diff --git a/bin/hardening.sh b/bin/hardening.sh index 8476ece5..0ab2e787 100755 --- a/bin/hardening.sh +++ b/bin/hardening.sh @@ -201,21 +201,21 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ] || [ -z "${CIS_CONF_DIR}" ] || [ -z "${CIS_CHECKS_DIR}" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR, CIS_CONF_DIR, CIS_CHECKS_DIR variables, aborting." exit 128 fi # shellcheck source=../etc/hardening.cfg -[ -r "$CIS_ROOT_DIR"/etc/hardening.cfg ] && . "$CIS_ROOT_DIR"/etc/hardening.cfg +[ -r "${CIS_CONF_DIR}"/hardening.cfg ] && . "${CIS_CONF_DIR}"/hardening.cfg if [ "$ASK_LOGLEVEL" ]; then LOGLEVEL=$ASK_LOGLEVEL; fi # shellcheck source=../lib/common.sh -[ -r "$CIS_ROOT_DIR"/lib/common.sh ] && . "$CIS_ROOT_DIR"/lib/common.sh +[ -r "${CIS_LIB_DIR}"/common.sh ] && . "${CIS_LIB_DIR}"/common.sh # shellcheck source=../lib/utils.sh -[ -r "$CIS_ROOT_DIR"/lib/utils.sh ] && . "$CIS_ROOT_DIR"/lib/utils.sh +[ -r "${CIS_LIB_DIR}"/utils.sh ] && . "${CIS_LIB_DIR}"/utils.sh # shellcheck source=../lib/constants.sh -[ -r "$CIS_ROOT_DIR"/lib/constants.sh ] && . "$CIS_ROOT_DIR"/lib/constants.sh +[ -r "${CIS_LIB_DIR}"/constants.sh ] && . "${CIS_LIB_DIR}"/constants.sh # If we're on a unsupported platform and there is no flag --allow-unsupported-distribution # print warning, otherwise quit @@ -257,7 +257,7 @@ fi # If --allow-service-list is specified, don't run anything, just list the supported services if [ "$ALLOW_SERVICE_LIST" = 1 ]; then declare -a HARDENING_EXCEPTIONS_LIST - for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do + for SCRIPT in $(find "${CIS_CHECKS_DIR}"/ -name "*.sh" | sort -V); do template=$(grep "^HARDENING_EXCEPTION=" "$SCRIPT" | cut -d= -f2) [ -n "$template" ] && HARDENING_EXCEPTIONS_LIST[${#HARDENING_EXCEPTIONS_LIST[@]}]="$template" done @@ -272,7 +272,7 @@ if [ -n "$SET_HARDENING_LEVEL" ] && [ "$SET_HARDENING_LEVEL" != 0 ]; then exit 1 fi - for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do + for SCRIPT in $(find "${CIS_CHECKS_DIR}"/ -name "*.sh" | sort -V); do SCRIPT_BASENAME=$(basename "$SCRIPT" .sh) script_level=$(grep "^HARDENING_LEVEL=" "$SCRIPT" | cut -d= -f2) if [ -z "$script_level" ]; then @@ -281,7 +281,7 @@ if [ -n "$SET_HARDENING_LEVEL" ] && [ "$SET_HARDENING_LEVEL" != 0 ]; then fi wantedstatus=disabled [ "$script_level" -le "$SET_HARDENING_LEVEL" ] && wantedstatus=enabled - sed -i -re "s/^status=.+/status=$wantedstatus/" "$CIS_ROOT_DIR/etc/conf.d/$SCRIPT_BASENAME.cfg" + sed -i -re "s/^status=.+/status=$wantedstatus/" "${CIS_CONF_DIR}/conf.d/$SCRIPT_BASENAME.cfg" done echo "Configuration modified to enable scripts for hardening level at or below $SET_HARDENING_LEVEL" exit 0 @@ -293,7 +293,7 @@ if [ "$CREATE_CONFIG" = 1 ] && [ "$EUID" -ne 0 ]; then fi # Parse every scripts and execute them in the required mode -for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do +for SCRIPT in $(find "${CIS_CHECKS_DIR}"/ -name "*.sh" | sort -V); do if [ "${#TEST_LIST[@]}" -gt 0 ]; then # --only X has been specified at least once, is this script in my list ? SCRIPT_PREFIX=$(grep -Eo '^[0-9.]+' <<<"$(basename "$SCRIPT")") @@ -332,8 +332,8 @@ for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do PASSED_CHECKS=$((PASSED_CHECKS + 1)) if [ "$AUDIT_ALL_ENABLE_PASSED" = 1 ]; then SCRIPT_BASENAME=$(basename "$SCRIPT" .sh) - sed -i -re 's/^status=.+/status=enabled/' "$CIS_ROOT_DIR/etc/conf.d/$SCRIPT_BASENAME.cfg" - info "Status set to enabled in $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_BASENAME.cfg" + sed -i -re 's/^status=.+/status=enabled/' "${CIS_CONF_DIR}/conf.d/$SCRIPT_BASENAME.cfg" + info "Status set to enabled in ${CIS_CONF_DIR}/conf.d/$SCRIPT_BASENAME.cfg" fi ;; 1) diff --git a/bin/hardening/1.1.1.1_disable_freevxfs.sh b/bin/hardening/1.1.1.1_disable_freevxfs.sh index 36c87120..92e3715f 100755 --- a/bin/hardening/1.1.1.1_disable_freevxfs.sh +++ b/bin/hardening/1.1.1.1_disable_freevxfs.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.2_disable_jffs2.sh b/bin/hardening/1.1.1.2_disable_jffs2.sh index 713fba72..775a8b9d 100755 --- a/bin/hardening/1.1.1.2_disable_jffs2.sh +++ b/bin/hardening/1.1.1.2_disable_jffs2.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.3_disable_hfs.sh b/bin/hardening/1.1.1.3_disable_hfs.sh index 6607d267..9ad94bda 100755 --- a/bin/hardening/1.1.1.3_disable_hfs.sh +++ b/bin/hardening/1.1.1.3_disable_hfs.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.4_disable_hfsplus.sh b/bin/hardening/1.1.1.4_disable_hfsplus.sh index 824d4564..6c1e6c2e 100755 --- a/bin/hardening/1.1.1.4_disable_hfsplus.sh +++ b/bin/hardening/1.1.1.4_disable_hfsplus.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.5_disable_squashfs.sh b/bin/hardening/1.1.1.5_disable_squashfs.sh index 8c6766e6..506cd6b9 100755 --- a/bin/hardening/1.1.1.5_disable_squashfs.sh +++ b/bin/hardening/1.1.1.5_disable_squashfs.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.6_disable_udf.sh b/bin/hardening/1.1.1.6_disable_udf.sh index e62d1345..76944ffe 100755 --- a/bin/hardening/1.1.1.6_disable_udf.sh +++ b/bin/hardening/1.1.1.6_disable_udf.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.7_restrict_fat.sh b/bin/hardening/1.1.1.7_restrict_fat.sh index be8954b1..d442dd39 100755 --- a/bin/hardening/1.1.1.7_restrict_fat.sh +++ b/bin/hardening/1.1.1.7_restrict_fat.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.8_disable_cramfs.sh b/bin/hardening/1.1.1.8_disable_cramfs.sh index 68215614..b1a489de 100755 --- a/bin/hardening/1.1.1.8_disable_cramfs.sh +++ b/bin/hardening/1.1.1.8_disable_cramfs.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.10_var_tmp_noexec.sh b/bin/hardening/1.1.10_var_tmp_noexec.sh index d1265de5..04e68535 100755 --- a/bin/hardening/1.1.10_var_tmp_noexec.sh +++ b/bin/hardening/1.1.10_var_tmp_noexec.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.11.1_var_log_noexec.sh b/bin/hardening/1.1.11.1_var_log_noexec.sh index cbc4d035..e82fe95f 100755 --- a/bin/hardening/1.1.11.1_var_log_noexec.sh +++ b/bin/hardening/1.1.11.1_var_log_noexec.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.11.2_var_log_nosuid.sh b/bin/hardening/1.1.11.2_var_log_nosuid.sh index 126f5966..16c11af0 100755 --- a/bin/hardening/1.1.11.2_var_log_nosuid.sh +++ b/bin/hardening/1.1.11.2_var_log_nosuid.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.11.3_var_log_nodev.sh b/bin/hardening/1.1.11.3_var_log_nodev.sh index 09eb3be9..821df1b3 100755 --- a/bin/hardening/1.1.11.3_var_log_nodev.sh +++ b/bin/hardening/1.1.11.3_var_log_nodev.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.11_var_log_partition.sh b/bin/hardening/1.1.11_var_log_partition.sh index 8dffa6a3..b3c18191 100755 --- a/bin/hardening/1.1.11_var_log_partition.sh +++ b/bin/hardening/1.1.11_var_log_partition.sh @@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.12.1_var_log_audit_noexec.sh b/bin/hardening/1.1.12.1_var_log_audit_noexec.sh index 0e1666d6..25e2a7cf 100755 --- a/bin/hardening/1.1.12.1_var_log_audit_noexec.sh +++ b/bin/hardening/1.1.12.1_var_log_audit_noexec.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.12.2_var_log_audit_nosuid.sh b/bin/hardening/1.1.12.2_var_log_audit_nosuid.sh index 0970a0f2..a69c1ed0 100755 --- a/bin/hardening/1.1.12.2_var_log_audit_nosuid.sh +++ b/bin/hardening/1.1.12.2_var_log_audit_nosuid.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.12.3_var_log_audit_nodev.sh b/bin/hardening/1.1.12.3_var_log_audit_nodev.sh index bb6cd173..ce0ca188 100755 --- a/bin/hardening/1.1.12.3_var_log_audit_nodev.sh +++ b/bin/hardening/1.1.12.3_var_log_audit_nodev.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.12_var_log_audit_partition.sh b/bin/hardening/1.1.12_var_log_audit_partition.sh index ff5995cd..cfc5ed0f 100755 --- a/bin/hardening/1.1.12_var_log_audit_partition.sh +++ b/bin/hardening/1.1.12_var_log_audit_partition.sh @@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.13_home_partition.sh b/bin/hardening/1.1.13_home_partition.sh index c6a537c6..49faeb8a 100755 --- a/bin/hardening/1.1.13_home_partition.sh +++ b/bin/hardening/1.1.13_home_partition.sh @@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.14.1_home_nosuid.sh b/bin/hardening/1.1.14.1_home_nosuid.sh index 5fc1b6c1..90a0a80e 100755 --- a/bin/hardening/1.1.14.1_home_nosuid.sh +++ b/bin/hardening/1.1.14.1_home_nosuid.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.14_home_nodev.sh b/bin/hardening/1.1.14_home_nodev.sh index e3221fb4..7139a67c 100755 --- a/bin/hardening/1.1.14_home_nodev.sh +++ b/bin/hardening/1.1.14_home_nodev.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.15_run_shm_nodev.sh b/bin/hardening/1.1.15_run_shm_nodev.sh index df9b8395..4554d10c 100755 --- a/bin/hardening/1.1.15_run_shm_nodev.sh +++ b/bin/hardening/1.1.15_run_shm_nodev.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.16_run_shm_nosuid.sh b/bin/hardening/1.1.16_run_shm_nosuid.sh index 82794cad..927cc562 100755 --- a/bin/hardening/1.1.16_run_shm_nosuid.sh +++ b/bin/hardening/1.1.16_run_shm_nosuid.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.17_run_shm_noexec.sh b/bin/hardening/1.1.17_run_shm_noexec.sh index 01cc4cc2..a6f24a6d 100755 --- a/bin/hardening/1.1.17_run_shm_noexec.sh +++ b/bin/hardening/1.1.17_run_shm_noexec.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.18_removable_device_nodev.sh b/bin/hardening/1.1.18_removable_device_nodev.sh index 4c4ef349..9c20af7d 100755 --- a/bin/hardening/1.1.18_removable_device_nodev.sh +++ b/bin/hardening/1.1.18_removable_device_nodev.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.19_removable_device_nosuid.sh b/bin/hardening/1.1.19_removable_device_nosuid.sh index cecdca19..9597381f 100755 --- a/bin/hardening/1.1.19_removable_device_nosuid.sh +++ b/bin/hardening/1.1.19_removable_device_nosuid.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.20_removable_device_noexec.sh b/bin/hardening/1.1.20_removable_device_noexec.sh index 42470449..1983acf3 100755 --- a/bin/hardening/1.1.20_removable_device_noexec.sh +++ b/bin/hardening/1.1.20_removable_device_noexec.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh index b74413b7..a7d41460 100755 --- a/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh +++ b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.22_disable_automounting.sh b/bin/hardening/1.1.22_disable_automounting.sh index 62eb6e05..42a47680 100755 --- a/bin/hardening/1.1.22_disable_automounting.sh +++ b/bin/hardening/1.1.22_disable_automounting.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.23_disable_usb_storage.sh b/bin/hardening/1.1.23_disable_usb_storage.sh index 59faa80c..df7aa124 100755 --- a/bin/hardening/1.1.23_disable_usb_storage.sh +++ b/bin/hardening/1.1.23_disable_usb_storage.sh @@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.2_tmp_partition.sh b/bin/hardening/1.1.2_tmp_partition.sh index 75a54581..3da15f5d 100755 --- a/bin/hardening/1.1.2_tmp_partition.sh +++ b/bin/hardening/1.1.2_tmp_partition.sh @@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.3_tmp_nodev.sh b/bin/hardening/1.1.3_tmp_nodev.sh index 95f65e72..edfd187f 100755 --- a/bin/hardening/1.1.3_tmp_nodev.sh +++ b/bin/hardening/1.1.3_tmp_nodev.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.4_tmp_nosuid.sh b/bin/hardening/1.1.4_tmp_nosuid.sh index 4225bf6d..3450e4bb 100755 --- a/bin/hardening/1.1.4_tmp_nosuid.sh +++ b/bin/hardening/1.1.4_tmp_nosuid.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.5_tmp_noexec.sh b/bin/hardening/1.1.5_tmp_noexec.sh index 54fe4418..8fa1c581 100755 --- a/bin/hardening/1.1.5_tmp_noexec.sh +++ b/bin/hardening/1.1.5_tmp_noexec.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.6.1_var_nodev.sh b/bin/hardening/1.1.6.1_var_nodev.sh index a84b642c..45c92ef6 100755 --- a/bin/hardening/1.1.6.1_var_nodev.sh +++ b/bin/hardening/1.1.6.1_var_nodev.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.6.2_var_nosuid.sh b/bin/hardening/1.1.6.2_var_nosuid.sh index 42a4a0e9..7a3f02c6 100755 --- a/bin/hardening/1.1.6.2_var_nosuid.sh +++ b/bin/hardening/1.1.6.2_var_nosuid.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.6_var_partition.sh b/bin/hardening/1.1.6_var_partition.sh index 09d47576..bb97a55d 100755 --- a/bin/hardening/1.1.6_var_partition.sh +++ b/bin/hardening/1.1.6_var_partition.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.7_var_tmp_partition.sh b/bin/hardening/1.1.7_var_tmp_partition.sh index 29dacac0..1655613f 100755 --- a/bin/hardening/1.1.7_var_tmp_partition.sh +++ b/bin/hardening/1.1.7_var_tmp_partition.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.8_var_tmp_nodev.sh b/bin/hardening/1.1.8_var_tmp_nodev.sh index ea6dd638..84aae2a7 100755 --- a/bin/hardening/1.1.8_var_tmp_nodev.sh +++ b/bin/hardening/1.1.8_var_tmp_nodev.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.9_var_tmp_nosuid.sh b/bin/hardening/1.1.9_var_tmp_nosuid.sh index ac9a7728..8f586c10 100755 --- a/bin/hardening/1.1.9_var_tmp_nosuid.sh +++ b/bin/hardening/1.1.9_var_tmp_nosuid.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.3.1_install_sudo.sh b/bin/hardening/1.3.1_install_sudo.sh index b2a99f76..61635dea 100755 --- a/bin/hardening/1.3.1_install_sudo.sh +++ b/bin/hardening/1.3.1_install_sudo.sh @@ -50,17 +50,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.3.2_pty_sudo.sh b/bin/hardening/1.3.2_pty_sudo.sh index c61d6ef3..f0511d12 100755 --- a/bin/hardening/1.3.2_pty_sudo.sh +++ b/bin/hardening/1.3.2_pty_sudo.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.3.3_logfile_sudo.sh b/bin/hardening/1.3.3_logfile_sudo.sh index 2ff14162..dc5c9acb 100755 --- a/bin/hardening/1.3.3_logfile_sudo.sh +++ b/bin/hardening/1.3.3_logfile_sudo.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.4.1_install_tripwire.sh b/bin/hardening/1.4.1_install_tripwire.sh index aa77d00d..b2ed7e31 100755 --- a/bin/hardening/1.4.1_install_tripwire.sh +++ b/bin/hardening/1.4.1_install_tripwire.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.4.2_tripwire_cron.sh b/bin/hardening/1.4.2_tripwire_cron.sh index 80ccfdd7..7c76f27c 100755 --- a/bin/hardening/1.4.2_tripwire_cron.sh +++ b/bin/hardening/1.4.2_tripwire_cron.sh @@ -68,17 +68,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.5.1_bootloader_ownership.sh b/bin/hardening/1.5.1_bootloader_ownership.sh index 70dbd77e..1374a899 100755 --- a/bin/hardening/1.5.1_bootloader_ownership.sh +++ b/bin/hardening/1.5.1_bootloader_ownership.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.5.2_bootloader_password.sh b/bin/hardening/1.5.2_bootloader_password.sh index 2ae08479..fd4a9ec0 100755 --- a/bin/hardening/1.5.2_bootloader_password.sh +++ b/bin/hardening/1.5.2_bootloader_password.sh @@ -71,17 +71,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.5.3_root_password.sh b/bin/hardening/1.5.3_root_password.sh index e3cc8a79..f98896d1 100755 --- a/bin/hardening/1.5.3_root_password.sh +++ b/bin/hardening/1.5.3_root_password.sh @@ -50,17 +50,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.6.1_enable_nx_support.sh b/bin/hardening/1.6.1_enable_nx_support.sh index 2e03561c..b202d6db 100755 --- a/bin/hardening/1.6.1_enable_nx_support.sh +++ b/bin/hardening/1.6.1_enable_nx_support.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.6.2_enable_randomized_vm_placement.sh b/bin/hardening/1.6.2_enable_randomized_vm_placement.sh index e158aefc..9551ff16 100755 --- a/bin/hardening/1.6.2_enable_randomized_vm_placement.sh +++ b/bin/hardening/1.6.2_enable_randomized_vm_placement.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.6.3.1_disable_apport.sh b/bin/hardening/1.6.3.1_disable_apport.sh index c64bd8fa..d6b9ca69 100755 --- a/bin/hardening/1.6.3.1_disable_apport.sh +++ b/bin/hardening/1.6.3.1_disable_apport.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.6.3_disable_prelink.sh b/bin/hardening/1.6.3_disable_prelink.sh index 043f49fe..1efd568a 100755 --- a/bin/hardening/1.6.3_disable_prelink.sh +++ b/bin/hardening/1.6.3_disable_prelink.sh @@ -54,17 +54,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.6.4_restrict_core_dumps.sh b/bin/hardening/1.6.4_restrict_core_dumps.sh index 4890d984..19ae0ac1 100755 --- a/bin/hardening/1.6.4_restrict_core_dumps.sh +++ b/bin/hardening/1.6.4_restrict_core_dumps.sh @@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.7.1.1_install_apparmor.sh b/bin/hardening/1.7.1.1_install_apparmor.sh index e32827cf..faccba13 100755 --- a/bin/hardening/1.7.1.1_install_apparmor.sh +++ b/bin/hardening/1.7.1.1_install_apparmor.sh @@ -54,17 +54,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.7.1.2_enable_apparmor.sh b/bin/hardening/1.7.1.2_enable_apparmor.sh index 5975365f..97941043 100755 --- a/bin/hardening/1.7.1.2_enable_apparmor.sh +++ b/bin/hardening/1.7.1.2_enable_apparmor.sh @@ -118,17 +118,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.7.1.3_enforce_or_complain_apparmor.sh b/bin/hardening/1.7.1.3_enforce_or_complain_apparmor.sh index 8a363814..003728a4 100755 --- a/bin/hardening/1.7.1.3_enforce_or_complain_apparmor.sh +++ b/bin/hardening/1.7.1.3_enforce_or_complain_apparmor.sh @@ -75,17 +75,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.7.1.4_enforcing_apparmor.sh b/bin/hardening/1.7.1.4_enforcing_apparmor.sh index 5ae9c80a..f1cb8476 100755 --- a/bin/hardening/1.7.1.4_enforcing_apparmor.sh +++ b/bin/hardening/1.7.1.4_enforcing_apparmor.sh @@ -89,17 +89,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.1.1_remove_os_info_motd.sh b/bin/hardening/1.8.1.1_remove_os_info_motd.sh index 70e63d59..0911ac5c 100755 --- a/bin/hardening/1.8.1.1_remove_os_info_motd.sh +++ b/bin/hardening/1.8.1.1_remove_os_info_motd.sh @@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.1.2_remove_os_info_issue.sh b/bin/hardening/1.8.1.2_remove_os_info_issue.sh index 89f3c782..5173e78b 100755 --- a/bin/hardening/1.8.1.2_remove_os_info_issue.sh +++ b/bin/hardening/1.8.1.2_remove_os_info_issue.sh @@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.1.3_remove_os_info_issue_net.sh b/bin/hardening/1.8.1.3_remove_os_info_issue_net.sh index 1fef6a0d..0ab5c023 100755 --- a/bin/hardening/1.8.1.3_remove_os_info_issue_net.sh +++ b/bin/hardening/1.8.1.3_remove_os_info_issue_net.sh @@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.1.4_motd_perms.sh b/bin/hardening/1.8.1.4_motd_perms.sh index e86d3a1e..8a7539a8 100755 --- a/bin/hardening/1.8.1.4_motd_perms.sh +++ b/bin/hardening/1.8.1.4_motd_perms.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.1.5_etc_issue_perms.sh b/bin/hardening/1.8.1.5_etc_issue_perms.sh index 51406db2..cacebeaf 100755 --- a/bin/hardening/1.8.1.5_etc_issue_perms.sh +++ b/bin/hardening/1.8.1.5_etc_issue_perms.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.1.6_etc_issue_net_perms.sh b/bin/hardening/1.8.1.6_etc_issue_net_perms.sh index 0c66a65f..87c73d7c 100755 --- a/bin/hardening/1.8.1.6_etc_issue_net_perms.sh +++ b/bin/hardening/1.8.1.6_etc_issue_net_perms.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.2_graphical_warning_banners.sh b/bin/hardening/1.8.2_graphical_warning_banners.sh index 69335c16..ea0e8423 100755 --- a/bin/hardening/1.8.2_graphical_warning_banners.sh +++ b/bin/hardening/1.8.2_graphical_warning_banners.sh @@ -37,17 +37,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.9_install_updates.sh b/bin/hardening/1.9_install_updates.sh index 07c6155a..8ee11473 100755 --- a/bin/hardening/1.9_install_updates.sh +++ b/bin/hardening/1.9_install_updates.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.1.1_disable_xinetd.sh b/bin/hardening/2.1.1_disable_xinetd.sh index 6273a707..21dde81c 100755 --- a/bin/hardening/2.1.1_disable_xinetd.sh +++ b/bin/hardening/2.1.1_disable_xinetd.sh @@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.1.2_disable_bsd_inetd.sh b/bin/hardening/2.1.2_disable_bsd_inetd.sh index 3425e21d..cefc9878 100755 --- a/bin/hardening/2.1.2_disable_bsd_inetd.sh +++ b/bin/hardening/2.1.2_disable_bsd_inetd.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.1.1_use_time_sync.sh b/bin/hardening/2.2.1.1_use_time_sync.sh index af9507fd..13ac2646 100755 --- a/bin/hardening/2.2.1.1_use_time_sync.sh +++ b/bin/hardening/2.2.1.1_use_time_sync.sh @@ -49,17 +49,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.1.2_configure_systemd-timesyncd.sh b/bin/hardening/2.2.1.2_configure_systemd-timesyncd.sh index 6bbb5619..6b8c15f7 100755 --- a/bin/hardening/2.2.1.2_configure_systemd-timesyncd.sh +++ b/bin/hardening/2.2.1.2_configure_systemd-timesyncd.sh @@ -44,17 +44,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.1.3_configure_chrony.sh b/bin/hardening/2.2.1.3_configure_chrony.sh index 4404c539..2996e90c 100755 --- a/bin/hardening/2.2.1.3_configure_chrony.sh +++ b/bin/hardening/2.2.1.3_configure_chrony.