From cf42666833db11f3f781075c4597080e30b54d54 Mon Sep 17 00:00:00 2001
From: Charles Herlin <charles.herlin@corp.ovh.com>
Date: Fri, 15 Feb 2019 17:42:17 +0100
Subject: [PATCH] FIX(tests): change sed in conf file disabled->audit following
 d6172ad

In test cases, changed in sed command "disabled" to "audit" to enable
apply part, following this commit
d6172ad Change default status disabled -> audit when no conf file

 5f28036 - Change default status to audit for file with custom
  `create_config` (Charles Herlin Thu Feb 14 14:33:21 2019 +0100)
---
 tests/hardening/12.7_find_world_writable_file.sh         | 2 +-
 tests/hardening/12.8_find_unowned_files.sh               | 2 +-
 tests/hardening/12.9_find_ungrouped_files.sh             | 2 +-
 tests/hardening/2.17_sticky_bit_world_writable_folder.sh | 3 ++-
 tests/hardening/99.5.1_ssh_auth_pubk_only.sh             | 2 +-
 tests/hardening/99.5.2.1_ssh_cry_kex.sh                  | 2 +-
 tests/hardening/99.5.2.2_ssh_cry_mac.sh                  | 2 +-
 tests/hardening/99.5.2.3_ssh_cry_rekey.sh                | 2 +-
 tests/hardening/99.5.3_ssh_disable_features.sh           | 2 +-
 tests/hardening/99.5.5_ssh_strict_modes.sh               | 2 +-
 tests/hardening/99.5.6_ssh_sys_accept_env.sh             | 2 +-
 tests/hardening/99.5.8_ssh_sys_sandbox.sh                | 2 +-
 tests/hardening/99.5.9_ssh_loglevel.sh                   | 2 +-
 13 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/tests/hardening/12.7_find_world_writable_file.sh b/tests/hardening/12.7_find_world_writable_file.sh
index 2b5b92d..c7615e0 100755
--- a/tests/hardening/12.7_find_world_writable_file.sh
+++ b/tests/hardening/12.7_find_world_writable_file.sh
@@ -15,7 +15,7 @@ test_audit() {
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     describe correcting situation
-    sed  -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed  -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Checking resolved state
diff --git a/tests/hardening/12.8_find_unowned_files.sh b/tests/hardening/12.8_find_unowned_files.sh
index e789127..f05dc66 100755
--- a/tests/hardening/12.8_find_unowned_files.sh
+++ b/tests/hardening/12.8_find_unowned_files.sh
@@ -15,7 +15,7 @@ test_audit() {
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     describe correcting situation
-    sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh || true
 
     describe Checking resolved state
diff --git a/tests/hardening/12.9_find_ungrouped_files.sh b/tests/hardening/12.9_find_ungrouped_files.sh
index 9fca286..29213fd 100755
--- a/tests/hardening/12.9_find_ungrouped_files.sh
+++ b/tests/hardening/12.9_find_ungrouped_files.sh
@@ -15,7 +15,7 @@ test_audit() {
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     describe correcting situation
-    sed  -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed  -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Checking resolved state
diff --git a/tests/hardening/2.17_sticky_bit_world_writable_folder.sh b/tests/hardening/2.17_sticky_bit_world_writable_folder.sh
index 1f7c289..eca39f8 100755
--- a/tests/hardening/2.17_sticky_bit_world_writable_folder.sh
+++ b/tests/hardening/2.17_sticky_bit_world_writable_folder.sh
@@ -15,7 +15,8 @@ test_audit() {
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     describe correcting situation
-    sed  -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed  -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    cat /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Checking resolved state
diff --git a/tests/hardening/99.5.1_ssh_auth_pubk_only.sh b/tests/hardening/99.5.1_ssh_auth_pubk_only.sh
index 84cc1c3..042294a 100644
--- a/tests/hardening/99.5.1_ssh_auth_pubk_only.sh
+++ b/tests/hardening/99.5.1_ssh_auth_pubk_only.sh
@@ -11,7 +11,7 @@ test_audit() {
     # the service needs to be started for the reload to succeed
     service ssh start
     # if the audit script provides "apply" option, enable and run it
-    sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh || true
 
