mirror of
https://github.com/ovh/debian-cis.git
synced 2024-12-23 22:45:23 +01:00
18693200dc
Add usecase in basename Add test files for checks with find command Always show logs FIX: run void script to generate config and avoid sed failure Update README with functional test description Add skeleton for functional test Add argument to launch only specific test suite Add support for debian8 and compulsory mention of debian version at launch Improve README Simplify test file syntax to avoid copy/paste mistake Add script that runs tests on all debian targets Improve run_all_target script with nowait and nodel options Add dockerfile for Buster pre-version Chore: Use getopt for options and reviewed code by shellcheck Add trap to ensure cleanup on exit/interrupt Remove quotes that lead to `less` misinterpretation of the filenames Set `local` for variables inside `test_audit` func Move functional assertion functions to dedicated file Add cleanup for logs and containers Improve cleanup, and now exits Apply shellcheck recommendations FIX: allow script to be run from anywhere (dirname $0) Changes to be committed: modified: README.md new file: src/skel.test new file: tests/docker/Dockerfile.debian10_20181226 new file: tests/docker/Dockerfile.debian8 new file: tests/docker/Dockerfile.debian9 new file: tests/docker_build_and_run_tests.sh new file: tests/hardening/12.10_find_suid_files.sh new file: tests/hardening/12.11_find_sgid_files.sh new file: tests/hardening/12.7_find_world_writable_file.sh new file: tests/hardening/12.8_find_unowned_files.sh new file: tests/hardening/12.9_find_ungrouped_files.sh new file: tests/hardening/2.17_sticky_bit_world_writable_folder.sh new file: tests/launch_tests.sh new file: tests/lib.sh new file: tests/run_all_targets.sh
78 lines
2.0 KiB
Bash
Executable File
78 lines
2.0 KiB
Bash
Executable File
#!/bin/bash
|
|
# usage : $0 [--nodel|--nowait] [1.1_script-to-test.sh...]
|
|
# --nodel will keep logs
|
|
# --nowait will not wait for you to see logs
|
|
# if all test docker passed return 0, otherwise 1 meaning some tests failed
|
|
|
|
tmpdir=$(mktemp -d -t debcistest.XXXXXX)
|
|
failedtarget=""
|
|
|
|
cleanup() {
|
|
if [ "$nodel" -eq 0 ]; then
|
|
rm -rf "$tmpdir"
|
|
fi
|
|
}
|
|
|
|
# `exit 255` for runtime error
|
|
trap "cleanup; exit 255" EXIT HUP INT
|
|
|
|
if [ ! -t 0 ]; then
|
|
echo -e "\e[34mNo stdin \e[0m"
|
|
nodel=1
|
|
nowait=1
|
|
fi
|
|
|
|
nodel=0
|
|
nowait=0
|
|
OPTIONS=$(getopt --long nodel,nowait -- "$0" "$@")
|
|
eval set -- "$OPTIONS"
|
|
# Treating options
|
|
while true; do
|
|
case "$1" in
|
|
--nodel ) nodel=1; shift ;;
|
|
--nowait ) nowait=1; shift ;;
|
|
-- ) shift; break ;;
|
|
* ) break ;;
|
|
esac
|
|
done
|
|
|
|
# Execution summary
|
|
if [ "$nodel" -eq 1 ]; then
|
|
echo -e "\e[34mLog directory: $tmpdir \e[0m"
|
|
fi
|
|
if [ "$nowait" -eq 1 ]; then
|
|
echo -e "\e[34mRunning in non-interactive mode\e[0m"
|
|
fi
|
|
|
|
# Actual execution
|
|
# Loops over found targets and runs docker_build_and_run_tests
|
|
for target in $("$(dirname "$0")"/docker_build_and_run_tests.sh 2>&1 | grep "Supported" | cut -d ':' -f 2); do
|
|
echo "Running $target $*"
|
|
"$(dirname "$0")"/docker_build_and_run_tests.sh "$target" "$@" 2>&1 | \
|
|
tee "${tmpdir}"/"${target}" | \
|
|
grep -q "All tests succeeded"
|
|
ret=$?
|
|
if [[ 0 -eq $ret ]]; then
|
|
echo -e "\e[92mOK\e[0m $target"
|
|
else
|
|
echo -e "\e[91mKO\e[0m $target"
|
|
failedtarget="$failedtarget ${tmpdir}/${target}"
|
|
fi
|
|
done
|
|
|
|
if [[ ! -z "$failedtarget" && "$nowait" -eq 0 ]]; then
|
|
echo -e "\nPress \e[1mENTER\e[0m to display failed test logs"
|
|
echo -e "Use \e[1m:n\e[0m (next) and \e[1m:p\e[0m (previous) to navigate between log files"
|
|
echo -e "and \e[1mq\e[0m to quit"
|
|
# shellcheck disable=2015,2162,2034
|
|
test -t 0 && read _wait || true
|
|
# disable shellcheck to allow expansion of logfiles list
|
|
# shellcheck disable=2086
|
|
less -R $failedtarget
|
|
fi
|
|
|
|
trap - EXIT HUP INT
|
|
cleanup
|
|
|
|
exit ${failedtarget:+1}
|