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.1.4_configure_ntp.sh b/bin/hardening/2.2.1.4_configure_ntp.sh index f8cfbe5f..5f2fe8d2 100755 --- a/bin/hardening/2.2.1.4_configure_ntp.sh +++ b/bin/hardening/2.2.1.4_configure_ntp.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.10_disable_http_server.sh b/bin/hardening/2.2.10_disable_http_server.sh index 6c15abeb..73ad0842 100755 --- a/bin/hardening/2.2.10_disable_http_server.sh +++ b/bin/hardening/2.2.10_disable_http_server.sh @@ -58,17 +58,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.11_disable_imap_pop.sh b/bin/hardening/2.2.11_disable_imap_pop.sh index f65df299..ae11bd40 100755 --- a/bin/hardening/2.2.11_disable_imap_pop.sh +++ b/bin/hardening/2.2.11_disable_imap_pop.sh @@ -58,17 +58,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.12_disable_samba.sh b/bin/hardening/2.2.12_disable_samba.sh index 940f0eb6..3df06a06 100755 --- a/bin/hardening/2.2.12_disable_samba.sh +++ b/bin/hardening/2.2.12_disable_samba.sh @@ -71,17 +71,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.13_disable_http_proxy.sh b/bin/hardening/2.2.13_disable_http_proxy.sh index 199039cd..85b0bb4b 100755 --- a/bin/hardening/2.2.13_disable_http_proxy.sh +++ b/bin/hardening/2.2.13_disable_http_proxy.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.14_disable_snmp_server.sh b/bin/hardening/2.2.14_disable_snmp_server.sh index 12fe790d..82d761af 100755 --- a/bin/hardening/2.2.14_disable_snmp_server.sh +++ b/bin/hardening/2.2.14_disable_snmp_server.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.15_mta_localhost.sh b/bin/hardening/2.2.15_mta_localhost.sh index 098af48d..6a8d4f34 100755 --- a/bin/hardening/2.2.15_mta_localhost.sh +++ b/bin/hardening/2.2.15_mta_localhost.sh @@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.16_disable_rsync.sh b/bin/hardening/2.2.16_disable_rsync.sh index 4d91f267..64e4e1a1 100755 --- a/bin/hardening/2.2.16_disable_rsync.sh +++ b/bin/hardening/2.2.16_disable_rsync.sh @@ -68,17 +68,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.17_disable_nis.sh b/bin/hardening/2.2.17_disable_nis.sh index 438f3aa1..e90f762d 100755 --- a/bin/hardening/2.2.17_disable_nis.sh +++ b/bin/hardening/2.2.17_disable_nis.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.2_disable_xwindow_system.sh b/bin/hardening/2.2.2_disable_xwindow_system.sh index 0cbe0f54..ed36027e 100755 --- a/bin/hardening/2.2.2_disable_xwindow_system.sh +++ b/bin/hardening/2.2.2_disable_xwindow_system.sh @@ -58,17 +58,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.3_disable_avahi_server.sh b/bin/hardening/2.2.3_disable_avahi_server.sh index a2b2941a..09322a36 100755 --- a/bin/hardening/2.2.3_disable_avahi_server.sh +++ b/bin/hardening/2.2.3_disable_avahi_server.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.4_disable_print_server.sh b/bin/hardening/2.2.4_disable_print_server.sh index 9a2239e5..cf3e2bfa 100755 --- a/bin/hardening/2.2.4_disable_print_server.sh +++ b/bin/hardening/2.2.4_disable_print_server.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.5_disable_dhcp.sh b/bin/hardening/2.2.5_disable_dhcp.sh index 6d336222..f7b9fd1b 100755 --- a/bin/hardening/2.2.5_disable_dhcp.sh +++ b/bin/hardening/2.2.5_disable_dhcp.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.6_disable_ldap.sh b/bin/hardening/2.2.6_disable_ldap.sh index 09b4a0d6..568ef3c0 100755 --- a/bin/hardening/2.2.6_disable_ldap.sh +++ b/bin/hardening/2.2.6_disable_ldap.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.7_disable_nfs_rpc.sh b/bin/hardening/2.2.7_disable_nfs_rpc.sh index f2b98cfa..54f42ab2 100755 --- a/bin/hardening/2.2.7_disable_nfs_rpc.sh +++ b/bin/hardening/2.2.7_disable_nfs_rpc.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.8_disable_dns_server.sh b/bin/hardening/2.2.8_disable_dns_server.sh index b330da63..f07bcb98 100755 --- a/bin/hardening/2.2.8_disable_dns_server.sh +++ b/bin/hardening/2.2.8_disable_dns_server.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.9_disable_ftp.sh b/bin/hardening/2.2.9_disable_ftp.sh index e0932d46..d184ac68 100755 --- a/bin/hardening/2.2.9_disable_ftp.sh +++ b/bin/hardening/2.2.9_disable_ftp.sh @@ -58,17 +58,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.3.1_disable_nis.sh b/bin/hardening/2.3.1_disable_nis.sh index 113ff156..10b5f90b 100755 --- a/bin/hardening/2.3.1_disable_nis.sh +++ b/bin/hardening/2.3.1_disable_nis.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.3.2_disable_rsh_client.sh b/bin/hardening/2.3.2_disable_rsh_client.sh index b93b0fcb..030099a0 100755 --- a/bin/hardening/2.3.2_disable_rsh_client.sh +++ b/bin/hardening/2.3.2_disable_rsh_client.sh @@ -56,17 +56,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.3.3_disable_talk_client.sh b/bin/hardening/2.3.3_disable_talk_client.sh index 4a630356..5bb5b8c8 100755 --- a/bin/hardening/2.3.3_disable_talk_client.sh +++ b/bin/hardening/2.3.3_disable_talk_client.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.3.4_disable_telnet_client.sh b/bin/hardening/2.3.4_disable_telnet_client.sh index 00b75cf2..6fb54186 100755 --- a/bin/hardening/2.3.4_disable_telnet_client.sh +++ b/bin/hardening/2.3.4_disable_telnet_client.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.3.5_disable_ldap_client.sh b/bin/hardening/2.3.5_disable_ldap_client.sh index ef1141d7..d87c7fcd 100755 --- a/bin/hardening/2.3.5_disable_ldap_client.sh +++ b/bin/hardening/2.3.5_disable_ldap_client.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.1.1_disable_ipv6.sh b/bin/hardening/3.1.1_disable_ipv6.sh index 467588ca..0ed8f3ed 100755 --- a/bin/hardening/3.1.1_disable_ipv6.sh +++ b/bin/hardening/3.1.1_disable_ipv6.sh @@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.1.2_disable_wireless.sh b/bin/hardening/3.1.2_disable_wireless.sh index 3dfa777c..5b656d00 100755 --- a/bin/hardening/3.1.2_disable_wireless.sh +++ b/bin/hardening/3.1.2_disable_wireless.sh @@ -37,29 +37,29 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi ## Source Root Dir Parameter #if [ ! -r /etc/default/cis-hardening ]; then -# echo "There is no /etc/default/cis-hardening file, cannot source CIS_ROOT_DIR variable, aborting" +# echo "There is no /etc/default/cis-hardening file, cannot source CIS_LIB_DIR variable, aborting" # exit 128 #else # shellcheck source=../../debian/default # . /etc/default/cis-hardening -# if [ -z ${CIS_ROOT_DIR:-} ]; then -# echo "No CIS_ROOT_DIR variable, aborting" +# if [ -z ${CIS_LIB_DIR:-} ]; then +# echo "No CIS_LIB_DIR variable, aborting" # exit 128 # fi #fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.2.1_disable_send_packet_redirects.sh b/bin/hardening/3.2.1_disable_send_packet_redirects.sh index 077a102d..ea6ca75e 100755 --- a/bin/hardening/3.2.1_disable_send_packet_redirects.sh +++ b/bin/hardening/3.2.1_disable_send_packet_redirects.sh @@ -67,17 +67,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.2.2_disable_ip_forwarding.sh b/bin/hardening/3.2.2_disable_ip_forwarding.sh index 46a2fb3c..6946314b 100755 --- a/bin/hardening/3.2.2_disable_ip_forwarding.sh +++ b/bin/hardening/3.2.2_disable_ip_forwarding.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.1_disable_source_routed_packets.sh b/bin/hardening/3.3.1_disable_source_routed_packets.sh index f1538a5c..fe4b0acc 100755 --- a/bin/hardening/3.3.1_disable_source_routed_packets.sh +++ b/bin/hardening/3.3.1_disable_source_routed_packets.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.2_disable_icmp_redirect.sh b/bin/hardening/3.3.2_disable_icmp_redirect.sh index 69a351d4..4bc28e6f 100755 --- a/bin/hardening/3.3.2_disable_icmp_redirect.sh +++ b/bin/hardening/3.3.2_disable_icmp_redirect.sh @@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.3_disable_secure_icmp_redirect.sh b/bin/hardening/3.3.3_disable_secure_icmp_redirect.sh index 037470aa..5ae544f7 100755 --- a/bin/hardening/3.3.3_disable_secure_icmp_redirect.sh +++ b/bin/hardening/3.3.3_disable_secure_icmp_redirect.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.4_log_martian_packets.sh b/bin/hardening/3.3.4_log_martian_packets.sh index 2e2a869d..28ff74eb 100755 --- a/bin/hardening/3.3.4_log_martian_packets.sh +++ b/bin/hardening/3.3.4_log_martian_packets.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.5_ignore_broadcast_requests.sh b/bin/hardening/3.3.5_ignore_broadcast_requests.sh index b2a2841f..2ca57bbb 100755 --- a/bin/hardening/3.3.5_ignore_broadcast_requests.sh +++ b/bin/hardening/3.3.5_ignore_broadcast_requests.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.6_enable_bad_error_message_protection.sh b/bin/hardening/3.3.6_enable_bad_error_message_protection.sh index 8ceb274a..43e6c594 100755 --- a/bin/hardening/3.3.6_enable_bad_error_message_protection.sh +++ b/bin/hardening/3.3.6_enable_bad_error_message_protection.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.7_enable_source_route_validation.sh b/bin/hardening/3.3.7_enable_source_route_validation.sh index a03cc118..2e50d5ef 100755 --- a/bin/hardening/3.3.7_enable_source_route_validation.sh +++ b/bin/hardening/3.3.7_enable_source_route_validation.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.8_enable_tcp_syn_cookies.sh b/bin/hardening/3.3.8_enable_tcp_syn_cookies.sh index 9d54caf1..16038e3f 100755 --- a/bin/hardening/3.3.8_enable_tcp_syn_cookies.sh +++ b/bin/hardening/3.3.8_enable_tcp_syn_cookies.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh b/bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh index c6b3a855..18b46c04 100755 --- a/bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh +++ b/bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh @@ -75,17 +75,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.4.1_disable_dccp.sh b/bin/hardening/3.4.1_disable_dccp.sh index ba1ceed2..218c4295 100755 --- a/bin/hardening/3.4.1_disable_dccp.sh +++ b/bin/hardening/3.4.1_disable_dccp.sh @@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.4.2_disable_sctp.sh b/bin/hardening/3.4.2_disable_sctp.sh index d7a3ad9c..94f1b406 100755 --- a/bin/hardening/3.4.2_disable_sctp.sh +++ b/bin/hardening/3.4.2_disable_sctp.sh @@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.4.3_disable_rds.sh b/bin/hardening/3.4.3_disable_rds.sh index e10f9cc8..03b37c7f 100755 --- a/bin/hardening/3.4.3_disable_rds.sh +++ b/bin/hardening/3.4.3_disable_rds.sh @@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.4.4_disable_tipc.sh b/bin/hardening/3.4.4_disable_tipc.sh index f38c6879..e49a8789 100755 --- a/bin/hardening/3.4.4_disable_tipc.sh +++ b/bin/hardening/3.4.4_disable_tipc.sh @@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.5.1.1_enable_firewall.sh b/bin/hardening/3.5.1.1_enable_firewall.sh index 169c598e..1163387a 100755 --- a/bin/hardening/3.5.1.1_enable_firewall.sh +++ b/bin/hardening/3.5.1.1_enable_firewall.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh b/bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh index 1d40127b..ca76aeb3 100755 --- a/bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh +++ b/bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh @@ -66,17 +66,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.1.1_install_auditd.sh b/bin/hardening/4.1.1.1_install_auditd.sh index 375c34df..64473561 100755 --- a/bin/hardening/4.1.1.1_install_auditd.sh +++ b/bin/hardening/4.1.1.1_install_auditd.sh @@ -50,17 +50,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.1.2_enable_auditd.sh b/bin/hardening/4.1.1.2_enable_auditd.sh index 2bfb7cca..2edfbb8d 100755 --- a/bin/hardening/4.1.1.2_enable_auditd.sh +++ b/bin/hardening/4.1.1.2_enable_auditd.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.1.3_audit_bootloader.sh b/bin/hardening/4.1.1.3_audit_bootloader.sh index 01bb518f..22fd58a2 100755 --- a/bin/hardening/4.1.1.3_audit_bootloader.sh +++ b/bin/hardening/4.1.1.3_audit_bootloader.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.1.4_audit_backlog_limit.sh b/bin/hardening/4.1.1.4_audit_backlog_limit.sh index 1186349d..924a8aa5 100755 --- a/bin/hardening/4.1.1.4_audit_backlog_limit.sh +++ b/bin/hardening/4.1.1.4_audit_backlog_limit.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.10_record_failed_access_file.sh b/bin/hardening/4.1.10_record_failed_access_file.sh index 68d72bd0..328f0ef7 100755 --- a/bin/hardening/4.1.10_record_failed_access_file.sh +++ b/bin/hardening/4.1.10_record_failed_access_file.sh @@ -90,17 +90,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.11_record_privileged_commands.sh b/bin/hardening/4.1.11_record_privileged_commands.sh index 87dac9ac..d91e2e24 100755 --- a/bin/hardening/4.1.11_record_privileged_commands.sh +++ b/bin/hardening/4.1.11_record_privileged_commands.sh @@ -90,17 +90,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.12_record_successful_mount.sh b/bin/hardening/4.1.12_record_successful_mount.sh index ca794dd5..445adde4 100755 --- a/bin/hardening/4.1.12_record_successful_mount.sh +++ b/bin/hardening/4.1.12_record_successful_mount.sh @@ -88,17 +88,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.13_record_file_deletions.sh b/bin/hardening/4.1.13_record_file_deletions.sh index 8bc7b1de..aa602735 100755 --- a/bin/hardening/4.1.13_record_file_deletions.sh +++ b/bin/hardening/4.1.13_record_file_deletions.sh @@ -88,17 +88,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.14_record_sudoers_edit.sh b/bin/hardening/4.1.14_record_sudoers_edit.sh index 1e230235..f000b459 100755 --- a/bin/hardening/4.1.14_record_sudoers_edit.sh +++ b/bin/hardening/4.1.14_record_sudoers_edit.sh @@ -88,17 +88,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.15_record_sudo_usage.sh b/bin/hardening/4.1.15_record_sudo_usage.sh index 0e325c54..e66982aa 100755 --- a/bin/hardening/4.1.15_record_sudo_usage.sh +++ b/bin/hardening/4.1.15_record_sudo_usage.sh @@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.16_record_kernel_modules.sh b/bin/hardening/4.1.16_record_kernel_modules.sh index 902aa616..b9699c0a 100755 --- a/bin/hardening/4.1.16_record_kernel_modules.sh +++ b/bin/hardening/4.1.16_record_kernel_modules.sh @@ -90,17 +90,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.17_freeze_auditd_conf.sh b/bin/hardening/4.1.17_freeze_auditd_conf.sh index c367d212..3416cbb6 100755 --- a/bin/hardening/4.1.17_freeze_auditd_conf.sh +++ b/bin/hardening/4.1.17_freeze_auditd_conf.sh @@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.2.1_audit_log_storage.sh b/bin/hardening/4.1.2.1_audit_log_storage.sh index 120a1dd6..05583027 100755 --- a/bin/hardening/4.1.2.1_audit_log_storage.sh +++ b/bin/hardening/4.1.2.1_audit_log_storage.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.2.2_halt_when_audit_log_full.sh b/bin/hardening/4.1.2.2_halt_when_audit_log_full.sh index 3a2b94b6..0196d79e 100755 --- a/bin/hardening/4.1.2.2_halt_when_audit_log_full.sh +++ b/bin/hardening/4.1.2.2_halt_when_audit_log_full.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.2.3_keep_all_audit_logs.sh b/bin/hardening/4.1.2.3_keep_all_audit_logs.sh index eba4e74c..764595b4 100755 --- a/bin/hardening/4.1.2.3_keep_all_audit_logs.sh +++ b/bin/hardening/4.1.2.3_keep_all_audit_logs.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.3_record_date_time_edit.sh b/bin/hardening/4.1.3_record_date_time_edit.sh index 2870eae2..f4c498f0 100755 --- a/bin/hardening/4.1.3_record_date_time_edit.sh +++ b/bin/hardening/4.1.3_record_date_time_edit.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.4_record_user_group_edit.sh b/bin/hardening/4.1.4_record_user_group_edit.sh index 429c5f2e..f170a7eb 100755 --- a/bin/hardening/4.1.4_record_user_group_edit.sh +++ b/bin/hardening/4.1.4_record_user_group_edit.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.5_record_network_edit.sh b/bin/hardening/4.1.5_record_network_edit.sh index 2f47aeef..da8b78c8 100755 --- a/bin/hardening/4.1.5_record_network_edit.sh +++ b/bin/hardening/4.1.5_record_network_edit.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.6_record_mac_edit.sh b/bin/hardening/4.1.6_record_mac_edit.sh index 24c7076a..e61e10b8 100755 --- a/bin/hardening/4.1.6_record_mac_edit.sh +++ b/bin/hardening/4.1.6_record_mac_edit.sh @@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.7_record_login_logout.sh b/bin/hardening/4.1.7_record_login_logout.sh index 687584ff..420b9444 100755 --- a/bin/hardening/4.1.7_record_login_logout.sh +++ b/bin/hardening/4.1.7_record_login_logout.sh @@ -89,17 +89,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.8_record_session_init.sh b/bin/hardening/4.1.8_record_session_init.sh index 896d15c0..45d86503 100755 --- a/bin/hardening/4.1.8_record_session_init.sh +++ b/bin/hardening/4.1.8_record_session_init.sh @@ -89,17 +89,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.9_record_dac_edit.sh b/bin/hardening/4.1.9_record_dac_edit.sh index 475b2872..8f9af052 100755 --- a/bin/hardening/4.1.9_record_dac_edit.sh +++ b/bin/hardening/4.1.9_record_dac_edit.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.1.1_install_syslog-ng.sh b/bin/hardening/4.2.1.1_install_syslog-ng.sh index 3a1d8e62..1cb6ebb0 100755 --- a/bin/hardening/4.2.1.1_install_syslog-ng.sh +++ b/bin/hardening/4.2.1.1_install_syslog-ng.sh @@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.1.2_enable_syslog-ng.sh b/bin/hardening/4.2.1.2_enable_syslog-ng.sh index 8df4653e..4a0dc4e2 100755 --- a/bin/hardening/4.2.1.2_enable_syslog-ng.sh +++ b/bin/hardening/4.2.1.2_enable_syslog-ng.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.1.3_configure_syslog-ng.sh b/bin/hardening/4.2.1.3_configure_syslog-ng.sh index 715a4ed4..4833ee30 100755 --- a/bin/hardening/4.2.1.3_configure_syslog-ng.sh +++ b/bin/hardening/4.2.1.3_configure_syslog-ng.sh @@ -42,17 +42,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh b/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh index 65e60a07..b9efcc4a 100755 --- a/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh +++ b/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh @@ -159,17 +159,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh b/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh index 2b9e7f5c..59a84630 100755 --- a/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh +++ b/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh @@ -84,17 +84,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh b/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh index 50d983e2..9db6856b 100755 --- a/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh +++ b/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh @@ -108,17 +108,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.2.1_journald_logs.sh b/bin/hardening/4.2.2.1_journald_logs.sh index 1fc28a12..bef7332d 100755 --- a/bin/hardening/4.2.2.1_journald_logs.sh +++ b/bin/hardening/4.2.2.1_journald_logs.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.2.2_journald_compress.sh b/bin/hardening/4.2.2.2_journald_compress.sh index cd44b9c6..7057fc37 100755 --- a/bin/hardening/4.2.2.2_journald_compress.sh +++ b/bin/hardening/4.2.2.2_journald_compress.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.2.3_journald_write_persistent.sh b/bin/hardening/4.2.2.3_journald_write_persistent.sh index 8dcd4925..46ba769f 100755 --- a/bin/hardening/4.2.2.3_journald_write_persistent.sh +++ b/bin/hardening/4.2.2.3_journald_write_persistent.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.3_logs_permissions.sh b/bin/hardening/4.2.3_logs_permissions.sh index 2f19812b..77020045 100755 --- a/bin/hardening/4.2.3_logs_permissions.sh +++ b/bin/hardening/4.2.3_logs_permissions.sh @@ -66,17 +66,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.3_configure_logrotate.sh b/bin/hardening/4.3_configure_logrotate.sh index 06abe877..d109360a 100755 --- a/bin/hardening/4.3_configure_logrotate.sh +++ b/bin/hardening/4.3_configure_logrotate.sh @@ -42,17 +42,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.4_logrotate_permissions.sh b/bin/hardening/4.4_logrotate_permissions.sh index bffddb42..2de14e7f 100755 --- a/bin/hardening/4.4_logrotate_permissions.sh +++ b/bin/hardening/4.4_logrotate_permissions.sh @@ -68,17 +68,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.1_enable_cron.sh b/bin/hardening/5.1.1_enable_cron.sh index bdd1f98d..a716cbf4 100755 --- a/bin/hardening/5.1.1_enable_cron.sh +++ b/bin/hardening/5.1.1_enable_cron.