IMP(4.5): rename to 1.6.1.2 improve test

bin/hardening/1.6.2.1_enable_apparmor.sh

@@ -24,7 +24,12 @@ audit () {
     else
         ok "$PACKAGE is installed"
     fi
-    :
+    RESULT=$($SUDO_CMD grep "^\s*linux" /boot/grub/grub.cfg)
+    for line in $RESULT; do
+        if [[ ! $line =~ "apparmor=1" ]] || [[ ! $line =~ "security=apparmor" ]]; then
+            crit "$line is not configured"
+        fi
+    done
 }
 
 # This function will be called if the script status is on enabled mode
@@ -35,7 +40,18 @@ apply () {
     else
         ok "$PACKAGE is installed"
     fi
-    :
+    ERROR=0
+    RESULT=$($SUDO_CMD grep "^\s*linux" /boot/grub/grub.cfg)
+    for line in $RESULT; do
+        if [[ ! $line =~ "apparmor=1" ]] || [[ ! $line =~ "security=apparmor" ]]; then
+            crit "$line is not configured"
+            ERROR=1
+        fi
+    done
+    if [ $ERROR = 1 ]; then
+        $SUDO_CMD sed -i "s/GRUB_CMDLINE_LINUX=\"/GRUB_CMDLINE_LINUX=\"apparmor=1 security=apparmor\/"
+    fi
+    $SUDO_CMD update-grub
 }
 
 # This function will check config parameters required

tests/hardening/1.6.2.1_enable_apparmor.sh

@@ -0,0 +1,14 @@
+# run-shellcheck
+test_audit() {
+    if [ -f "/.dockerenv" ]; then
+        skip "SKIPPED on docker"
+    else
+        describe Running on blank host
+        register_test retvalshouldbe 0
+        dismiss_count_for_test
+        # shellcheck disable=2154
+        run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+        # TODO fill comprehensive tests
+    fi
+}

tests/hardening/4.5_enable_apparmor.sh

@@ -1,10 +0,0 @@
-# run-shellcheck
-test_audit() {
-    describe Running on blank host
-    register_test retvalshouldbe 0
-    dismiss_count_for_test
-    # shellcheck disable=2154
-    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
-
-    # TODO fill comprehensive tests
-}