     describe Checking resolved state
diff --git a/tests/hardening/99.5.2.1_ssh_cry_kex.sh b/tests/hardening/99.5.2.1_ssh_cry_kex.sh
index 0ae79bb..8f60dd0 100644
--- a/tests/hardening/99.5.2.1_ssh_cry_kex.sh
+++ b/tests/hardening/99.5.2.1_ssh_cry_kex.sh
@@ -11,7 +11,7 @@ test_audit() {
     # the service needs to be started for the reload to succeed
     service ssh start
     # if the audit script provides "apply" option, enable and run it
-    sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh || true
 
     cp -a /etc/ssh/sshd_config /tmp/sshd_config.bak
diff --git a/tests/hardening/99.5.2.2_ssh_cry_mac.sh b/tests/hardening/99.5.2.2_ssh_cry_mac.sh
index c193573..7fe8a1b 100644
--- a/tests/hardening/99.5.2.2_ssh_cry_mac.sh
+++ b/tests/hardening/99.5.2.2_ssh_cry_mac.sh
@@ -11,7 +11,7 @@ test_audit() {
     # the service needs to be started for the reload to succeed
     service ssh start
     # if the audit script provides "apply" option, enable and run it
-    sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh || true
 
     describe Checking resolved state
diff --git a/tests/hardening/99.5.2.3_ssh_cry_rekey.sh b/tests/hardening/99.5.2.3_ssh_cry_rekey.sh
index e9a1e50..c072418 100644
--- a/tests/hardening/99.5.2.3_ssh_cry_rekey.sh
+++ b/tests/hardening/99.5.2.3_ssh_cry_rekey.sh
@@ -11,7 +11,7 @@ test_audit() {
     # the service needs to be started for the reload to succeed
     service ssh start
     # if the audit script provides "apply" option, enable and run it
-    sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh || true
 
     describe Checking resolved state
diff --git a/tests/hardening/99.5.3_ssh_disable_features.sh b/tests/hardening/99.5.3_ssh_disable_features.sh
index 9fe24b3..74fa0d0 100644
--- a/tests/hardening/99.5.3_ssh_disable_features.sh
+++ b/tests/hardening/99.5.3_ssh_disable_features.sh
@@ -11,7 +11,7 @@ test_audit() {
     # the service needs to be started for the reload to succeed
     service ssh start
     # if the audit script provides "apply" option, enable and run it
-    sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh || true
 
     describe Checking resolved state
diff --git a/tests/hardening/99.5.5_ssh_strict_modes.sh b/tests/hardening/99.5.5_ssh_strict_modes.sh
index 2e2b48a..6085453 100644
--- a/tests/hardening/99.5.5_ssh_strict_modes.sh
+++ b/tests/hardening/99.5.5_ssh_strict_modes.sh
@@ -12,7 +12,7 @@ test_audit() {
     # the service needs to be started for the reload to succeed
     service ssh start
     # if the audit script provides "apply" option, enable and run it
-    sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh || true
 
     describe Checking resolved state
diff --git a/tests/hardening/99.5.6_ssh_sys_accept_env.sh b/tests/hardening/99.5.6_ssh_sys_accept_env.sh
index 8bdd26c..27f9fe6 100644
--- a/tests/hardening/99.5.6_ssh_sys_accept_env.sh
+++ b/tests/hardening/99.5.6_ssh_sys_accept_env.sh
@@ -19,7 +19,7 @@ test_audit() {
     # the service needs to be started for the reload to succeed
     service ssh start
     # if the audit script provides "apply" option, enable and run it
-    sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh || true
 
     describe Checking resolved state
diff --git a/tests/hardening/99.5.8_ssh_sys_sandbox.sh b/tests/hardening/99.5.8_ssh_sys_sandbox.sh
index 9b48509..2c1b0e8 100644
--- a/tests/hardening/99.5.8_ssh_sys_sandbox.sh
+++ b/tests/hardening/99.5.8_ssh_sys_sandbox.sh
@@ -11,7 +11,7 @@ test_audit()  {
     # the service needs to be started for the reload to succeed
     service ssh start
     # if the audit script provides "apply" option, enable and run it
-    sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh || true
 
     describe Checking resolved state
diff --git a/tests/hardening/99.5.9_ssh_loglevel.sh b/tests/hardening/99.5.9_ssh_loglevel.sh
index b51b66e..3e4e2a3 100644
--- a/tests/hardening/99.5.9_ssh_loglevel.sh
+++ b/tests/hardening/99.5.9_ssh_loglevel.sh
@@ -11,7 +11,7 @@ test_audit() {
     # the service needs to be started for the reload to succeed
     service ssh start
     # if the audit script provides "apply" option, enable and run it
-    sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh || true
 
     describe Checking resolved state