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.2_crontab_perm_ownership.sh b/bin/hardening/5.1.2_crontab_perm_ownership.sh index f3d37ba1..419032b7 100755 --- a/bin/hardening/5.1.2_crontab_perm_ownership.sh +++ b/bin/hardening/5.1.2_crontab_perm_ownership.sh @@ -86,17 +86,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.3_cron_hourly_perm_ownership.sh b/bin/hardening/5.1.3_cron_hourly_perm_ownership.sh index 44bb57b7..d4fbad69 100755 --- a/bin/hardening/5.1.3_cron_hourly_perm_ownership.sh +++ b/bin/hardening/5.1.3_cron_hourly_perm_ownership.sh @@ -86,17 +86,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.4_cron_daily_perm_ownership.sh b/bin/hardening/5.1.4_cron_daily_perm_ownership.sh index 5ad34495..fa575568 100755 --- a/bin/hardening/5.1.4_cron_daily_perm_ownership.sh +++ b/bin/hardening/5.1.4_cron_daily_perm_ownership.sh @@ -86,17 +86,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.5_cron_weekly_perm_ownership.sh b/bin/hardening/5.1.5_cron_weekly_perm_ownership.sh index 5c5258ef..29aad249 100755 --- a/bin/hardening/5.1.5_cron_weekly_perm_ownership.sh +++ b/bin/hardening/5.1.5_cron_weekly_perm_ownership.sh @@ -86,17 +86,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.6_cron_monthly_perm_ownership.sh b/bin/hardening/5.1.6_cron_monthly_perm_ownership.sh index 1ff92963..17367fc5 100755 --- a/bin/hardening/5.1.6_cron_monthly_perm_ownership.sh +++ b/bin/hardening/5.1.6_cron_monthly_perm_ownership.sh @@ -86,17 +86,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.7_cron_d_perm_ownership.sh b/bin/hardening/5.1.7_cron_d_perm_ownership.sh index 36334b3f..bb6e160a 100755 --- a/bin/hardening/5.1.7_cron_d_perm_ownership.sh +++ b/bin/hardening/5.1.7_cron_d_perm_ownership.sh @@ -80,17 +80,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.8_cron_users.sh b/bin/hardening/5.1.8_cron_users.sh index 8422e11d..958d62cc 100755 --- a/bin/hardening/5.1.8_cron_users.sh +++ b/bin/hardening/5.1.8_cron_users.sh @@ -108,17 +108,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.10_disable_root_login.sh b/bin/hardening/5.2.10_disable_root_login.sh index 19721247..04bf5108 100755 --- a/bin/hardening/5.2.10_disable_root_login.sh +++ b/bin/hardening/5.2.10_disable_root_login.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh b/bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh index 22d4297f..d713552d 100755 --- a/bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh +++ b/bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.12_disable_sshd_setenv.sh b/bin/hardening/5.2.12_disable_sshd_setenv.sh index e6be4d19..0ba08796 100755 --- a/bin/hardening/5.2.12_disable_sshd_setenv.sh +++ b/bin/hardening/5.2.12_disable_sshd_setenv.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.13_sshd_ciphers.sh b/bin/hardening/5.2.13_sshd_ciphers.sh index 81447d5a..d849432b 100755 --- a/bin/hardening/5.2.13_sshd_ciphers.sh +++ b/bin/hardening/5.2.13_sshd_ciphers.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.14_ssh_cry_mac.sh b/bin/hardening/5.2.14_ssh_cry_mac.sh index 6894aff8..be415bd2 100755 --- a/bin/hardening/5.2.14_ssh_cry_mac.sh +++ b/bin/hardening/5.2.14_ssh_cry_mac.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.15_ssh_cry_kex.sh b/bin/hardening/5.2.15_ssh_cry_kex.sh index c6c774fc..9bddbe10 100755 --- a/bin/hardening/5.2.15_ssh_cry_kex.sh +++ b/bin/hardening/5.2.15_ssh_cry_kex.sh @@ -99,17 +99,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.16_sshd_idle_timeout.sh b/bin/hardening/5.2.16_sshd_idle_timeout.sh index 93b7ca2b..d6619d4c 100755 --- a/bin/hardening/5.2.16_sshd_idle_timeout.sh +++ b/bin/hardening/5.2.16_sshd_idle_timeout.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.17_sshd_login_grace_time.sh b/bin/hardening/5.2.17_sshd_login_grace_time.sh index 4d698bc5..e807579f 100755 --- a/bin/hardening/5.2.17_sshd_login_grace_time.sh +++ b/bin/hardening/5.2.17_sshd_login_grace_time.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.18_sshd_limit_access.sh b/bin/hardening/5.2.18_sshd_limit_access.sh index 1a5916be..99198f77 100755 --- a/bin/hardening/5.2.18_sshd_limit_access.sh +++ b/bin/hardening/5.2.18_sshd_limit_access.sh @@ -114,17 +114,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.19_ssh_banner.sh b/bin/hardening/5.2.19_ssh_banner.sh index c689fa6d..cdbcb553 100755 --- a/bin/hardening/5.2.19_ssh_banner.sh +++ b/bin/hardening/5.2.19_ssh_banner.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.1_sshd_conf_perm_ownership.sh b/bin/hardening/5.2.1_sshd_conf_perm_ownership.sh index 76599b9e..cd698586 100755 --- a/bin/hardening/5.2.1_sshd_conf_perm_ownership.sh +++ b/bin/hardening/5.2.1_sshd_conf_perm_ownership.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.20_enable_ssh_pam.sh b/bin/hardening/5.2.20_enable_ssh_pam.sh index 1ddf0347..ffb5563d 100755 --- a/bin/hardening/5.2.20_enable_ssh_pam.sh +++ b/bin/hardening/5.2.20_enable_ssh_pam.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh b/bin/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh index 06687248..bcf6023f 100755 --- a/bin/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh +++ b/bin/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.22_configure_ssh_max_startups.sh b/bin/hardening/5.2.22_configure_ssh_max_startups.sh index 2f45d8d4..2fb8ed78 100755 --- a/bin/hardening/5.2.22_configure_ssh_max_startups.sh +++ b/bin/hardening/5.2.22_configure_ssh_max_startups.sh @@ -95,17 +95,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.23_limit_ssh_max_sessions.sh b/bin/hardening/5.2.23_limit_ssh_max_sessions.sh index 7a0c94f1..c094c134 100755 --- a/bin/hardening/5.2.23_limit_ssh_max_sessions.sh +++ b/bin/hardening/5.2.23_limit_ssh_max_sessions.sh @@ -107,17 +107,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh b/bin/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh index 32857917..7ee3d36a 100755 --- a/bin/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh +++ b/bin/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh @@ -100,17 +100,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh b/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh index ac5fd76f..743157c4 100755 --- a/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh +++ b/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh @@ -101,17 +101,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.4_sshd_protocol.sh b/bin/hardening/5.2.4_sshd_protocol.sh index 03a8fdaf..1be613b8 100755 --- a/bin/hardening/5.2.4_sshd_protocol.sh +++ b/bin/hardening/5.2.4_sshd_protocol.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.5_sshd_loglevel.sh b/bin/hardening/5.2.5_sshd_loglevel.sh index ee47d8f0..7e2f56fa 100755 --- a/bin/hardening/5.2.5_sshd_loglevel.sh +++ b/bin/hardening/5.2.5_sshd_loglevel.sh @@ -94,17 +94,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.6_disable_x11_forwarding.sh b/bin/hardening/5.2.6_disable_x11_forwarding.sh index 4cf04ad8..e917ba00 100755 --- a/bin/hardening/5.2.6_disable_x11_forwarding.sh +++ b/bin/hardening/5.2.6_disable_x11_forwarding.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.7_sshd_maxauthtries.sh b/bin/hardening/5.2.7_sshd_maxauthtries.sh index 3d433243..5ed868d6 100755 --- a/bin/hardening/5.2.7_sshd_maxauthtries.sh +++ b/bin/hardening/5.2.7_sshd_maxauthtries.sh @@ -106,17 +106,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh b/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh index bd92396a..aa82cf95 100755 --- a/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh +++ b/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh @@ -90,17 +90,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh b/bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh index 0ef03a4a..2eaa287f 100755 --- a/bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh +++ b/bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.3.1_enable_pwquality.sh b/bin/hardening/5.3.1_enable_pwquality.sh index d966cc88..b1121bb4 100755 --- a/bin/hardening/5.3.1_enable_pwquality.sh +++ b/bin/hardening/5.3.1_enable_pwquality.sh @@ -109,17 +109,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.3.2_enable_lockout_failed_password.sh b/bin/hardening/5.3.2_enable_lockout_failed_password.sh index 21045407..763e197a 100755 --- a/bin/hardening/5.3.2_enable_lockout_failed_password.sh +++ b/bin/hardening/5.3.2_enable_lockout_failed_password.sh @@ -89,17 +89,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.3.3_limit_password_reuse.sh b/bin/hardening/5.3.3_limit_password_reuse.sh index 3845db73..13c646c4 100755 --- a/bin/hardening/5.3.3_limit_password_reuse.sh +++ b/bin/hardening/5.3.3_limit_password_reuse.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.3.4_acc_pam_sha512.sh b/bin/hardening/5.3.4_acc_pam_sha512.sh index 6d449fc3..0cb60451 100755 --- a/bin/hardening/5.3.4_acc_pam_sha512.sh +++ b/bin/hardening/5.3.4_acc_pam_sha512.sh @@ -69,17 +69,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.1.1_set_password_exp_days.sh b/bin/hardening/5.4.1.1_set_password_exp_days.sh index 1ef273e2..dcefdf8a 100755 --- a/bin/hardening/5.4.1.1_set_password_exp_days.sh +++ b/bin/hardening/5.4.1.1_set_password_exp_days.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.1.2_set_password_min_days_change.sh b/bin/hardening/5.4.1.2_set_password_min_days_change.sh index 378fa562..9980d122 100755 --- a/bin/hardening/5.4.1.2_set_password_min_days_change.sh +++ b/bin/hardening/5.4.1.2_set_password_min_days_change.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.1.3_set_password_exp_warning_days.sh b/bin/hardening/5.4.1.3_set_password_exp_warning_days.sh index ab5631af..f991a372 100755 --- a/bin/hardening/5.4.1.3_set_password_exp_warning_days.sh +++ b/bin/hardening/5.4.1.3_set_password_exp_warning_days.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.1.4_lock_inactive_user_account.sh b/bin/hardening/5.4.1.4_lock_inactive_user_account.sh index f85f3752..87cb2bcb 100755 --- a/bin/hardening/5.4.1.4_lock_inactive_user_account.sh +++ b/bin/hardening/5.4.1.4_lock_inactive_user_account.sh @@ -41,17 +41,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.1.5_last_password_change_past.sh b/bin/hardening/5.4.1.5_last_password_change_past.sh index 1ada7468..3beefc2e 100755 --- a/bin/hardening/5.4.1.5_last_password_change_past.sh +++ b/bin/hardening/5.4.1.5_last_password_change_past.sh @@ -37,17 +37,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.2_disable_system_accounts.sh b/bin/hardening/5.4.2_disable_system_accounts.sh index fe320a1c..439caba9 100755 --- a/bin/hardening/5.4.2_disable_system_accounts.sh +++ b/bin/hardening/5.4.2_disable_system_accounts.sh @@ -114,17 +114,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.3_default_root_group.sh b/bin/hardening/5.4.3_default_root_group.sh index a807e3b0..f0d4e264 100755 --- a/bin/hardening/5.4.3_default_root_group.sh +++ b/bin/hardening/5.4.3_default_root_group.sh @@ -49,17 +49,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.4_default_umask.sh b/bin/hardening/5.4.4_default_umask.sh index 8a64f1c9..b0f9aa47 100755 --- a/bin/hardening/5.4.4_default_umask.sh +++ b/bin/hardening/5.4.4_default_umask.sh @@ -101,17 +101,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.5_default_timeout.sh b/bin/hardening/5.4.5_default_timeout.sh index 5cfdd854..6355ebce 100755 --- a/bin/hardening/5.4.5_default_timeout.sh +++ b/bin/hardening/5.4.5_default_timeout.sh @@ -104,17 +104,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.5_secure_tty.sh b/bin/hardening/5.5_secure_tty.sh index 0901ca11..006d670b 100755 --- a/bin/hardening/5.5_secure_tty.sh +++ b/bin/hardening/5.5_secure_tty.sh @@ -41,17 +41,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.6_restrict_su.sh b/bin/hardening/5.6_restrict_su.sh index c34d6fbd..60a54236 100755 --- a/bin/hardening/5.6_restrict_su.sh +++ b/bin/hardening/5.6_restrict_su.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.10_find_world_writable_file.sh b/bin/hardening/6.1.10_find_world_writable_file.sh index 5b66a8e9..17226301 100755 --- a/bin/hardening/6.1.10_find_world_writable_file.sh +++ b/bin/hardening/6.1.10_find_world_writable_file.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.11_find_unowned_files.sh b/bin/hardening/6.1.11_find_unowned_files.sh index cadf9e3d..2173e44e 100755 --- a/bin/hardening/6.1.11_find_unowned_files.sh +++ b/bin/hardening/6.1.11_find_unowned_files.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.12_find_ungrouped_files.sh b/bin/hardening/6.1.12_find_ungrouped_files.sh index a860ccc4..81a20c8b 100755 --- a/bin/hardening/6.1.12_find_ungrouped_files.sh +++ b/bin/hardening/6.1.12_find_ungrouped_files.sh @@ -82,17 +82,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.13_find_suid_files.sh b/bin/hardening/6.1.13_find_suid_files.sh index a753d12c..820a6bb2 100755 --- a/bin/hardening/6.1.13_find_suid_files.sh +++ b/bin/hardening/6.1.13_find_suid_files.sh @@ -85,17 +85,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.14_find_sgid_files.sh b/bin/hardening/6.1.14_find_sgid_files.sh index 0cbe248e..f16106ed 100755 --- a/bin/hardening/6.1.14_find_sgid_files.sh +++ b/bin/hardening/6.1.14_find_sgid_files.sh @@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.2_etc_passwd_permissions.sh b/bin/hardening/6.1.2_etc_passwd_permissions.sh index a64aac8a..5bba2f98 100755 --- a/bin/hardening/6.1.2_etc_passwd_permissions.sh +++ b/bin/hardening/6.1.2_etc_passwd_permissions.sh @@ -66,17 +66,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.3_etc_gshadow-_permissions.sh b/bin/hardening/6.1.3_etc_gshadow-_permissions.sh index 3714adc9..6cc781d0 100755 --- a/bin/hardening/6.1.3_etc_gshadow-_permissions.sh +++ b/bin/hardening/6.1.3_etc_gshadow-_permissions.sh @@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.4_etc_shadow_permissions.sh b/bin/hardening/6.1.4_etc_shadow_permissions.sh index 34e0a7a9..46f03697 100755 --- a/bin/hardening/6.1.4_etc_shadow_permissions.sh +++ b/bin/hardening/6.1.4_etc_shadow_permissions.sh @@ -66,17 +66,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.5_etc_group_permissions.sh b/bin/hardening/6.1.5_etc_group_permissions.sh index b7f0731a..175e4305 100755 --- a/bin/hardening/6.1.5_etc_group_permissions.sh +++ b/bin/hardening/6.1.5_etc_group_permissions.sh @@ -66,17 +66,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.6_etc_passwd-_permissions.sh b/bin/hardening/6.1.6_etc_passwd-_permissions.sh index 4019b504..781b9ffc 100755 --- a/bin/hardening/6.1.6_etc_passwd-_permissions.sh +++ b/bin/hardening/6.1.6_etc_passwd-_permissions.sh @@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.7_etc_shadow-_permissions.sh b/bin/hardening/6.1.7_etc_shadow-_permissions.sh index 6adea07f..a67e59e6 100755 --- a/bin/hardening/6.1.7_etc_shadow-_permissions.sh +++ b/bin/hardening/6.1.7_etc_shadow-_permissions.sh @@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.8_etc_group-_permissions.sh b/bin/hardening/6.1.8_etc_group-_permissions.sh index eed99d5a..b14e447c 100755 --- a/bin/hardening/6.1.8_etc_group-_permissions.sh +++ b/bin/hardening/6.1.8_etc_group-_permissions.sh @@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.9_etc_gshadow_permissions.sh b/bin/hardening/6.1.9_etc_gshadow_permissions.sh index b1e7871f..856f9e52 100755 --- a/bin/hardening/6.1.9_etc_gshadow_permissions.sh +++ b/bin/hardening/6.1.9_etc_gshadow_permissions.sh @@ -66,17 +66,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.10_check_user_dot_file_perm.sh b/bin/hardening/6.2.10_check_user_dot_file_perm.sh index b892ce72..a8adfc7d 100755 --- a/bin/hardening/6.2.10_check_user_dot_file_perm.sh +++ b/bin/hardening/6.2.10_check_user_dot_file_perm.sh @@ -72,17 +72,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.11_find_user_forward_files.sh b/bin/hardening/6.2.11_find_user_forward_files.sh index f391e597..5f23d161 100755 --- a/bin/hardening/6.2.11_find_user_forward_files.sh +++ b/bin/hardening/6.2.11_find_user_forward_files.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.12_find_user_netrc_files.sh b/bin/hardening/6.2.12_find_user_netrc_files.sh index 65682b99..e146e4be 100755 --- a/bin/hardening/6.2.12_find_user_netrc_files.sh +++ b/bin/hardening/6.2.12_find_user_netrc_files.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.13_set_perm_on_user_netrc.sh b/bin/hardening/6.2.13_set_perm_on_user_netrc.sh index cfca955c..7eddd0c3 100755 --- a/bin/hardening/6.2.13_set_perm_on_user_netrc.sh +++ b/bin/hardening/6.2.13_set_perm_on_user_netrc.sh @@ -71,17 +71,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.14_find_user_rhosts_files.sh b/bin/hardening/6.2.14_find_user_rhosts_files.sh index d712bf3c..b9158752 100755 --- a/bin/hardening/6.2.14_find_user_rhosts_files.sh +++ b/bin/hardening/6.2.14_find_user_rhosts_files.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh b/bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh index 2e99813d..cee66917 100755 --- a/bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh +++ b/bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh @@ -50,17 +50,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.16_check_duplicate_uid.sh b/bin/hardening/6.2.16_check_duplicate_uid.sh index 621d8d79..2f6400c3 100755 --- a/bin/hardening/6.2.16_check_duplicate_uid.sh +++ b/bin/hardening/6.2.16_check_duplicate_uid.sh @@ -72,17 +72,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.17_check_duplicate_gid.sh b/bin/hardening/6.2.17_check_duplicate_gid.sh index 977074c9..f20aa256 100755 --- a/bin/hardening/6.2.17_check_duplicate_gid.sh +++ b/bin/hardening/6.2.17_check_duplicate_gid.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.18_check_duplicate_username.sh b/bin/hardening/6.2.18_check_duplicate_username.sh index e819915b..030b9e58 100755 --- a/bin/hardening/6.2.18_check_duplicate_username.sh +++ b/bin/hardening/6.2.18_check_duplicate_username.sh @@ -54,17 +54,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.19_check_duplicate_groupname.sh b/bin/hardening/6.2.19_check_duplicate_groupname.sh index dd4053a5..f24a059d 100755 --- a/bin/hardening/6.2.19_check_duplicate_groupname.sh +++ b/bin/hardening/6.2.19_check_duplicate_groupname.sh @@ -54,17 +54,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.1_remove_empty_password_field.sh b/bin/hardening/6.2.1_remove_empty_password_field.sh index d3d404ec..2e85e160 100755 --- a/bin/hardening/6.2.1_remove_empty_password_field.sh +++ b/bin/hardening/6.2.1_remove_empty_password_field.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.20_shadow_group_empty.sh b/bin/hardening/6.2.20_shadow_group_empty.sh index 4d5322d5..8b6cb447 100755 --- a/bin/hardening/6.2.20_shadow_group_empty.sh +++ b/bin/hardening/6.2.20_shadow_group_empty.sh @@ -61,17 +61,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh b/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh index 6faef010..fef016d4 100755 --- a/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh +++ b/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh @@ -56,17 +56,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.3_users_homedir_exist.sh b/bin/hardening/6.2.3_users_homedir_exist.sh index 458049ca..7830ef1d 100755 --- a/bin/hardening/6.2.3_users_homedir_exist.sh +++ b/bin/hardening/6.2.3_users_homedir_exist.