elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

IMP(6.2.18,6.2.19,6.2.20): add purposely failing tests

Browse Source
This commit is contained in:
Thibault Ayanides 2020-10-27 11:24:40 +01:00
parent f89a864b33
commit fec0ac159c
3 changed files with 45 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tests/hardening/6.2.18_check_duplicate_username.sh
View File

@ -6,5 +6,18 @@ test_audit() {
# shellcheck disable=2154 # shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# TODO fill comprehensive tests local test_user="testduplicateuser"
local dir="/etc/passwd"
describe Tests purposely failing
useradd $test_user
temp=$(tail -1 $dir)
echo $temp >> $dir
register_test retvalshouldbe 1
register_test contain "Duplicate username"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# cleanup
sed -i '$ d' $dir
userdel $test_user
} }

15
tests/hardening/6.2.19_check_duplicate_groupname.sh
View File

@ -6,5 +6,18 @@ test_audit() {
# shellcheck disable=2154 # shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# TODO fill comprehensive tests local test_group="testduplicategroup"
local dir="/etc/group"
describe Tests purposely failing
useradd $test_group
temp=$(tail -1 $dir)
echo $temp >> $dir
register_test retvalshouldbe 1
register_test contain "Duplicate group"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# cleanup
sed -i '$ d' $dir
userdel $test_group
} }

18
tests/hardening/6.2.20_shadow_group_empty.sh
View File

@ -6,5 +6,21 @@ test_audit() {
# shellcheck disable=2154 # shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# TODO fill comprehensive tests local test_user="testshadowuser"
describe Tests purposely failing
useradd $test_user
usermod -aG shadow $test_user
register_test retvalshouldbe 1
register_test contain "Some users belong to shadow group"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
userdel $test_user
describe Tests purposely failing
useradd --no-user-group -g shadow $test_user
register_test retvalshouldbe 1
register_test contain "Some users have shadow id as their primary group"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
userdel $test_user
} }