Add usecase in basename
Add test files for checks with find command
Always show logs
FIX: run void script to generate config and avoid sed failure
Update README with functional test description
Add skeleton for functional test
Add argument to launch only specific test suite
Add support for debian8 and compulsory mention of debian version at
launch
Improve README
Simplify test file syntax to avoid copy/paste mistake
Add script that runs tests on all debian targets
Improve run_all_target script with nowait and nodel options
Add dockerfile for Buster pre-version
Chore: Use getopt for options and reviewed code by shellcheck
Add trap to ensure cleanup on exit/interrupt
Remove quotes that lead to `less` misinterpretation of the filenames
Set `local` for variables inside `test_audit` func
Move functional assertion functions to dedicated file
Add cleanup for logs and containers
Improve cleanup, and now exits
Apply shellcheck recommendations
FIX: allow script to be run from anywhere (dirname $0)
Changes to be committed:
modified: README.md
new file: src/skel.test
new file: tests/docker/Dockerfile.debian10_20181226
new file: tests/docker/Dockerfile.debian8
new file: tests/docker/Dockerfile.debian9
new file: tests/docker_build_and_run_tests.sh
new file: tests/hardening/12.10_find_suid_files.sh
new file: tests/hardening/12.11_find_sgid_files.sh
new file: tests/hardening/12.7_find_world_writable_file.sh
new file: tests/hardening/12.8_find_unowned_files.sh
new file: tests/hardening/12.9_find_ungrouped_files.sh
new file: tests/hardening/2.17_sticky_bit_world_writable_folder.sh
new file: tests/launch_tests.sh
new file: tests/lib.sh
new file: tests/run_all_targets.sh
* perform readonly checks as a regular user
* sudo -n is used for checks requiring root privileges
* increase accountability by providing log of individual access to sensitive files
- Add hardening templating and several enhancements
- CIS_ROOT_DIR management
- Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers
- Debian packaging clean up
Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
This fixes the following issue:
Depends field of package cis-hardening:
unknown substitution variable ${shlibs:Depends}
Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
The policy for configuration files having changed,
the files are not present in the package anymore.
Remove them from debian/conffiles.
Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
* commit '5b11b1628a690e0bbd9d34cd5b83dbe74ac6fba7':
Expand tabs to 4 spaces and trim trailing spaces
Remove unnecessary CIS_ROOT_DIR empty assignation
Applying batch edit to all hardening/*.sh scripts for new CIS_ROOT_DIR management
Changing CIS_ROOT_DIR management in env in bin/hardening.sh
Change src/skel to allow setting CIS_ROOT_DIR in env and not just sourcing /etc/default/cis-hardening. Making the whole lib more versatile.
* commit '0f11b08ffb593285f745e3e249f3aaf83a6f5362':
[Debian 8] Fixed comments for debian 8 compliance
[10.2] Fixed result parsing in case of spaces in passwd list