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh b/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh index f00dfcfc..a7a71ac1 100755 --- a/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh +++ b/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh @@ -56,17 +56,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.5_remove_legacy_group_entries.sh b/bin/hardening/6.2.5_remove_legacy_group_entries.sh index 506aa61e..1ae12fd7 100755 --- a/bin/hardening/6.2.5_remove_legacy_group_entries.sh +++ b/bin/hardening/6.2.5_remove_legacy_group_entries.sh @@ -56,17 +56,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.6_find_0_uid_non_root_account.sh b/bin/hardening/6.2.6_find_0_uid_non_root_account.sh index 1fa70868..3666a625 100755 --- a/bin/hardening/6.2.6_find_0_uid_non_root_account.sh +++ b/bin/hardening/6.2.6_find_0_uid_non_root_account.sh @@ -74,17 +74,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.7_sanitize_root_path.sh b/bin/hardening/6.2.7_sanitize_root_path.sh index 67bdccb7..fd4b0561 100755 --- a/bin/hardening/6.2.7_sanitize_root_path.sh +++ b/bin/hardening/6.2.7_sanitize_root_path.sh @@ -84,17 +84,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.8_check_user_dir_perm.sh b/bin/hardening/6.2.8_check_user_dir_perm.sh index c282f905..2d83187b 100755 --- a/bin/hardening/6.2.8_check_user_dir_perm.sh +++ b/bin/hardening/6.2.8_check_user_dir_perm.sh @@ -115,17 +115,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.9_users_homedir_ownership.sh b/bin/hardening/6.2.9_users_homedir_ownership.sh index 3467d491..3beeebe3 100755 --- a/bin/hardening/6.2.9_users_homedir_ownership.sh +++ b/bin/hardening/6.2.9_users_homedir_ownership.sh @@ -68,17 +68,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.1.1.1_disable_cramfs.sh b/bin/hardening/99.1.1.1_disable_cramfs.sh index 78ba88fa..ebab0e8e 100755 --- a/bin/hardening/99.1.1.1_disable_cramfs.sh +++ b/bin/hardening/99.1.1.1_disable_cramfs.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.1.1.23_disable_usb_devices.sh b/bin/hardening/99.1.1.23_disable_usb_devices.sh index 13da2436..b3b50c6d 100755 --- a/bin/hardening/99.1.1.23_disable_usb_devices.sh +++ b/bin/hardening/99.1.1.23_disable_usb_devices.sh @@ -114,17 +114,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.1.3_acc_sudoers_no_all.sh b/bin/hardening/99.1.3_acc_sudoers_no_all.sh index 6de076c1..dfb80a15 100755 --- a/bin/hardening/99.1.3_acc_sudoers_no_all.sh +++ b/bin/hardening/99.1.3_acc_sudoers_no_all.sh @@ -93,17 +93,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.2.2_disable_telnet_server.sh b/bin/hardening/99.2.2_disable_telnet_server.sh index ac5d23d3..f804b390 100755 --- a/bin/hardening/99.2.2_disable_telnet_server.sh +++ b/bin/hardening/99.2.2_disable_telnet_server.sh @@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.3.3.1_install_tcp_wrapper.sh b/bin/hardening/99.3.3.1_install_tcp_wrapper.sh index 381dbfa3..87247bef 100755 --- a/bin/hardening/99.3.3.1_install_tcp_wrapper.sh +++ b/bin/hardening/99.3.3.1_install_tcp_wrapper.sh @@ -50,17 +50,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.3.3.2_hosts_allow.sh b/bin/hardening/99.3.3.2_hosts_allow.sh index da3e77a3..c56515b1 100755 --- a/bin/hardening/99.3.3.2_hosts_allow.sh +++ b/bin/hardening/99.3.3.2_hosts_allow.sh @@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.3.3.3_hosts_deny.sh b/bin/hardening/99.3.3.3_hosts_deny.sh index a1b18e82..0a5438a5 100755 --- a/bin/hardening/99.3.3.3_hosts_deny.sh +++ b/bin/hardening/99.3.3.3_hosts_deny.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.3.3.4_hosts_allow_permissions.sh b/bin/hardening/99.3.3.4_hosts_allow_permissions.sh index 222e919d..b7befb0a 100755 --- a/bin/hardening/99.3.3.4_hosts_allow_permissions.sh +++ b/bin/hardening/99.3.3.4_hosts_allow_permissions.sh @@ -73,17 +73,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.3.3.5_hosts_deny_permissions.sh b/bin/hardening/99.3.3.5_hosts_deny_permissions.sh index 64220a60..7b27c3ad 100755 --- a/bin/hardening/99.3.3.5_hosts_deny_permissions.sh +++ b/bin/hardening/99.3.3.5_hosts_deny_permissions.sh @@ -73,17 +73,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.4.0_enable_auditd_kernel.sh b/bin/hardening/99.4.0_enable_auditd_kernel.sh index c01c4d49..828f1858 100755 --- a/bin/hardening/99.4.0_enable_auditd_kernel.sh +++ b/bin/hardening/99.4.0_enable_auditd_kernel.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.1_ssh_auth_pubk_only.sh b/bin/hardening/99.5.2.1_ssh_auth_pubk_only.sh index e7f03926..802046fb 100755 --- a/bin/hardening/99.5.2.1_ssh_auth_pubk_only.sh +++ b/bin/hardening/99.5.2.1_ssh_auth_pubk_only.sh @@ -82,17 +82,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.2_ssh_cry_rekey.sh b/bin/hardening/99.5.2.2_ssh_cry_rekey.sh index 68a8960e..782dcefe 100755 --- a/bin/hardening/99.5.2.2_ssh_cry_rekey.sh +++ b/bin/hardening/99.5.2.2_ssh_cry_rekey.sh @@ -99,17 +99,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.3_ssh_disable_features.sh b/bin/hardening/99.5.2.3_ssh_disable_features.sh index 4e57b66e..e6e22be2 100755 --- a/bin/hardening/99.5.2.3_ssh_disable_features.sh +++ b/bin/hardening/99.5.2.3_ssh_disable_features.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.4_ssh_keys_from.sh b/bin/hardening/99.5.2.4_ssh_keys_from.sh index 274053d5..073963ff 100755 --- a/bin/hardening/99.5.2.4_ssh_keys_from.sh +++ b/bin/hardening/99.5.2.4_ssh_keys_from.sh @@ -178,17 +178,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.5_ssh_strict_modes.sh b/bin/hardening/99.5.2.5_ssh_strict_modes.sh index f373e56b..d0bdfe95 100755 --- a/bin/hardening/99.5.2.5_ssh_strict_modes.sh +++ b/bin/hardening/99.5.2.5_ssh_strict_modes.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.6_ssh_sys_accept_env.sh b/bin/hardening/99.5.2.6_ssh_sys_accept_env.sh index c4319d2f..cac69a0d 100755 --- a/bin/hardening/99.5.2.6_ssh_sys_accept_env.sh +++ b/bin/hardening/99.5.2.6_ssh_sys_accept_env.sh @@ -74,17 +74,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh b/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh index 1c579512..a7a9774c 100755 --- a/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh +++ b/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh @@ -54,16 +54,16 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then - echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment, cannot source CIS_ROOT_DIR variable, aborting" +if [ -z "$CIS_LIB_DIR" ]; then + echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment, cannot source CIS_LIB_DIR variable, aborting" exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.8_ssh_sys_sandbox.sh b/bin/hardening/99.5.2.8_ssh_sys_sandbox.sh index e81166e1..2776f48f 100755 --- a/bin/hardening/99.5.2.8_ssh_sys_sandbox.sh +++ b/bin/hardening/99.5.2.8_ssh_sys_sandbox.sh @@ -82,17 +82,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh b/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh index dc040421..5bfcd6af 100755 --- a/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh +++ b/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh @@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh b/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh index 1e761380..8c1f9e36 100755 --- a/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh +++ b/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh @@ -69,17 +69,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.99_check_distribution.sh b/bin/hardening/99.99_check_distribution.sh index b11c29ef..252e971e 100755 --- a/bin/hardening/99.99_check_distribution.sh +++ b/bin/hardening/99.99_check_distribution.sh @@ -49,17 +49,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/debian/default b/debian/default index f4db83d6..2283123a 100644 --- a/debian/default +++ b/debian/default @@ -1,5 +1,7 @@ -# Default file for CIS Debian hardening scripts +# # Default file for CIS Debian hardening scripts # Define here root directory for CIS debian hardening scripts -CIS_ROOT_DIR='/opt/cis-hardening' - +CIS_LIB_DIR='/opt/debian-cis/lib' +CIS_CHECKS_DIR="/opt/debian-cis/bin/hardening" +CIS_CONF_DIR='/opt/debian-cis/etc' +CIS_TMP_DIR='/opt/debian-cis/tmp' diff --git a/etc/hardening.cfg b/etc/hardening.cfg index 52950176..6be4c9f4 100644 --- a/etc/hardening.cfg +++ b/etc/hardening.cfg @@ -6,4 +6,4 @@ LOGLEVEL=info # Backup directory, every file modified by hardening will be backuped here, with versionning # Means that if a file is modified more than once during the process, you will have hardening step diffs in the folder -BACKUPDIR="$CIS_ROOT_DIR/tmp/backups" +BACKUPDIR="${CIS_TMP_DIR}/backups" diff --git a/lib/main.sh b/lib/main.sh index 14f77e57..0047d458 100644 --- a/lib/main.sh +++ b/lib/main.sh @@ -17,16 +17,16 @@ if [ -n "${LOGLEVEL:-}" ]; then SAVED_LOGLEVEL=$LOGLEVEL fi # shellcheck source=../etc/hardening.cfg -[ -r "$CIS_ROOT_DIR"/etc/hardening.cfg ] && . "$CIS_ROOT_DIR"/etc/hardening.cfg +[ -r "${CIS_CONF_DIR}"/hardening.cfg ] && . "${CIS_CONF_DIR}"/hardening.cfg if [ -n "$SAVED_LOGLEVEL" ]; then LOGLEVEL=$SAVED_LOGLEVEL fi # shellcheck source=../lib/common.sh -[ -r "$CIS_ROOT_DIR"/lib/common.sh ] && . "$CIS_ROOT_DIR"/lib/common.sh +[ -r "${CIS_LIB_DIR}"/common.sh ] && . "${CIS_LIB_DIR}"/common.sh # shellcheck source=../lib/utils.sh -[ -r "$CIS_ROOT_DIR"/lib/utils.sh ] && . "$CIS_ROOT_DIR"/lib/utils.sh +[ -r "${CIS_LIB_DIR}"/utils.sh ] && . "${CIS_LIB_DIR}"/utils.sh # shellcheck source=constants.sh -[ -r "$CIS_ROOT_DIR"/lib/constants.sh ] && . "$CIS_ROOT_DIR"/lib/constants.sh +[ -r "${CIS_LIB_DIR}"/constants.sh ] && . "${CIS_LIB_DIR}"/constants.sh # Environment Sanitizing export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' @@ -59,7 +59,7 @@ while [[ $# -gt 0 ]]; do BATCH_MODE=1 LOGLEVEL=ok # shellcheck source=../lib/common.sh - [ -r "$CIS_ROOT_DIR"/lib/common.sh ] && . "$CIS_ROOT_DIR"/lib/common.sh + [ -r "${CIS_LIB_DIR}"/common.sh ] && . "${CIS_LIB_DIR}"/common.sh ;; *) debug "Unknown option passed" @@ -72,25 +72,25 @@ info "Working on $SCRIPT_NAME" info "[DESCRIPTION] $DESCRIPTION" # Source specific configuration file -if ! [ -r "$CIS_ROOT_DIR"/etc/conf.d/"$SCRIPT_NAME".cfg ]; then +if ! [ -r "${CIS_CONF_DIR}"/conf.d/"$SCRIPT_NAME".cfg ]; then # If it doesn't exist, create it with default values - echo "# Configuration for $SCRIPT_NAME, created from default values on $(date)" >"$CIS_ROOT_DIR"/etc/conf.d/"$SCRIPT_NAME".cfg + echo "# Configuration for $SCRIPT_NAME, created from default values on $(date)" >"${CIS_CONF_DIR}"/conf.d/"$SCRIPT_NAME".cfg # If create_config is a defined function, execute it. # Otherwise, just disable the test by default. if type -t create_config | grep -qw function; then - create_config >>"$CIS_ROOT_DIR"/etc/conf.d/"$SCRIPT_NAME".cfg + create_config >>"${CIS_CONF_DIR}"/conf.d/"$SCRIPT_NAME".cfg else - echo "status=audit" >>"$CIS_ROOT_DIR"/etc/conf.d/"$SCRIPT_NAME".cfg + echo "status=audit" >>"${CIS_CONF_DIR}"/conf.d/"$SCRIPT_NAME".cfg fi fi if [ "$forcedstatus" = "createconfig" ]; then - debug "$CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg has been created" + debug "${CIS_CONF_DIR}/conf.d/$SCRIPT_NAME.cfg has been created" exit 0 fi # shellcheck source=/dev/null -[ -r "$CIS_ROOT_DIR"/etc/conf.d/"$SCRIPT_NAME".cfg ] && . "$CIS_ROOT_DIR"/etc/conf.d/"$SCRIPT_NAME".cfg +[ -r "${CIS_CONF_DIR}"/conf.d/"$SCRIPT_NAME".cfg ] && . "${CIS_CONF_DIR}"/conf.d/"$SCRIPT_NAME".cfg # Now check configured value for status, and potential cmdline parameter if [ "$forcedstatus" = "auditall" ]; then diff --git a/src/skel b/src/skel index 74dd5ba9..595bbe33 100644 --- a/src/skel +++ b/src/skel @@ -32,18 +32,18 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "${CIS_LIB_DIR}" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is ${CIS_LIB_DIR} in /etc/default/cis-hardening" exit 128 fi diff --git a/tests/hardening/1.1.1.1_disable_freevxfs.sh b/tests/hardening/1.1.1.1_disable_freevxfs.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/1.1.1.1_disable_freevxfs.sh +++ b/tests/hardening/1.1.1.1_disable_freevxfs.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.2_disable_jffs2.sh b/tests/hardening/1.1.1.2_disable_jffs2.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/1.1.1.2_disable_jffs2.sh +++ b/tests/hardening/1.1.1.2_disable_jffs2.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.3_disable_hfs.sh b/tests/hardening/1.1.1.3_disable_hfs.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/1.1.1.3_disable_hfs.sh +++ b/tests/hardening/1.1.1.3_disable_hfs.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.4_disable_hfsplus.sh b/tests/hardening/1.1.1.4_disable_hfsplus.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/1.1.1.4_disable_hfsplus.sh +++ b/tests/hardening/1.1.1.4_disable_hfsplus.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.5_disable_squashfs.sh b/tests/hardening/1.1.1.5_disable_squashfs.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/1.1.1.5_disable_squashfs.sh +++ b/tests/hardening/1.1.1.5_disable_squashfs.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.6_disable_udf.sh b/tests/hardening/1.1.1.6_disable_udf.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/1.1.1.6_disable_udf.sh +++ b/tests/hardening/1.1.1.6_disable_udf.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.7_restrict_fat.sh b/tests/hardening/1.1.1.7_restrict_fat.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/1.1.1.7_restrict_fat.sh +++ b/tests/hardening/1.1.1.7_restrict_fat.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.8_disable_cramfs.sh b/tests/hardening/1.1.1.8_disable_cramfs.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/1.1.1.8_disable_cramfs.sh +++ b/tests/hardening/1.1.1.8_disable_cramfs.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.10_var_tmp_noexec.sh b/tests/hardening/1.1.10_var_tmp_noexec.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.10_var_tmp_noexec.sh +++ b/tests/hardening/1.1.10_var_tmp_noexec.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.11.1_var_log_noexec.sh b/tests/hardening/1.1.11.1_var_log_noexec.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.11.1_var_log_noexec.sh +++ b/tests/hardening/1.1.11.1_var_log_noexec.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.11.2_var_log_nosuid.sh b/tests/hardening/1.1.11.2_var_log_nosuid.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.11.2_var_log_nosuid.sh +++ b/tests/hardening/1.1.11.2_var_log_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.11.3_var_log_nodev.sh b/tests/hardening/1.1.11.3_var_log_nodev.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.11.3_var_log_nodev.sh +++ b/tests/hardening/1.1.11.3_var_log_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.11_var_log_partition.sh b/tests/hardening/1.1.11_var_log_partition.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.11_var_log_partition.sh +++ b/tests/hardening/1.1.11_var_log_partition.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.12.1_var_log_audit_noexec.sh b/tests/hardening/1.1.12.1_var_log_audit_noexec.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.12.1_var_log_audit_noexec.sh +++ b/tests/hardening/1.1.12.1_var_log_audit_noexec.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.12.2_var_log_audit_nosuid.sh b/tests/hardening/1.1.12.2_var_log_audit_nosuid.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.12.2_var_log_audit_nosuid.sh +++ b/tests/hardening/1.1.12.2_var_log_audit_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.12.3_var_log_audit_nodev.sh b/tests/hardening/1.1.12.3_var_log_audit_nodev.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.12.3_var_log_audit_nodev.sh +++ b/tests/hardening/1.1.12.3_var_log_audit_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.12_var_log_audit_partition.sh b/tests/hardening/1.1.12_var_log_audit_partition.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.12_var_log_audit_partition.sh +++ b/tests/hardening/1.1.12_var_log_audit_partition.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.13_home_partition.sh b/tests/hardening/1.1.13_home_partition.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.13_home_partition.sh +++ b/tests/hardening/1.1.13_home_partition.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.14.1_home_nosuid.sh b/tests/hardening/1.1.14.1_home_nosuid.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.14.1_home_nosuid.sh +++ b/tests/hardening/1.1.14.1_home_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.14_home_nodev.sh b/tests/hardening/1.1.14_home_nodev.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.14_home_nodev.sh +++ b/tests/hardening/1.1.14_home_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.15_run_shm_nodev.sh b/tests/hardening/1.1.15_run_shm_nodev.sh index 59edddb6..6106ad3b 100644 --- a/tests/hardening/1.1.15_run_shm_nodev.sh +++ b/tests/hardening/1.1.15_run_shm_nodev.sh @@ -4,19 +4,19 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ln -s /dev/shm /run/shm describe Partition symlink register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo "dummy entry" >>/etc/fstab describe Fstab with a real entry to match runtime partitions register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup rm /run/shm diff --git a/tests/hardening/1.1.16_run_shm_nosuid.sh b/tests/hardening/1.1.16_run_shm_nosuid.sh index 59edddb6..6106ad3b 100644 --- a/tests/hardening/1.1.16_run_shm_nosuid.sh +++ b/tests/hardening/1.1.16_run_shm_nosuid.sh @@ -4,19 +4,19 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ln -s /dev/shm /run/shm describe Partition symlink register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo "dummy entry" >>/etc/fstab describe Fstab with a real entry to match runtime partitions register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup rm /run/shm diff --git a/tests/hardening/1.1.17_run_shm_noexec.sh b/tests/hardening/1.1.17_run_shm_noexec.sh index 59edddb6..6106ad3b 100644 --- a/tests/hardening/1.1.17_run_shm_noexec.sh +++ b/tests/hardening/1.1.17_run_shm_noexec.sh @@ -4,19 +4,19 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ln -s /dev/shm /run/shm describe Partition symlink register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo "dummy entry" >>/etc/fstab describe Fstab with a real entry to match runtime partitions register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup rm /run/shm diff --git a/tests/hardening/1.1.18_removable_device_nodev.sh b/tests/hardening/1.1.18_removable_device_nodev.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.18_removable_device_nodev.sh +++ b/tests/hardening/1.1.18_removable_device_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.19_removable_device_nosuid.sh b/tests/hardening/1.1.19_removable_device_nosuid.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.19_removable_device_nosuid.sh +++ b/tests/hardening/1.1.19_removable_device_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.20_removable_device_noexec.sh b/tests/hardening/1.1.20_removable_device_noexec.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.20_removable_device_noexec.sh +++ b/tests/hardening/1.1.20_removable_device_noexec.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.21_sticky_bit_world_writable_folder.sh b/tests/hardening/1.1.21_sticky_bit_world_writable_folder.sh index 601fe15a..cda95d27 100644 --- a/tests/hardening/1.1.21_sticky_bit_world_writable_folder.sh +++ b/tests/hardening/1.1.21_sticky_bit_world_writable_folder.sh @@ -3,9 +3,9 @@ test_audit() { describe Running void to generate the conf file that will later be edited # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true + "${CIS_CHECKS_DIR}/${script}.sh" || true # shellcheck disable=2016 - echo 'EXCEPTIONS="$EXCEPTIONS /home/secaudit/exception"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTIONS="$EXCEPTIONS /home/secaudit/exception"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" mkdir /home/secaudit/exception chmod 777 /home/secaudit/exception @@ -13,7 +13,7 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "All world writable directories have a sticky bit" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing local targetdir="/home/secaudit/world_writable_folder" @@ -21,21 +21,21 @@ test_audit() { chmod 777 "$targetdir" register_test retvalshouldbe 1 register_test contain "Some world writable directories are not on sticky bit mode" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests failing with find ignore flag - echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" register_test retvalshouldbe 1 register_test contain "Some world writable directories are not on sticky bit mode" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "All world writable directories have a sticky bit" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/1.1.22_disable_automounting.sh b/tests/hardening/1.1.22_disable_automounting.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.22_disable_automounting.sh +++ b/tests/hardening/1.1.22_disable_automounting.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.23_disable_usb_storage.sh b/tests/hardening/1.1.23_disable_usb_storage.sh index a576fcb8..eb942043 100644 --- a/tests/hardening/1.1.23_disable_usb_storage.sh +++ b/tests/hardening/1.1.23_disable_usb_storage.