||||
rmdir "$dir"
|
||||
userdel "$test_user"
|
||||
|
||||
}
|
||||
|
||||
@ -8,12 +8,12 @@ test_audit() {
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
local test_user="userwithouthome"
|
||||
useradd $test_user
|
||||
useradd "$test_user"
|
||||
describe Tests purposely failing
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "does not exist."
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
userdel $test_user
|
||||
userdel "$test_user"
|
||||
}
|
||||
@ -10,8 +10,8 @@ test_audit() {
|
||||
local test_user="testhomepermuser"
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd --create-home $test_user
|
||||
chmod 777 /home/$test_user
|
||||
useradd --create-home "$test_user"
|
||||
chmod 777 /home/"$test_user"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Group Write permission set on directory"
|
||||
register_test contain "Other Read permission set on directory"
|
||||
@ -30,5 +30,5 @@ test_audit() {
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# cleanup
|
||||
userdel -r $test_user
|
||||
userdel -r "$test_user"
|
||||
}
|
||||
|
||||
@ -15,8 +15,8 @@ test_audit() {
|
||||
local test_user="testhomeuser"
|
||||
|
||||
describe Test purposely failing
|
||||
useradd -m $test_user
|
||||
chown root:root /home/$test_user
|
||||
useradd -m "$test_user"
|
||||
chown root:root /home/"$test_user"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "[ KO ] The home directory (/home/$test_user) of user testhomeuser is owned by root"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -31,5 +31,5 @@ test_audit() {
|
||||
|
||||
# Cleanup
|
||||
rm -rf "/home/${test_user:?}"
|
||||
userdel -r $test_user
|
||||
userdel -r "$test_user"
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user