diff --git a/bin/hardening/1.1_install_updates.sh b/bin/hardening/1.1_install_updates.sh index 3dd2bb7..89d5557 100755 --- a/bin/hardening/1.1_install_updates.sh +++ b/bin/hardening/1.1_install_updates.sh @@ -19,7 +19,7 @@ audit () { info "Fetching upgrades ..." apt_check_updates "CIS_APT" if [ $FNRET -gt 0 ]; then - warn "$RESULT" + crit "$RESULT" FNRET=1 else ok "No upgrades available" diff --git a/lib/common.sh b/lib/common.sh index 573474c..f4dc0d6 100644 --- a/lib/common.sh +++ b/lib/common.sh @@ -58,6 +58,8 @@ cecho () { crit () { [ $MACHINE_LOG_LEVEL -ge 1 ] && _logger $BRED "[ KO ] $*" + # This variable incrementation is used to measure failure or success in tests + CRITICAL_ERRORS_NUMBER=$((CRITICAL_ERRORS_NUMBER+1)) } warn () { diff --git a/lib/main.sh b/lib/main.sh index 3cfcdc3..87c3f26 100644 --- a/lib/main.sh +++ b/lib/main.sh @@ -1,6 +1,7 @@ LONG_SCRIPT_NAME=$(basename $0) SCRIPT_NAME=${LONG_SCRIPT_NAME%.sh} # Variable initialization, to avoid crash +CRITICAL_ERRORS_NUMBER=0 # This will be used to see if a script failed, or passed status="" [ -r $CIS_ROOT_DIR/lib/constants.sh ] && . $CIS_ROOT_DIR/lib/constants.sh @@ -21,6 +22,25 @@ if [ -z $status ]; then exit 0 fi +# Arguments parsing +while [[ $# > 0 ]]; do + ARG="$1" + case $ARG in + --audit) + if [ $status != 'disabled' -o $status != 'false' ]; then + debug "Audit argument detected, setting status to audit" + status=audit + else + info "Audit argument passed but script is disabled" + fi + ;; + *) + debug "Unknown option passed" + ;; + esac + shift +done + case $status in enabled | true ) info "Checking Configuration" @@ -43,3 +63,12 @@ case $status in warn "Wrong value for status : $status. Must be [ enabled | true | audit | disabled | false ]" ;; esac + +info "Results : " +if [ $CRITICAL_ERRORS_NUMBER = 0 ]; then + ok "Check Passed" + exit 0 +else + crit "Check Failed" + exit 1 +fi