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.2_tmp_partition.sh b/tests/hardening/1.1.2_tmp_partition.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.2_tmp_partition.sh +++ b/tests/hardening/1.1.2_tmp_partition.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.3_tmp_nodev.sh b/tests/hardening/1.1.3_tmp_nodev.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.3_tmp_nodev.sh +++ b/tests/hardening/1.1.3_tmp_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.4_tmp_nosuid.sh b/tests/hardening/1.1.4_tmp_nosuid.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.4_tmp_nosuid.sh +++ b/tests/hardening/1.1.4_tmp_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.5_tmp_noexec.sh b/tests/hardening/1.1.5_tmp_noexec.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.5_tmp_noexec.sh +++ b/tests/hardening/1.1.5_tmp_noexec.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.6.1_var_nodev.sh b/tests/hardening/1.1.6.1_var_nodev.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.6.1_var_nodev.sh +++ b/tests/hardening/1.1.6.1_var_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.6.2_var_nosuid.sh b/tests/hardening/1.1.6.2_var_nosuid.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.6.2_var_nosuid.sh +++ b/tests/hardening/1.1.6.2_var_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.6_var_partition.sh b/tests/hardening/1.1.6_var_partition.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.6_var_partition.sh +++ b/tests/hardening/1.1.6_var_partition.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.7_var_tmp_partition.sh b/tests/hardening/1.1.7_var_tmp_partition.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.7_var_tmp_partition.sh +++ b/tests/hardening/1.1.7_var_tmp_partition.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.8_var_tmp_nodev.sh b/tests/hardening/1.1.8_var_tmp_nodev.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.8_var_tmp_nodev.sh +++ b/tests/hardening/1.1.8_var_tmp_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.9_var_tmp_nosuid.sh b/tests/hardening/1.1.9_var_tmp_nosuid.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.1.9_var_tmp_nosuid.sh +++ b/tests/hardening/1.1.9_var_tmp_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.3.1_install_sudo.sh b/tests/hardening/1.3.1_install_sudo.sh index 38538e13..27b4b81a 100644 --- a/tests/hardening/1.3.1_install_sudo.sh +++ b/tests/hardening/1.3.1_install_sudo.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "sudo is installed" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/1.3.2_pty_sudo.sh b/tests/hardening/1.3.2_pty_sudo.sh index 2827308f..25d36492 100644 --- a/tests/hardening/1.3.2_pty_sudo.sh +++ b/tests/hardening/1.3.2_pty_sudo.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "Defaults use_pty found in sudoers file" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/1.3.3_logfile_sudo.sh b/tests/hardening/1.3.3_logfile_sudo.sh index 033e80c4..4eb653a3 100644 --- a/tests/hardening/1.3.3_logfile_sudo.sh +++ b/tests/hardening/1.3.3_logfile_sudo.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "Defaults log file found in sudoers file" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/1.4.1_install_tripwire.sh b/tests/hardening/1.4.1_install_tripwire.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.4.1_install_tripwire.sh +++ b/tests/hardening/1.4.1_install_tripwire.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.4.2_tripwire_cron.sh b/tests/hardening/1.4.2_tripwire_cron.sh index d21be3d5..6cf550e9 100644 --- a/tests/hardening/1.4.2_tripwire_cron.sh +++ b/tests/hardening/1.4.2_tripwire_cron.sh @@ -4,12 +4,12 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 1 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking auto resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/1.5.1_bootloader_ownership.sh b/tests/hardening/1.5.1_bootloader_ownership.sh index af007f7f..f92d5f1b 100644 --- a/tests/hardening/1.5.1_bootloader_ownership.sh +++ b/tests/hardening/1.5.1_bootloader_ownership.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/1.5.2_bootloader_password.sh b/tests/hardening/1.5.2_bootloader_password.sh index af007f7f..f92d5f1b 100644 --- a/tests/hardening/1.5.2_bootloader_password.sh +++ b/tests/hardening/1.5.2_bootloader_password.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/1.5.3_root_password.sh b/tests/hardening/1.5.3_root_password.sh index af007f7f..f92d5f1b 100644 --- a/tests/hardening/1.5.3_root_password.sh +++ b/tests/hardening/1.5.3_root_password.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/1.6.1_enable_nx_support.sh b/tests/hardening/1.6.1_enable_nx_support.sh index af007f7f..f92d5f1b 100644 --- a/tests/hardening/1.6.1_enable_nx_support.sh +++ b/tests/hardening/1.6.1_enable_nx_support.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/1.6.2_enable_randomized_vm_placement.sh b/tests/hardening/1.6.2_enable_randomized_vm_placement.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.6.2_enable_randomized_vm_placement.sh +++ b/tests/hardening/1.6.2_enable_randomized_vm_placement.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.6.3.1_disable_apport.sh b/tests/hardening/1.6.3.1_disable_apport.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.6.3.1_disable_apport.sh +++ b/tests/hardening/1.6.3.1_disable_apport.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.6.3_disable_prelink.sh b/tests/hardening/1.6.3_disable_prelink.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.6.3_disable_prelink.sh +++ b/tests/hardening/1.6.3_disable_prelink.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.6.4_restrict_core_dumps.sh b/tests/hardening/1.6.4_restrict_core_dumps.sh index 43c52990..a2698947 100644 --- a/tests/hardening/1.6.4_restrict_core_dumps.sh +++ b/tests/hardening/1.6.4_restrict_core_dumps.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/1.7.1.1_install_apparmor.sh b/tests/hardening/1.7.1.1_install_apparmor.sh index 818f94a3..2447dbf3 100644 --- a/tests/hardening/1.7.1.1_install_apparmor.sh +++ b/tests/hardening/1.7.1.1_install_apparmor.sh @@ -8,15 +8,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "is installed" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/1.7.1.2_enable_apparmor.sh b/tests/hardening/1.7.1.2_enable_apparmor.sh index 2d3c5849..19e24a10 100644 --- a/tests/hardening/1.7.1.2_enable_apparmor.sh +++ b/tests/hardening/1.7.1.2_enable_apparmor.sh @@ -8,15 +8,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "are configured" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/1.7.1.3_enforce_or_complain_apparmor.sh b/tests/hardening/1.7.1.3_enforce_or_complain_apparmor.sh index 6f9b7309..5f7d28ed 100644 --- a/tests/hardening/1.7.1.3_enforce_or_complain_apparmor.sh +++ b/tests/hardening/1.7.1.3_enforce_or_complain_apparmor.sh @@ -8,15 +8,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No profiles are unconfined" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/1.7.1.4_enforcing_apparmor.sh b/tests/hardening/1.7.1.4_enforcing_apparmor.sh index 6f9b7309..5f7d28ed 100644 --- a/tests/hardening/1.7.1.4_enforcing_apparmor.sh +++ b/tests/hardening/1.7.1.4_enforcing_apparmor.sh @@ -8,15 +8,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No profiles are unconfined" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/1.8.1.1_remove_os_info_motd.sh b/tests/hardening/1.8.1.1_remove_os_info_motd.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/1.8.1.1_remove_os_info_motd.sh +++ b/tests/hardening/1.8.1.1_remove_os_info_motd.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/1.8.1.2_remove_os_info_issue.sh b/tests/hardening/1.8.1.2_remove_os_info_issue.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/1.8.1.2_remove_os_info_issue.sh +++ b/tests/hardening/1.8.1.2_remove_os_info_issue.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/1.8.1.3_remove_os_info_issue_net.sh b/tests/hardening/1.8.1.3_remove_os_info_issue_net.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/1.8.1.3_remove_os_info_issue_net.sh +++ b/tests/hardening/1.8.1.3_remove_os_info_issue_net.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/1.8.1.4_motd_perms.sh b/tests/hardening/1.8.1.4_motd_perms.sh index 7b0cf63f..ebfc47b3 100644 --- a/tests/hardening/1.8.1.4_motd_perms.sh +++ b/tests/hardening/1.8.1.4_motd_perms.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="motd-user" local test_file="/etc/motd" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/1.8.1.5_etc_issue_perms.sh b/tests/hardening/1.8.1.5_etc_issue_perms.sh index 4ad468cb..a5745a0c 100644 --- a/tests/hardening/1.8.1.5_etc_issue_perms.sh +++ b/tests/hardening/1.8.1.5_etc_issue_perms.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="issue-user" local test_file="/etc/issue" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/1.8.1.6_etc_issue_net_perms.sh b/tests/hardening/1.8.1.6_etc_issue_net_perms.sh index d1e0c6f0..ba9b6f0d 100644 --- a/tests/hardening/1.8.1.6_etc_issue_net_perms.sh +++ b/tests/hardening/1.8.1.6_etc_issue_net_perms.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="issue-net-user" local test_file="/etc/issue.net" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/1.8.2_graphical_warning_banners.sh b/tests/hardening/1.8.2_graphical_warning_banners.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/1.8.2_graphical_warning_banners.sh +++ b/tests/hardening/1.8.2_graphical_warning_banners.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/1.9_install_updates.sh b/tests/hardening/1.9_install_updates.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/1.9_install_updates.sh +++ b/tests/hardening/1.9_install_updates.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.1.1_disable_xinetd.sh b/tests/hardening/2.1.1_disable_xinetd.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.1.1_disable_xinetd.sh +++ b/tests/hardening/2.1.1_disable_xinetd.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.1.1_use_time_sync.sh b/tests/hardening/2.2.1.1_use_time_sync.sh index 6c32584d..dc32b030 100644 --- a/tests/hardening/2.2.1.1_use_time_sync.sh +++ b/tests/hardening/2.2.1.1_use_time_sync.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 1 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation apt-get update @@ -15,5 +15,5 @@ test_audit() { describe Checking resolved state register_test retvalshouldbe 0 register_test contain "Time synchronization is available through" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/2.2.1.2_configure_systemd-timesyncd.sh b/tests/hardening/2.2.1.2_configure_systemd-timesyncd.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/2.2.1.2_configure_systemd-timesyncd.sh +++ b/tests/hardening/2.2.1.2_configure_systemd-timesyncd.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/2.2.1.3_configure_chrony.sh b/tests/hardening/2.2.1.3_configure_chrony.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/2.2.1.3_configure_chrony.sh +++ b/tests/hardening/2.2.1.3_configure_chrony.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/2.2.1.4_configure_ntp.sh b/tests/hardening/2.2.1.4_configure_ntp.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/2.2.1.4_configure_ntp.sh +++ b/tests/hardening/2.2.1.4_configure_ntp.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/2.2.10_disable_http_server.sh b/tests/hardening/2.2.10_disable_http_server.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.10_disable_http_server.sh +++ b/tests/hardening/2.2.10_disable_http_server.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.11_disable_imap_pop.sh b/tests/hardening/2.2.11_disable_imap_pop.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.11_disable_imap_pop.sh +++ b/tests/hardening/2.2.11_disable_imap_pop.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.12_disable_samba.sh b/tests/hardening/2.2.12_disable_samba.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.12_disable_samba.sh +++ b/tests/hardening/2.2.12_disable_samba.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.13_disable_http_proxy.sh b/tests/hardening/2.2.13_disable_http_proxy.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.13_disable_http_proxy.sh +++ b/tests/hardening/2.2.13_disable_http_proxy.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.14_disable_snmp_server.sh b/tests/hardening/2.2.14_disable_snmp_server.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.14_disable_snmp_server.sh +++ b/tests/hardening/2.2.14_disable_snmp_server.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.15_mta_localhost.sh b/tests/hardening/2.2.15_mta_localhost.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/2.2.15_mta_localhost.sh +++ b/tests/hardening/2.2.15_mta_localhost.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/2.2.16_disable_rsync.sh b/tests/hardening/2.2.16_disable_rsync.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/2.2.16_disable_rsync.sh +++ b/tests/hardening/2.2.16_disable_rsync.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/2.2.17_disable_nis.sh b/tests/hardening/2.2.17_disable_nis.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.17_disable_nis.sh +++ b/tests/hardening/2.2.17_disable_nis.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.2_disable_xwindow_system.sh b/tests/hardening/2.2.2_disable_xwindow_system.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.2_disable_xwindow_system.sh +++ b/tests/hardening/2.2.2_disable_xwindow_system.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.3_disable_avahi_server.sh b/tests/hardening/2.2.3_disable_avahi_server.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.3_disable_avahi_server.sh +++ b/tests/hardening/2.2.3_disable_avahi_server.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.4_disable_print_server.sh b/tests/hardening/2.2.4_disable_print_server.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.4_disable_print_server.sh +++ b/tests/hardening/2.2.4_disable_print_server.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.5_disable_dhcp.sh b/tests/hardening/2.2.5_disable_dhcp.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.5_disable_dhcp.sh +++ b/tests/hardening/2.2.5_disable_dhcp.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.6_disable_ldap.sh b/tests/hardening/2.2.6_disable_ldap.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.6_disable_ldap.sh +++ b/tests/hardening/2.2.6_disable_ldap.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.7_disable_nfs_rpc.sh b/tests/hardening/2.2.7_disable_nfs_rpc.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.7_disable_nfs_rpc.sh +++ b/tests/hardening/2.2.7_disable_nfs_rpc.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.8_disable_dns_server.sh b/tests/hardening/2.2.8_disable_dns_server.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.8_disable_dns_server.sh +++ b/tests/hardening/2.2.8_disable_dns_server.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.9_disable_ftp.sh b/tests/hardening/2.2.9_disable_ftp.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.2.9_disable_ftp.sh +++ b/tests/hardening/2.2.9_disable_ftp.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.3.1_disable_nis.sh b/tests/hardening/2.3.1_disable_nis.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.3.1_disable_nis.sh +++ b/tests/hardening/2.3.1_disable_nis.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.3.2_disable_rsh_client.sh b/tests/hardening/2.3.2_disable_rsh_client.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.3.2_disable_rsh_client.sh +++ b/tests/hardening/2.3.2_disable_rsh_client.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.3.3_disable_talk_client.sh b/tests/hardening/2.3.3_disable_talk_client.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.3.3_disable_talk_client.sh +++ b/tests/hardening/2.3.3_disable_talk_client.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.3.4_disable_telnet_client.sh b/tests/hardening/2.3.4_disable_telnet_client.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.3.4_disable_telnet_client.sh +++ b/tests/hardening/2.3.4_disable_telnet_client.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.3.5_disable_ldap_client.sh b/tests/hardening/2.3.5_disable_ldap_client.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/2.3.5_disable_ldap_client.sh +++ b/tests/hardening/2.3.5_disable_ldap_client.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/3.1.1_disable_ipv6.sh b/tests/hardening/3.1.1_disable_ipv6.sh index 78c6caff..bce07352 100644 --- a/tests/hardening/3.1.1_disable_ipv6.sh +++ b/tests/hardening/3.1.1_disable_ipv6.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -14,16 +14,16 @@ test_audit() { sysctl -w net.ipv6.conf.all.disable_ipv6=0 2>/dev/null register_test retvalshouldbe 1 register_test contain "net.ipv6.conf.all.disable_ipv6 was not set to 1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 1" register_test contain "net.ipv6.conf.all.disable_ipv6 correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.1.2_disable_wireless.sh b/tests/hardening/3.1.2_disable_wireless.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/3.1.2_disable_wireless.sh +++ b/tests/hardening/3.1.2_disable_wireless.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/3.2.1_disable_send_packet_redirects.sh b/tests/hardening/3.2.1_disable_send_packet_redirects.sh index 9c90955a..30b5ff5e 100644 --- a/tests/hardening/3.2.1_disable_send_packet_redirects.sh +++ b/tests/hardening/3.2.1_disable_send_packet_redirects.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -14,16 +14,16 @@ test_audit() { sysctl -w net.ipv4.conf.all.send_redirects=1 2>/dev/null register_test retvalshouldbe 1 register_test contain "net.ipv4.conf.all.send_redirects was not set to 0" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 0" register_test contain "net.ipv4.conf.all.send_redirects correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.2.2_disable_ip_forwarding.sh b/tests/hardening/3.2.2_disable_ip_forwarding.sh index c3080951..a4e3af0d 100644 --- a/tests/hardening/3.2.2_disable_ip_forwarding.sh +++ b/tests/hardening/3.2.2_disable_ip_forwarding.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -14,16 +14,16 @@ test_audit() { sysctl -w net.ipv4.ip_forward=1 2>/dev/null register_test retvalshouldbe 1 register_test contain "net.ipv4.ip_forward was not set to 0" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 0" register_test contain "net.ipv4.ip_forward correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.1_disable_source_routed_packets.sh b/tests/hardening/3.3.1_disable_source_routed_packets.sh index ba30f84d..22d560c5 100644 --- a/tests/hardening/3.3.1_disable_source_routed_packets.sh +++ b/tests/hardening/3.3.1_disable_source_routed_packets.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -18,11 +18,11 @@ test_audit() { register_test contain "net.ipv6.conf.all.accept_source_route was not set to 0" register_test contain "net.ipv6.conf.default.accept_source was not set to 0" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 @@ -31,6 +31,6 @@ test_audit() { register_test contain "net.ipv4.conf.default.accept_source_route correctly set to 0" register_test contain "net.ipv6.conf.all.accept_source_route correctly set to 0" register_test contain "net.ipv6.conf.default.accept_source correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.2_disable_icmp_redirect.sh b/tests/hardening/3.3.2_disable_icmp_redirect.sh index c83cbaa5..141de9ac 100644 --- a/tests/hardening/3.3.2_disable_icmp_redirect.sh +++ b/tests/hardening/3.3.2_disable_icmp_redirect.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -18,11 +18,11 @@ test_audit() { register_test contain "net.ipv6.conf.all.accept_redirects was not set to 0" register_test contain "net.ipv6.conf.default.accept_redirects was not set to 0" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 @@ -31,6 +31,6 @@ test_audit() { register_test contain "net.ipv4.conf.default.accept_redirects correctly set to 0" register_test contain "net.ipv6.conf.all.accept_redirects correctly set to 0" register_test contain "net.ipv6.conf.default.accept_redirects correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.3_disable_secure_icmp_redirect.sh b/tests/hardening/3.3.3_disable_secure_icmp_redirect.sh index 688137aa..ad0428ed 100644 --- a/tests/hardening/3.3.3_disable_secure_icmp_redirect.sh +++ b/tests/hardening/3.3.3_disable_secure_icmp_redirect.