fix: some tests are failing

find_ungrouped_files.sh and find_unowned_files.sh tests can not be executed multiple times: - test repository is not cleaned - configuration is updated multiple times Those tests are also failing, because: - the sed to change the status in the configuration was also changing the test folder path. - missing /proc in EXCLUDED paths - the EXCLUDED configuration doesn't have the correct format for egrep
chore: remove CIS recommendation numbers from bin/hardening scripts
2025-07-16 13:52:17 +02:00 · 2025-06-25 16:58:41 +02:00 · 2025-06-25 16:58:41 +02:00 · 2025-06-25 16:58:41 +02:00 · 2025-06-25 16:58:35 +02:00
2 changed files with 4 additions and 2 deletions
--- a/bin/hardening.sh
+++ b/bin/hardening.sh
@ -319,7 +319,10 @@ fi
 for SCRIPT in $(find "${CIS_CHECKS_DIR}"/ -name "*.sh" | sort -V); do
    if [ "${#TEST_LIST[@]}" -gt 0 ]; then
        # --only X has been specified at least once, is this script in my list ?
-        if ! grep -qE "$(basename "$SCRIPT")" <<<"${TEST_LIST[@]}"; then
+        SCRIPT_PREFIX=$(grep -Eo '^[0-9.]+' <<<"$(basename "$SCRIPT")")
+        # shellcheck disable=SC2001
+        SCRIPT_PREFIX_RE=$(sed -e 's/\./\\./g' <<<"$SCRIPT_PREFIX")
+        if ! grep -qE "(^|[[:space:]])$SCRIPT_PREFIX_RE([[:space:]]|$)" <<<"${TEST_LIST[@]}"; then
            # not in the list
            continue
        fi
--- a/debian/rules
+++ b/debian/rules
@ -28,7 +28,6 @@ override_dh_install:
 	# (ls | sort -V | xargs -i echo /opt/cis-hardening/etc/conf.d/{} -- without README -- with ../hardening.cfg)
 	cp -R etc $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
 	cp -R lib $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
-	cp -R versions $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
 	# cleanup git stuff if any
 	find $(CURDIR)/debian/$(PACKAGE) -type f -name .gitignore -delete
Author	SHA1	Message	Date
Damien Cavagnini	ecd32e8904	fix: some tests are failing find_ungrouped_files.sh and find_unowned_files.sh tests can not be executed multiple times: - test repository is not cleaned - configuration is updated multiple times Those tests are also failing, because: - the sed to change the status in the configuration was also changing the test folder path. - missing /proc in EXCLUDED paths - the EXCLUDED configuration doesn't have the correct format for egrep	2025-06-25 16:58:41 +02:00
Damien Cavagnini	b6965e73ec	chore: remove CIS recommendation numbers from bin/hardening scripts	2025-06-25 16:58:41 +02:00
Damien Cavagnini	aebb65889e	chore: configure current repository as a version And use it as default version. To this end, the scripts in bin/hardening have been made generic by removing the associated recommendation number. Only impact is if you are used to execute scripts directly from bin/hardening. In this case, please use the "bin/hardening.sh" wrapper as intended. I had to rename 2.3.1_disable_nis.sh to uninstall_nis.sh, as it was conflicting with 2.3.1_disable_nis.sh Also, there was a doublon between 1.1.1.8_disable_cramfs.sh and 99.1.1.1_disable_cramfs.sh ; the former was kept	2025-06-25 16:58:41 +02:00
Damien Cavagnini	300095cfa1	feat: add "--set-version" option This feature will allow to chose a specific cis version to run, like debian 11 or debian 12	2025-06-25 16:58:35 +02:00