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -16,17 +16,17 @@ test_audit() { register_test contain "net.ipv4.conf.all.secure_redirects was not set to 0" register_test contain "net.ipv4.conf.default.secure_redirects=0 was not set to 0" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 0" register_test contain "net.ipv4.conf.all.secure_redirects correctly set to 0" register_test contain "net.ipv4.conf.default.secure_redirects correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.4_log_martian_packets.sh b/tests/hardening/3.3.4_log_martian_packets.sh index 4dbbafe6..ed1c4e0f 100644 --- a/tests/hardening/3.3.4_log_martian_packets.sh +++ b/tests/hardening/3.3.4_log_martian_packets.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -16,17 +16,17 @@ test_audit() { register_test contain "net.ipv4.conf.all.log_martians was not set to 1" register_test contain "net.ipv4.conf.default.log_martians was not set to 1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 1" register_test contain "net.ipv4.conf.all.log_martians correctly set to 1" register_test contain " net.ipv4.conf.default.log_martians correctly set to 1" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.5_ignore_broadcast_requests.sh b/tests/hardening/3.3.5_ignore_broadcast_requests.sh index a88ac4ad..cf68080c 100644 --- a/tests/hardening/3.3.5_ignore_broadcast_requests.sh +++ b/tests/hardening/3.3.5_ignore_broadcast_requests.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -15,16 +15,16 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "net.ipv4.icmp_echo_ignore_broadcasts was not set to 1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 1" register_test contain "net.ipv4.icmp_echo_ignore_broadcasts correctly set to 1" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.6_enable_bad_error_message_protection.sh b/tests/hardening/3.3.6_enable_bad_error_message_protection.sh index 1aa17eb9..d08f59ee 100644 --- a/tests/hardening/3.3.6_enable_bad_error_message_protection.sh +++ b/tests/hardening/3.3.6_enable_bad_error_message_protection.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -15,16 +15,16 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "net.ipv4.icmp_ignore_bogus_error_responses was not set to 1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 0" register_test contain "net.ipv4.icmp_ignore_bogus_error_responses correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.7_enable_source_route_validation.sh b/tests/hardening/3.3.7_enable_source_route_validation.sh index 16c04d7d..254d060b 100644 --- a/tests/hardening/3.3.7_enable_source_route_validation.sh +++ b/tests/hardening/3.3.7_enable_source_route_validation.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -16,17 +16,17 @@ test_audit() { register_test contain "net.ipv4.conf.all.rp_filter was not set to 1" register_test contain "net.ipv4.conf.default.rp_filter was not set to 1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 1" register_test contain "net.ipv4.conf.all.rp_filter correctly set to 1" register_test contain "net.ipv4.conf.default.rp_filter correctly set to 1" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.8_enable_tcp_syn_cookies.sh b/tests/hardening/3.3.8_enable_tcp_syn_cookies.sh index a45c03de..7561c20f 100644 --- a/tests/hardening/3.3.8_enable_tcp_syn_cookies.sh +++ b/tests/hardening/3.3.8_enable_tcp_syn_cookies.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -15,17 +15,17 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "net.ipv4.tcp_syncookies was not set to 1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 1" register_test contain "net.ipv4.tcp_syncookies correctly set to 1" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.9_disable_ipv6_router_advertisement.sh b/tests/hardening/3.3.9_disable_ipv6_router_advertisement.sh index f424d6e8..24740e7b 100644 --- a/tests/hardening/3.3.9_disable_ipv6_router_advertisement.sh +++ b/tests/hardening/3.3.9_disable_ipv6_router_advertisement.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -16,17 +16,17 @@ test_audit() { register_test contain " net.ipv6.conf.all.accept_ra was not set to 0" register_test contain "net.ipv6.conf.default.accept_ra was not set to 0" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 0" register_test contain "net.ipv6.conf.all.accept_ra correctly set to 0" register_test contain "net.ipv6.conf.default.accept_ra correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.4.1_disable_dccp.sh b/tests/hardening/3.4.1_disable_dccp.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/3.4.1_disable_dccp.sh +++ b/tests/hardening/3.4.1_disable_dccp.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/3.4.2_disable_sctp.sh b/tests/hardening/3.4.2_disable_sctp.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/3.4.2_disable_sctp.sh +++ b/tests/hardening/3.4.2_disable_sctp.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/3.4.3_disable_rds.sh b/tests/hardening/3.4.3_disable_rds.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/3.4.3_disable_rds.sh +++ b/tests/hardening/3.4.3_disable_rds.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/3.4.4_disable_tipc.sh b/tests/hardening/3.4.4_disable_tipc.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/3.4.4_disable_tipc.sh +++ b/tests/hardening/3.4.4_disable_tipc.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/3.5.1.1_enable_firewall.sh b/tests/hardening/3.5.1.1_enable_firewall.sh index 02985c79..74aab48c 100644 --- a/tests/hardening/3.5.1.1_enable_firewall.sh +++ b/tests/hardening/3.5.1.1_enable_firewall.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 1 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation apt-get update @@ -14,6 +14,6 @@ test_audit() { describe Checking resolved state register_test retvalshouldbe 0 register_test contain "provides firewalling feature" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh b/tests/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh index 81d5b79c..1a74fc09 100644 --- a/tests/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh +++ b/tests/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh @@ -5,6 +5,6 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # Do not run any check, iptables do not work in a docker - #run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + #run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/4.1.1.1_install_auditd.sh b/tests/hardening/4.1.1.1_install_auditd.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/4.1.1.1_install_auditd.sh +++ b/tests/hardening/4.1.1.1_install_auditd.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/4.1.1.2_enable_auditd.sh b/tests/hardening/4.1.1.2_enable_auditd.sh index a88d6ccd..421b1cef 100644 --- a/tests/hardening/4.1.1.2_enable_auditd.sh +++ b/tests/hardening/4.1.1.2_enable_auditd.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] auditd is enabled" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.1.3_audit_bootloader.sh b/tests/hardening/4.1.1.3_audit_bootloader.sh index af007f7f..f92d5f1b 100644 --- a/tests/hardening/4.1.1.3_audit_bootloader.sh +++ b/tests/hardening/4.1.1.3_audit_bootloader.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/4.1.1.4_audit_backlog_limit.sh b/tests/hardening/4.1.1.4_audit_backlog_limit.sh index af007f7f..f92d5f1b 100644 --- a/tests/hardening/4.1.1.4_audit_backlog_limit.sh +++ b/tests/hardening/4.1.1.4_audit_backlog_limit.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/4.1.10_record_failed_access_file.sh b/tests/hardening/4.1.10_record_failed_access_file.sh index 75adaafb..f42bbc46 100644 --- a/tests/hardening/4.1.10_record_failed_access_file.sh +++ b/tests/hardening/4.1.10_record_failed_access_file.sh @@ -5,11 +5,11 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -18,5 +18,5 @@ test_audit() { register_test contain "[ OK ] -a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k access is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k access is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.11_record_privileged_commands.sh b/tests/hardening/4.1.11_record_privileged_commands.sh index f189e40b..c3780e8a 100644 --- a/tests/hardening/4.1.11_record_privileged_commands.sh +++ b/tests/hardening/4.1.11_record_privileged_commands.sh @@ -5,13 +5,13 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.12_record_successful_mount.sh b/tests/hardening/4.1.12_record_successful_mount.sh index 60fb5615..de682bf6 100644 --- a/tests/hardening/4.1.12_record_successful_mount.sh +++ b/tests/hardening/4.1.12_record_successful_mount.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=4294967295 -k mounts is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=4294967295 -k mounts is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.13_record_file_deletions.sh b/tests/hardening/4.1.13_record_file_deletions.sh index 0d0abde1..43e08950 100644 --- a/tests/hardening/4.1.13_record_file_deletions.sh +++ b/tests/hardening/4.1.13_record_file_deletions.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=4294967295 -k delete is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=4294967295 -k delete is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.14_record_sudoers_edit.sh b/tests/hardening/4.1.14_record_sudoers_edit.sh index 6507a58a..c454b251 100644 --- a/tests/hardening/4.1.14_record_sudoers_edit.sh +++ b/tests/hardening/4.1.14_record_sudoers_edit.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -w /etc/sudoers -p wa -k sudoers is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /etc/sudoers.d/ -p wa -k sudoers is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.15_record_sudo_usage.sh b/tests/hardening/4.1.15_record_sudo_usage.sh index 58466754..aab6ea38 100644 --- a/tests/hardening/4.1.15_record_sudo_usage.sh +++ b/tests/hardening/4.1.15_record_sudo_usage.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -w /var/log/auth.log -p wa -k sudoaction is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.16_record_kernel_modules.sh b/tests/hardening/4.1.16_record_kernel_modules.sh index d8fdd8be..208384db 100644 --- a/tests/hardening/4.1.16_record_kernel_modules.sh +++ b/tests/hardening/4.1.16_record_kernel_modules.sh @@ -5,16 +5,16 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -w /sbin/rmmod -p x -k modules is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /sbin/modprobe -p x -k modules is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b64 -S init_module -S delete_module -k modules is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.17_freeze_auditd_conf.sh b/tests/hardening/4.1.17_freeze_auditd_conf.sh index 037dcc6f..1a920759 100644 --- a/tests/hardening/4.1.17_freeze_auditd_conf.sh +++ b/tests/hardening/4.1.17_freeze_auditd_conf.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -e 2 is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.2.1_audit_log_storage.sh b/tests/hardening/4.1.2.1_audit_log_storage.sh index f6927c9e..8aaab9f7 100644 --- a/tests/hardening/4.1.2.1_audit_log_storage.sh +++ b/tests/hardening/4.1.2.1_audit_log_storage.sh @@ -7,14 +7,14 @@ test_audit() { mkdir -p /etc/audit touch /etc/audit/auditd.conf # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] max_log_file is present in /etc/audit/auditd.conf" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.2.2_halt_when_audit_log_full.sh b/tests/hardening/4.1.2.2_halt_when_audit_log_full.sh index 2ca91748..0021ebc3 100644 --- a/tests/hardening/4.1.2.2_halt_when_audit_log_full.sh +++ b/tests/hardening/4.1.2.2_halt_when_audit_log_full.sh @@ -7,18 +7,18 @@ test_audit() { mkdir -p /etc/audit touch /etc/audit/auditd.conf # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" # to avoid error during auditd installation in 4.1.1.2, only necessary during tests - sed -i "s/OPTIONS='/OPTIONS='space_left=100 admin_space_left=50 /" /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i "s/OPTIONS='/OPTIONS='space_left=100 admin_space_left=50 /" "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^space_left_action[[:space:]]*=[[:space:]]*email is present in /etc/audit/auditd.conf" register_test contain "[ OK ] ^action_mail_acct[[:space:]]*=[[:space:]]*root is present in /etc/audit/auditd.conf" register_test contain "[ OK ] ^admin_space_left_action[[:space:]]*=[[:space:]]*halt is present in /etc/audit/auditd.conf" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.2.3_keep_all_audit_logs.sh b/tests/hardening/4.1.2.3_keep_all_audit_logs.sh index b85adcb7..e96d3678 100644 --- a/tests/hardening/4.1.2.3_keep_all_audit_logs.sh +++ b/tests/hardening/4.1.2.3_keep_all_audit_logs.sh @@ -7,14 +7,14 @@ test_audit() { mkdir -p /etc/audit touch /etc/audit/auditd.conf # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^max_log_file_action[[:space:]]*=[[:space:]]*keep_logs is present in /etc/audit/auditd.conf" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.3_record_date_time_edit.sh b/tests/hardening/4.1.3_record_date_time_edit.sh index 9f197a30..ae9273c9 100644 --- a/tests/hardening/4.1.3_record_date_time_edit.sh +++ b/tests/hardening/4.1.3_record_date_time_edit.sh @@ -5,11 +5,11 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -18,5 +18,5 @@ test_audit() { register_test contain "[ OK ] -a always,exit -F arch=b64 -S clock_settime -k time-change is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b32 -S clock_settime -k time-change is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /etc/localtime -p wa -k time-change is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.4_record_user_group_edit.sh b/tests/hardening/4.1.4_record_user_group_edit.sh index a3d95e16..3076e409 100644 --- a/tests/hardening/4.1.4_record_user_group_edit.sh +++ b/tests/hardening/4.1.4_record_user_group_edit.sh @@ -5,11 +5,11 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -18,5 +18,5 @@ test_audit() { register_test contain "[ OK ] -w /etc/gshadow -p wa -k identity is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /etc/shadow -p wa -k identity is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /etc/security/opasswd -p wa -k identity is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.5_record_network_edit.sh b/tests/hardening/4.1.5_record_network_edit.sh index 87a9bb81..3a42335e 100644 --- a/tests/hardening/4.1.5_record_network_edit.sh +++ b/tests/hardening/4.1.5_record_network_edit.sh @@ -5,11 +5,11 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -19,6 +19,6 @@ test_audit() { register_test contain "[ OK ] -w /etc/issue.net -p wa -k system-locale is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /etc/hosts -p wa -k system-locale is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /etc/network -p wa -k system-locale is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.6_record_mac_edit.sh b/tests/hardening/4.1.6_record_mac_edit.sh index fad193f6..b7b937ac 100644 --- a/tests/hardening/4.1.6_record_mac_edit.sh +++ b/tests/hardening/4.1.6_record_mac_edit.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -w /etc/selinux/ -p wa -k MAC-policy is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.7_record_login_logout.sh b/tests/hardening/4.1.7_record_login_logout.sh index 66def852..ae59d624 100644 --- a/tests/hardening/4.1.7_record_login_logout.sh +++ b/tests/hardening/4.1.7_record_login_logout.sh @@ -5,16 +5,16 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -w /var/log/faillog -p wa -k logins is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /var/log/lastlog -p wa -k logins is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /var/log/tallylog -p wa -k logins is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.8_record_session_init.sh b/tests/hardening/4.1.8_record_session_init.sh index 5526bead..5e4310ba 100644 --- a/tests/hardening/4.1.8_record_session_init.sh +++ b/tests/hardening/4.1.8_record_session_init.sh @@ -5,16 +5,16 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -w /var/run/utmp -p wa -k session is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /var/log/wtmp -p wa -k session is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /var/log/btmp -p wa -k session is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.9_record_dac_edit.sh b/tests/hardening/4.1.9_record_dac_edit.sh index c2362a4e..6f132b6b 100644 --- a/tests/hardening/4.1.9_record_dac_edit.sh +++ b/tests/hardening/4.1.9_record_dac_edit.sh @@ -5,11 +5,11 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -19,5 +19,5 @@ test_audit() { register_test contain "[ OK ] -a always,exit -F arch=b32 -S chown -S fchown -S fchownat -S lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.2.1.1_install_syslog-ng.sh b/tests/hardening/4.2.1.1_install_syslog-ng.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/4.2.1.1_install_syslog-ng.sh +++ b/tests/hardening/4.2.1.1_install_syslog-ng.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/4.2.1.2_enable_syslog-ng.sh b/tests/hardening/4.2.1.2_enable_syslog-ng.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/4.2.1.2_enable_syslog-ng.sh +++ b/tests/hardening/4.2.1.2_enable_syslog-ng.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/4.2.1.3_configure_syslog-ng.sh b/tests/hardening/4.2.1.3_configure_syslog-ng.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/4.2.1.3_configure_syslog-ng.sh +++ b/tests/hardening/4.2.1.3_configure_syslog-ng.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh b/tests/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh +++ b/tests/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/4.2.1.5_syslog-ng_remote_host.sh b/tests/hardening/4.2.1.5_syslog-ng_remote_host.sh index 21597079..d4b96146 100644 --- a/tests/hardening/4.2.1.5_syslog-ng_remote_host.sh +++ b/tests/hardening/4.2.1.5_syslog-ng_remote_host.sh @@ -5,7 +5,7 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 1 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all cp -a /etc/syslog-ng/syslog-ng.conf /tmp/syslog-ng.conf.bak @@ -14,7 +14,7 @@ test_audit() { describe Checking one line conf register_test retvalshouldbe 0 - run oneline /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run oneline "${CIS_CHECKS_DIR}/${script}.sh" --audit-all cp -a /tmp/syslog-ng.conf.bak /etc/syslog-ng/syslog-ng.conf cat >>/etc/syslog-ng/syslog-ng.conf </etc/logrotate.conf register_test retvalshouldbe 1 register_test contain "Logrotate permissions are not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "Logrotate permissions are well configured" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.1.1_enable_cron.sh b/tests/hardening/5.1.1_enable_cron.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/5.1.1_enable_cron.sh +++ b/tests/hardening/5.1.1_enable_cron.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/5.1.2_crontab_perm_ownership.sh b/tests/hardening/5.1.2_crontab_perm_ownership.sh index 15b29a94..f5d8aaae 100644 --- a/tests/hardening/5.1.2_crontab_perm_ownership.sh +++ b/tests/hardening/5.1.2_crontab_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabduser" local test_file="/etc/crontab" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.1.3_cron_hourly_perm_ownership.sh b/tests/hardening/5.1.3_cron_hourly_perm_ownership.sh index 89959d24..bb5cceda 100644 --- a/tests/hardening/5.1.3_cron_hourly_perm_ownership.sh +++ b/tests/hardening/5.1.3_cron_hourly_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabuser" local test_file="/etc/cron.hourly" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.1.4_cron_daily_perm_ownership.sh b/tests/hardening/5.1.4_cron_daily_perm_ownership.sh index f476bff4..26a934bc 100644 --- a/tests/hardening/5.1.4_cron_daily_perm_ownership.sh +++ b/tests/hardening/5.1.4_cron_daily_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabuser" local test_file="/etc/cron.daily" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.1.5_cron_weekly_perm_ownership.sh b/tests/hardening/5.1.5_cron_weekly_perm_ownership.sh index cae04330..f334e49c 100644 --- a/tests/hardening/5.1.5_cron_weekly_perm_ownership.sh +++ b/tests/hardening/5.1.5_cron_weekly_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabuser" local test_file="/etc/cron.weekly" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.1.6_cron_monthly_perm_ownership.sh b/tests/hardening/5.1.6_cron_monthly_perm_ownership.sh index 8eb04883..113a9f74 100644 --- a/tests/hardening/5.1.6_cron_monthly_perm_ownership.sh +++ b/tests/hardening/5.1.6_cron_monthly_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabuser" local test_file="/etc/cron.monthly" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.1.7_cron_d_perm_ownership.sh b/tests/hardening/5.1.7_cron_d_perm_ownership.sh index c8fc1e48..b995548b 100644 --- a/tests/hardening/5.1.7_cron_d_perm_ownership.sh +++ b/tests/hardening/5.1.7_cron_d_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabuser" local test_file="/etc/cron.d" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.1.8_cron_users.sh b/tests/hardening/5.1.8_cron_users.sh index d54abc5d..2aca7576 100644 --- a/tests/hardening/5.1.8_cron_users.sh +++ b/tests/hardening/5.1.8_cron_users.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabduser" @@ -14,11 +14,11 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "/etc/cron.deny exists" register_test contain "/etc/at.deny exists" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true touch /etc/cron.allow /etc/at.allow describe Tests purposely failing @@ -28,12 +28,12 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "/etc/cron.allow ownership was not set to" register_test contain "/etc/at.allow ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all userdel "$test_user" describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" @@ -42,12 +42,12 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "/etc/cron.allow permissions were not set to" register_test contain "/etc/at.allow permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all userdel "$test_user" describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 @@ -55,6 +55,6 @@ test_audit() { register_test contain "/etc/cron.allow has correct ownership" register_test contain "/etc/at.allow has correct permissions" register_test contain "/etc/at.allow has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.10_disable_root_login.sh b/tests/hardening/5.2.10_disable_root_login.sh index 0e523e63..0070772d 100644 --- a/tests/hardening/5.2.10_disable_root_login.sh +++ b/tests/hardening/5.2.10_disable_root_login.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^PermitRootLogin[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh b/tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh index 06313d97..33b7aa0a 100644 --- a/tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh +++ b/tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^PermitEmptyPasswords[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.12_disable_sshd_setenv.sh b/tests/hardening/5.2.12_disable_sshd_setenv.sh index bd2e5d6a..09b60266 100644 --- a/tests/hardening/5.2.12_disable_sshd_setenv.sh +++ b/tests/hardening/5.2.12_disable_sshd_setenv.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^PermitUserEnvironment[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.13_sshd_ciphers.sh b/tests/hardening/5.2.13_sshd_ciphers.sh index 3a5030be..0777ebfa 100644 --- a/tests/hardening/5.2.13_sshd_ciphers.sh +++ b/tests/hardening/5.2.13_sshd_ciphers.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^Ciphers[[:space:]]*chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.14_ssh_cry_mac.sh b/tests/hardening/5.2.14_ssh_cry_mac.sh index 585282d7..30e97ae3 100644 --- a/tests/hardening/5.2.14_ssh_cry_mac.sh +++ b/tests/hardening/5.2.14_ssh_cry_mac.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^MACs[[:space:]]*hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.15_ssh_cry_kex.sh b/tests/hardening/5.2.15_ssh_cry_kex.sh index aa33d698..e20448e6 100644 --- a/tests/hardening/5.2.15_ssh_cry_kex.sh +++ b/tests/hardening/5.2.15_ssh_cry_kex.sh @@ -5,25 +5,25 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true cp -a /etc/ssh/sshd_config /tmp/sshd_config.bak describe Change case of config line sed -i 's/\(KexAlgorithms\)/\U\1/' /etc/ssh/sshd_config register_test retvalshouldbe 0 - run uppercase /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run uppercase "${CIS_CHECKS_DIR}/${script}.sh" --audit-all mv /tmp/sshd_config.bak /etc/ssh/sshd_config describe Checking resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.16_sshd_idle_timeout.sh b/tests/hardening/5.2.16_sshd_idle_timeout.sh index efc38779..8242622f 100644 --- a/tests/hardening/5.2.16_sshd_idle_timeout.sh +++ b/tests/hardening/5.2.16_sshd_idle_timeout.sh @@ -5,19 +5,19 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^ClientAliveInterval[[:space:]]*300 is present in /etc/ssh/sshd_config" register_test contain "[ OK ] ^ClientAliveCountMax[[:space:]]*0 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.17_sshd_login_grace_time.sh b/tests/hardening/5.2.17_sshd_login_grace_time.sh index 5b326baa..66616ac0 100644 --- a/tests/hardening/5.2.17_sshd_login_grace_time.sh +++ b/tests/hardening/5.2.17_sshd_login_grace_time.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^LoginGraceTime[[:space:]]*60 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.18_sshd_limit_access.sh b/tests/hardening/5.2.18_sshd_limit_access.sh index d22306be..debeb860 100644 --- a/tests/hardening/5.2.18_sshd_limit_access.sh +++ b/tests/hardening/5.2.18_sshd_limit_access.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -21,5 +21,5 @@ test_audit() { register_test contain "^AllowGroups[[:space:]]** is present in /etc/ssh/sshd_config" register_test contain "^DenyUsers[[:space:]]*nobody is present in /etc/ssh/sshd_config" register_test contain "^DenyGroups[[:space:]]*nobody is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.19_ssh_banner.sh b/tests/hardening/5.2.19_ssh_banner.sh index 98ecc01b..9d5b6ce1 100644 --- a/tests/hardening/5.2.19_ssh_banner.sh +++ b/tests/hardening/5.2.19_ssh_banner.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^Banner[[:space:]]* is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh b/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh index ad6d2f9f..a4fb07c4 100644 --- a/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh +++ b/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testsshduser" local test_file="/etc/ssh/sshd_config" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.2.20_enable_ssh_pam.sh b/tests/hardening/5.2.20_enable_ssh_pam.sh index ae7e9498..f2bb810a 100644 --- a/tests/hardening/5.2.20_enable_ssh_pam.sh +++ b/tests/hardening/5.2.20_enable_ssh_pam.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^usepam[[:space:]]*yes is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh b/tests/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh index 7214c2a4..fe0d3604 100644 --- a/tests/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh +++ b/tests/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^AllowTCPForwarding[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.22_configure_ssh_max_startups.sh b/tests/hardening/5.2.22_configure_ssh_max_startups.sh index 0ac4f2f6..be8886f0 100644 --- a/tests/hardening/5.2.22_configure_ssh_max_startups.sh +++ b/tests/hardening/5.2.22_configure_ssh_max_startups.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^maxstartups[[:space:]]*10:30:60 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.23_limit_ssh_max_sessions.sh b/tests/hardening/5.2.23_limit_ssh_max_sessions.sh index 08b1443c..848ff7bd 100644 --- a/tests/hardening/5.2.23_limit_ssh_max_sessions.sh +++ b/tests/hardening/5.2.23_limit_ssh_max_sessions.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo "maxsessions 1" >>/etc/ssh/sshd_config describe Running restrictive register_test retvalshouldbe 0 register_test contain "[ OK ] 1 is lower than recommended 10" - run restrictive /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run restrictive "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # delete last line sed -i '$ d' /etc/ssh/sshd_config @@ -21,18 +21,18 @@ test_audit() { describe Running too permissive register_test retvalshouldbe 1 register_test contain "[ KO ] 15 is higher than recommended 10" - run permissive /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run permissive "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^maxsessions[[:space:]]*10 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh b/tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh index 531453bf..b4530c53 100644 --- a/tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh +++ b/tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testsshduser" local test_file="/etc/ssh/ssh_host_test_key" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "SSH private keys in /etc/ssh have correct permissions" register_test contain "SSH private keys in /etc/ssh have correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh b/tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh index 338794e6..4d63b704 100644 --- a/tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh +++ b/tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testsshduser" local test_file="/etc/ssh/ssh_host_test_key.pub" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "SSH public keys in /etc/ssh have correct permissions" register_test contain "SSH public keys in /etc/ssh have correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.2.4_sshd_protocol.sh b/tests/hardening/5.2.4_sshd_protocol.sh index 7705983c..25affb84 100644 --- a/tests/hardening/5.2.4_sshd_protocol.sh +++ b/tests/hardening/5.2.4_sshd_protocol.sh @@ -5,19 +5,19 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^Protocol[[:space:]]*2 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.5_sshd_loglevel.sh b/tests/hardening/5.2.5_sshd_loglevel.sh index 8bb2f883..205abd4c 100644 --- a/tests/hardening/5.2.5_sshd_loglevel.sh +++ b/tests/hardening/5.2.5_sshd_loglevel.sh @@ -5,24 +5,24 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all - echo "OPTIONS='LogLevel=DEBUG'" >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo "OPTIONS='LogLevel=DEBUG'" >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" sed -i 's/LogLevel VERBOSE/LogLevel DEBUG/' /etc/ssh/sshd_config describe Checking custom conf register_test retvalshouldbe 0 - run customconf /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run customconf "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.6_disable_x11_forwarding.sh b/tests/hardening/5.2.6_disable_x11_forwarding.sh index 6fdb78ef..b19b513a 100644 --- a/tests/hardening/5.2.6_disable_x11_forwarding.sh +++ b/tests/hardening/5.2.6_disable_x11_forwarding.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^X11Forwarding[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.7_sshd_maxauthtries.sh b/tests/hardening/5.2.7_sshd_maxauthtries.sh index 43614812..66194da8 100644 --- a/tests/hardening/5.2.7_sshd_maxauthtries.sh +++ b/tests/hardening/5.2.7_sshd_maxauthtries.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo "MaxAuthTries 2" >>/etc/ssh/sshd_config describe Running restrictive register_test retvalshouldbe 0 register_test contain "[ OK ] 2 is lower than recommended 4" - run restrictive /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run restrictive "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # delete last line sed -i '$ d' /etc/ssh/sshd_config @@ -21,18 +21,18 @@ test_audit() { describe Running too permissive register_test retvalshouldbe 1 register_test contain "[ KO ] 6 is higher than recommended 4" - run permissive /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run permissive "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^MaxAuthTries[[:space:]]*4 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh b/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh index 8550ec9d..959e4ea3 100644 --- a/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh +++ b/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^IgnoreRhosts[[:space:]]*yes is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh b/tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh index 34782d65..ebb2c14d 100644 --- a/tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh +++ b/tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^HostbasedAuthentication[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.3.1_enable_pwquality.sh b/tests/hardening/5.3.1_enable_pwquality.sh index e07785af..4bfdb894 100644 --- a/tests/hardening/5.3.1_enable_pwquality.sh +++ b/tests/hardening/5.3.1_enable_pwquality.sh @@ -9,11 +9,11 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "libpam-pwquality is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -23,5 +23,5 @@ test_audit() { register_test contain "[ OK ] ^ucredit[[:space:]]+=[[:space:]]+-1 is present in /etc/security/pwquality.conf" register_test contain "[ OK ] ^ocredit[[:space:]]+=[[:space:]]+-1 is present in /etc/security/pwquality.conf" register_test contain "[ OK ] ^lcredit[[:space:]]+=[[:space:]]+-1 is present in /etc/security/pwquality.con" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.3.2_enable_lockout_failed_password.sh b/tests/hardening/5.3.2_enable_lockout_failed_password.sh index 1ef77554..5f279e9c 100644 --- a/tests/hardening/5.3.2_enable_lockout_failed_password.sh +++ b/tests/hardening/5.3.2_enable_lockout_failed_password.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^auth[[:space:]]*required[[:space:]]*pam_((tally[2]?)|(faillock))\.so is present in /etc/pam.d/common-auth" register_test contain "[ OK ] pam_((tally[2]?)|(faillock))\.so is present in /etc/pam.d/common-account" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.3.3_limit_password_reuse.sh b/tests/hardening/5.3.3_limit_password_reuse.sh index 08606a28..2eeaef64 100644 --- a/tests/hardening/5.3.3_limit_password_reuse.sh +++ b/tests/hardening/5.3.3_limit_password_reuse.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^password.*remember is present in /etc/pam.d/common-password" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.3.4_acc_pam_sha512.sh b/tests/hardening/5.3.4_acc_pam_sha512.sh index e7e167f4..f8c7dea9 100644 --- a/tests/hardening/5.3.4_acc_pam_sha512.sh +++ b/tests/hardening/5.3.4_acc_pam_sha512.sh @@ -5,5 +5,5 @@ test_audit() { register_test retvalshouldbe 0 register_test contain REGEX "[ OK ] .*(sha512|yescrypt) is present in /etc/pam.d/common-password" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.4.1.1_set_password_exp_days.sh b/tests/hardening/5.4.1.1_set_password_exp_days.sh index bd0903ed..b31aa58a 100644 --- a/tests/hardening/5.4.1.1_set_password_exp_days.sh +++ b/tests/hardening/5.4.1.1_set_password_exp_days.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^PASS_MAX_DAYS[[:space:]]*90 is present in /etc/login.defs" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.4.1.2_set_password_min_days_change.sh b/tests/hardening/5.4.1.2_set_password_min_days_change.sh index 31cf936f..e5e5183c 100644 --- a/tests/hardening/5.4.1.2_set_password_min_days_change.sh +++ b/tests/hardening/5.4.1.2_set_password_min_days_change.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^PASS_MIN_DAYS[[:space:]]*7 is present in /etc/login.defs" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.4.1.3_set_password_exp_warning_days.sh b/tests/hardening/5.4.1.3_set_password_exp_warning_days.sh index 65aafceb..2b0379bd 100644 --- a/tests/hardening/5.4.1.3_set_password_exp_warning_days.sh +++ b/tests/hardening/5.4.1.3_set_password_exp_warning_days.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^PASS_WARN_AGE[[:space:]]*7 is present in /etc/login.defs" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.4.1.4_lock_inactive_user_account.sh b/tests/hardening/5.4.1.4_lock_inactive_user_account.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/5.4.1.4_lock_inactive_user_account.sh +++ b/tests/hardening/5.4.1.4_lock_inactive_user_account.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/5.4.1.5_last_password_change_past.sh b/tests/hardening/5.4.1.5_last_password_change_past.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/5.4.1.5_last_password_change_past.sh +++ b/tests/hardening/5.4.1.5_last_password_change_past.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/5.4.2_disable_system_accounts.sh b/tests/hardening/5.4.2_disable_system_accounts.sh index ffdff826..c621696a 100644 --- a/tests/hardening/5.4.2_disable_system_accounts.sh +++ b/tests/hardening/5.4.2_disable_system_accounts.sh @@ -6,15 +6,15 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 1 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all mv /tmp/passwd.bak /etc/passwd } diff --git a/tests/hardening/5.4.3_default_root_group.sh b/tests/hardening/5.4.3_default_root_group.sh index 118d2138..119e4895 100644 --- a/tests/hardening/5.4.3_default_root_group.sh +++ b/tests/hardening/5.4.3_default_root_group.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all usermod -g 1 root describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] Root group has GID 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.4.4_default_umask.sh b/tests/hardening/5.4.4_default_umask.sh index e5466e85..f5539ba6 100644 --- a/tests/hardening/5.4.4_default_umask.sh +++ b/tests/hardening/5.4.4_default_umask.sh @@ -5,13 +5,13 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.4.5_default_timeout.sh b/tests/hardening/5.4.5_default_timeout.sh index 6868a510..4fbe6515 100644 --- a/tests/hardening/5.4.5_default_timeout.sh +++ b/tests/hardening/5.4.5_default_timeout.sh @@ -5,13 +5,13 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo "TMOUT=600" >/etc/profile.d/CIS_99.1_timeout.sh describe compliant register_test retvalshouldbe 0 - run compliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run compliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests diff --git a/tests/hardening/5.5_secure_tty.sh b/tests/hardening/5.5_secure_tty.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/5.5_secure_tty.sh +++ b/tests/hardening/5.5_secure_tty.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/5.6_restrict_su.sh b/tests/hardening/5.6_restrict_su.sh index 0b670928..0b9cdc2d 100644 --- a/tests/hardening/5.6_restrict_su.sh +++ b/tests/hardening/5.6_restrict_su.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^auth[[:space:]]*required[[:space:]]*pam_wheel.so is present in /etc/pam.d/su" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.1.10_find_world_writable_file.sh b/tests/hardening/6.1.10_find_world_writable_file.sh index 8f237ed5..6de33fd3 100644 --- a/tests/hardening/6.1.10_find_world_writable_file.sh +++ b/tests/hardening/6.1.10_find_world_writable_file.sh @@ -3,9 +3,9 @@ test_audit() { describe Running void to generate the conf file that will later be edited # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true + "${CIS_CHECKS_DIR}/${script}.sh" || true # shellcheck disable=2016 - echo 'EXCLUDED="$EXCLUDED ^/home/secaudit/thisfileisignored.*|^/dev/.*"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCLUDED="$EXCLUDED ^/home/secaudit/thisfileisignored.*|^/dev/.*"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" touch /home/secaudit/thisfileisignored chmod 777 /home/secaudit/thisfileisignored @@ -13,7 +13,7 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "No world writable files found" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing local targetfile="/home/secaudit/worldwritable" @@ -21,21 +21,21 @@ test_audit() { chmod 777 "$targetfile" register_test retvalshouldbe 1 register_test contain "Some world writable files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests failing with find ignore flag - echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" register_test retvalshouldbe 1 register_test contain "Some world writable files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No world writable files found" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.1.11_find_unowned_files.sh b/tests/hardening/6.1.11_find_unowned_files.sh index 6f368245..5480388a 100644 --- a/tests/hardening/6.1.11_find_unowned_files.sh +++ b/tests/hardening/6.1.11_find_unowned_files.sh @@ -3,9 +3,9 @@ test_audit() { describe Running void to generate the conf file that will later be edited # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true + "${CIS_CHECKS_DIR}/${script}.sh" || true # shellcheck disable=2016 - echo 'EXCLUDED="$EXCLUDED ^/home/secaudit/6.1.11/.*"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCLUDED="$EXCLUDED ^/home/secaudit/6.1.11/.*"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" mkdir /home/secaudit/6.1.11/ touch /home/secaudit/6.1.11/test chown 1200 /home/secaudit/6.1.11/test @@ -14,7 +14,7 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "No unowned files found" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing local targetfile="/home/secaudit/unowned" @@ -22,20 +22,20 @@ test_audit() { chown 1200 "$targetfile" register_test retvalshouldbe 1 register_test contain "Some unowned files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests failing with find ignore flag - echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" register_test retvalshouldbe 1 register_test contain "Some unowned files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No unowned files found" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.1.12_find_ungrouped_files.sh b/tests/hardening/6.1.12_find_ungrouped_files.sh index c6a80d00..6747c455 100644 --- a/tests/hardening/6.1.12_find_ungrouped_files.sh +++ b/tests/hardening/6.1.12_find_ungrouped_files.sh @@ -3,9 +3,9 @@ test_audit() { describe Running void to generate the conf file that will later be edited # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true + "${CIS_CHECKS_DIR}/${script}.sh" || true # shellcheck disable=2016 - echo 'EXCLUDED="$EXCLUDED ^/home/secaudit/6.1.12/.*"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCLUDED="$EXCLUDED ^/home/secaudit/6.1.12/.*"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" mkdir /home/secaudit/6.1.12/ touch /home/secaudit/6.1.12/test chown 1200:1200 /home/secaudit/6.1.12/test @@ -14,7 +14,7 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "No ungrouped files found" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing local targetfile="/home/secaudit/ungrouped" @@ -22,20 +22,20 @@ test_audit() { chown 1200:1200 "$targetfile" register_test retvalshouldbe 1 register_test contain "Some ungrouped files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests failing with find ignore flag - echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" register_test retvalshouldbe 1 register_test contain "Some ungrouped files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No ungrouped files found" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.1.13_find_suid_files.sh b/tests/hardening/6.1.13_find_suid_files.sh index ec34b70a..0d377e2c 100644 --- a/tests/hardening/6.1.13_find_suid_files.sh +++ b/tests/hardening/6.1.13_find_suid_files.sh @@ -3,14 +3,14 @@ test_audit() { describe Running void to generate the conf file that will later be edited # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true + "${CIS_CHECKS_DIR}/${script}.sh" || true # shellcheck disable=2016 - echo 'EXCEPTIONS="$EXCEPTIONS /usr/lib/dbus-1.0/dbus-daemon-launch-helper /usr/sbin/exim4 /bin/fusermount /usr/lib/eject/dmcrypt-get-device /usr/bin/pkexec /usr/lib/policykit-1/polkit-agent-helper-1"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTIONS="$EXCEPTIONS /usr/lib/dbus-1.0/dbus-daemon-launch-helper /usr/sbin/exim4 /bin/fusermount /usr/lib/eject/dmcrypt-get-device /usr/bin/pkexec /usr/lib/policykit-1/polkit-agent-helper-1"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Running on blank host register_test retvalshouldbe 0 dismiss_count_for_test - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing local targetfile="/home/secaudit/suid_file" @@ -19,13 +19,13 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "Some suid files are present" register_test contain "$targetfile" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests failing with find ignore flag - echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" register_test retvalshouldbe 1 register_test contain "Some suid files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation chmod 700 $targetfile @@ -33,5 +33,5 @@ test_audit() { describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No unknown suid files found" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.1.14_find_sgid_files.sh b/tests/hardening/6.1.14_find_sgid_files.sh index 380442b1..799b7bc8 100644 --- a/tests/hardening/6.1.14_find_sgid_files.sh +++ b/tests/hardening/6.1.14_find_sgid_files.sh @@ -3,15 +3,15 @@ test_audit() { describe Running void to generate the conf file that will later be edited # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true + "${CIS_CHECKS_DIR}/${script}.sh" || true # shellcheck disable=2016 - echo 'EXCEPTIONS="$EXCEPTIONS /usr/bin/dotlock.mailutils /usr/lib/x86_64-linux-gnu/utempter/utempter"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTIONS="$EXCEPTIONS /usr/bin/dotlock.mailutils /usr/lib/x86_64-linux-gnu/utempter/utempter"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Running on blank host register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing local targetfile="/home/secaudit/sgid_file" @@ -20,13 +20,13 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "Some sgid files are present" register_test contain "$targetfile" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests failing with find ignore flag - echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" register_test retvalshouldbe 1 register_test contain "Some sgid files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation chmod 700 $targetfile @@ -34,5 +34,5 @@ test_audit() { describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No unknown sgid files found" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.1.2_etc_passwd_permissions.sh b/tests/hardening/6.1.2_etc_passwd_permissions.sh index fa503339..18c91c6e 100644 --- a/tests/hardening/6.1.2_etc_passwd_permissions.sh +++ b/tests/hardening/6.1.2_etc_passwd_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcpasswduser" local test_file="/etc/passwd" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.3_etc_gshadow-_permissions.sh b/tests/hardening/6.1.3_etc_gshadow-_permissions.sh index 1beadf02..29dff78e 100644 --- a/tests/hardening/6.1.3_etc_gshadow-_permissions.sh +++ b/tests/hardening/6.1.3_etc_gshadow-_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcgshadow-user" local test_file="/etc/gshadow-" @@ -14,34 +14,34 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Missing File should be OK as well rm "$test_file" register_test retvalshouldbe 0 register_test contain "does not exist" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.4_etc_shadow_permissions.sh b/tests/hardening/6.1.4_etc_shadow_permissions.sh index aefbd50c..c592cedb 100644 --- a/tests/hardening/6.1.4_etc_shadow_permissions.sh +++ b/tests/hardening/6.1.4_etc_shadow_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcshadowuser" local test_file="/etc/shadow" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.5_etc_group_permissions.sh b/tests/hardening/6.1.5_etc_group_permissions.sh index 6195f11d..1eb6b1ce 100644 --- a/tests/hardening/6.1.5_etc_group_permissions.sh +++ b/tests/hardening/6.1.5_etc_group_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcgroupuser" local test_file="/etc/group" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.6_etc_passwd-_permissions.sh b/tests/hardening/6.1.6_etc_passwd-_permissions.sh index d613e63c..10da3183 100644 --- a/tests/hardening/6.1.6_etc_passwd-_permissions.sh +++ b/tests/hardening/6.1.6_etc_passwd-_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcpasswd-user" local test_file="/etc/passwd-" @@ -15,40 +15,40 @@ test_audit() { chown root:root "$test_file" register_test retvalshouldbe 0 register_test contain "has correct permissions" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Missing File should be OK as well rm "$test_file" register_test retvalshouldbe 0 register_test contain "does not exist" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.7_etc_shadow-_permissions.sh b/tests/hardening/6.1.7_etc_shadow-_permissions.sh index 04cf1939..cd14fe9d 100644 --- a/tests/hardening/6.1.7_etc_shadow-_permissions.sh +++ b/tests/hardening/6.1.7_etc_shadow-_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcshadow-user" local test_file="/etc/shadow-" @@ -15,40 +15,40 @@ test_audit() { chown root:shadow "$test_file" register_test retvalshouldbe 0 register_test contain "has correct permissions" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Missing File should be OK as well rm "$test_file" register_test retvalshouldbe 0 register_test contain "does not exist" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.8_etc_group-_permissions.sh b/tests/hardening/6.1.8_etc_group-_permissions.sh index 1d4ea8d4..7f27a375 100644 --- a/tests/hardening/6.1.8_etc_group-_permissions.sh +++ b/tests/hardening/6.1.8_etc_group-_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcgroup--user" local test_file="/etc/group-" @@ -15,40 +15,40 @@ test_audit() { chown root:root "$test_file" register_test retvalshouldbe 0 register_test contain "has correct permissions" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Missing File should be OK as well rm "$test_file" register_test retvalshouldbe 0 register_test contain "does not exist" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.9_etc_gshadow_permissions.sh b/tests/hardening/6.1.9_etc_gshadow_permissions.sh index 9abc6d92..a7f46e60 100644 --- a/tests/hardening/6.1.9_etc_gshadow_permissions.sh +++ b/tests/hardening/6.1.9_etc_gshadow_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcgshadowuser" local test_file="/etc/gshadow" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.2.10_check_user_dot_file_perm.sh b/tests/hardening/6.2.10_check_user_dot_file_perm.sh index a74a3c6e..a27361a0 100644 --- a/tests/hardening/6.2.10_check_user_dot_file_perm.sh +++ b/tests/hardening/6.2.10_check_user_dot_file_perm.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testdotuser" local test_file=".test" @@ -17,16 +17,16 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "Group Write permission set on FILE" register_test contain "Other Write permission set on FILE" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "Dot file permission in users directories are correct" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel -r "$test_user" diff --git a/tests/hardening/6.2.11_find_user_forward_files.sh b/tests/hardening/6.2.11_find_user_forward_files.sh index 47eb5811..cf958933 100644 --- a/tests/hardening/6.2.11_find_user_forward_files.sh +++ b/tests/hardening/6.2.11_find_user_forward_files.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testforwarduser" local test_file=".forward" @@ -15,7 +15,7 @@ test_audit() { touch "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "$test_file present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel -r "$test_user" diff --git a/tests/hardening/6.2.12_find_user_netrc_files.sh b/tests/hardening/6.2.12_find_user_netrc_files.sh index 1dce9c8c..07b3ed15 100644 --- a/tests/hardening/6.2.12_find_user_netrc_files.sh +++ b/tests/hardening/6.2.12_find_user_netrc_files.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testnetrcuser" local test_file=".netrc" @@ -15,7 +15,7 @@ test_audit() { touch "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "$test_file present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel -r "$test_user" diff --git a/tests/hardening/6.2.13_set_perm_on_user_netrc.sh b/tests/hardening/6.2.13_set_perm_on_user_netrc.sh index b5596527..bf428b2d 100644 --- a/tests/hardening/6.2.13_set_perm_on_user_netrc.sh +++ b/tests/hardening/6.2.13_set_perm_on_user_netrc.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testnetrcuser" local test_file=".netrc" @@ -16,16 +16,16 @@ test_audit() { chmod 777 "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "$test_file has correct permissions" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel -r "$test_user" diff --git a/tests/hardening/6.2.14_find_user_rhosts_files.sh b/tests/hardening/6.2.14_find_user_rhosts_files.sh index c1aa7721..c1ee40e4 100644 --- a/tests/hardening/6.2.14_find_user_rhosts_files.sh +++ b/tests/hardening/6.2.14_find_user_rhosts_files.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testrhostsuser" local test_file=".rhosts" @@ -15,7 +15,7 @@ test_audit() { touch "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "$test_file present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel -r "$test_user" diff --git a/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh b/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh index 6e26efe5..80ebf140 100644 --- a/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh +++ b/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testpasswdgroupuser" local dir="/etc/passwd" @@ -14,7 +14,7 @@ test_audit() { echo "$test_user:x:1100:1100::/home/$test_user:" >>"$dir" register_test retvalshouldbe 1 register_test contain "is referenced by /etc/passwd but does not exist in /etc/group" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel "$test_user" diff --git a/tests/hardening/6.2.16_check_duplicate_uid.sh b/tests/hardening/6.2.16_check_duplicate_uid.sh index dcd33186..c0af43f8 100644 --- a/tests/hardening/6.2.16_check_duplicate_uid.sh +++ b/tests/hardening/6.2.16_check_duplicate_uid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] No duplicate UIDs" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all useradd -u 1001 usertest1 useradd -o -u 1001 usertest2 @@ -14,15 +14,15 @@ test_audit() { describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "[ KO ] Duplicate UID (1001): usertest1 usertest2" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'EXCEPTIONS="$EXCEPTIONS 1001"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTIONS="$EXCEPTIONS 1001"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Adding exceptions register_test retvalshouldbe 0 register_test contain "[ OK ] No duplicate UIDs apart from configured exceptions: (1001): usertest1 usertest2" - run exception /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run exception "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel usertest1 diff --git a/tests/hardening/6.2.17_check_duplicate_gid.sh b/tests/hardening/6.2.17_check_duplicate_gid.sh index 62f05c7c..174500dd 100644 --- a/tests/hardening/6.2.17_check_duplicate_gid.sh +++ b/tests/hardening/6.2.17_check_duplicate_gid.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all groupadd -f -g 120 grouptest groupadd -fo -g 120 grouptest2 describe Duplicated groups register_test retvalshouldbe 1 - run duplicated /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run duplicated "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup groupdel grouptest @@ -20,6 +20,6 @@ test_audit() { describe Compliant state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.2.18_check_duplicate_username.sh b/tests/hardening/6.2.18_check_duplicate_username.sh index 89c036e0..9a1fdec0 100644 --- a/tests/hardening/6.2.18_check_duplicate_username.sh +++ b/tests/hardening/6.2.18_check_duplicate_username.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testduplicateuser" local dir="/etc/passwd" @@ -16,7 +16,7 @@ test_audit() { echo "$temp" >>"$dir" register_test retvalshouldbe 1 register_test contain "Duplicate username" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup sed -i '$ d' "$dir" diff --git a/tests/hardening/6.2.19_check_duplicate_groupname.sh b/tests/hardening/6.2.19_check_duplicate_groupname.sh index 36640769..4d8b3f58 100644 --- a/tests/hardening/6.2.19_check_duplicate_groupname.sh +++ b/tests/hardening/6.2.19_check_duplicate_groupname.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_group="testduplicategroup" local dir="/etc/group" @@ -16,7 +16,7 @@ test_audit() { echo "$temp" >>"$dir" register_test retvalshouldbe 1 register_test contain "Duplicate group" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup sed -i '$ d' "$dir" diff --git a/tests/hardening/6.2.1_remove_empty_password_field.sh b/tests/hardening/6.2.1_remove_empty_password_field.sh index d33bbeba..3079e2df 100644 --- a/tests/hardening/6.2.1_remove_empty_password_field.sh +++ b/tests/hardening/6.2.1_remove_empty_password_field.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testemptypassworduser" @@ -14,16 +14,16 @@ test_audit() { sed -i "s/$test_user:\!/$test_user:/" /etc/shadow register_test retvalshouldbe 1 register_test contain "Some accounts have an empty password" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "All accounts have a password" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel "$test_user" diff --git a/tests/hardening/6.2.20_shadow_group_empty.sh b/tests/hardening/6.2.20_shadow_group_empty.sh index 7eff49c0..33958c8f 100644 --- a/tests/hardening/6.2.20_shadow_group_empty.sh +++ b/tests/hardening/6.2.20_shadow_group_empty.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testshadowuser" @@ -14,14 +14,14 @@ test_audit() { usermod -aG shadow "$test_user" register_test retvalshouldbe 1 register_test contain "Some users belong to shadow group" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all userdel "$test_user" describe Tests purposely failing useradd --no-user-group -g shadow "$test_user" register_test retvalshouldbe 1 register_test contain "Some users have shadow id as their primary group" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all userdel "$test_user" } diff --git a/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh b/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh index ce25f3d1..91eab39b 100644 --- a/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh +++ b/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcpasswduser" @@ -14,16 +14,16 @@ test_audit() { sed -i "s/$test_user:x/+:$test_user:x/" /etc/passwd register_test retvalshouldbe 1 register_test contain "Some accounts have a legacy password entry" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "All accounts have a valid password entry format" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup groupdel $test_user diff --git a/tests/hardening/6.2.3_users_homedir_exist.sh b/tests/hardening/6.2.3_users_homedir_exist.sh index 4e41040d..c13d9004 100644 --- a/tests/hardening/6.2.3_users_homedir_exist.sh +++ b/tests/hardening/6.2.3_users_homedir_exist.sh @@ -4,14 +4,14 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="userwithouthome" useradd "$test_user" describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "does not exist." - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel "$test_user" diff --git a/tests/hardening/6.2.4_remove_legacy_shadow_entries.sh b/tests/hardening/6.2.4_remove_legacy_shadow_entries.sh index 78c95b63..b352a952 100644 --- a/tests/hardening/6.2.4_remove_legacy_shadow_entries.sh +++ b/tests/hardening/6.2.4_remove_legacy_shadow_entries.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcshadowusr" @@ -14,16 +14,16 @@ test_audit() { sed -i "s/$test_user:/+:$test_user:/" /etc/shadow register_test retvalshouldbe 1 register_test contain "Some accounts have a legacy password entry" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "All accounts have a valid password entry format" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel "$test_user" diff --git a/tests/hardening/6.2.5_remove_legacy_group_entries.sh b/tests/hardening/6.2.5_remove_legacy_group_entries.sh index ea8ed399..c25d8dba 100644 --- a/tests/hardening/6.2.5_remove_legacy_group_entries.sh +++ b/tests/hardening/6.2.5_remove_legacy_group_entries.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcgroupuser" @@ -14,16 +14,16 @@ test_audit() { sed -i "s/$test_user:x/+:$test_user:x/" /etc/group register_test retvalshouldbe 1 register_test contain "Some accounts have a legacy group entry" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "All accounts have a valid group entry format" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel "$test_user" diff --git a/tests/hardening/6.2.6_find_0_uid_non_root_account.sh b/tests/hardening/6.2.6_find_0_uid_non_root_account.sh index a54b7def..e95a0ca5 100644 --- a/tests/hardening/6.2.6_find_0_uid_non_root_account.sh +++ b/tests/hardening/6.2.6_find_0_uid_non_root_account.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] No account with uid 0 appart from root" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all useradd -o -u 0 usertest1 @@ -13,15 +13,15 @@ test_audit() { describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "[ KO ] Some accounts have uid 0: usertest1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'EXCEPTIONS="$EXCEPTIONS usertest1"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTIONS="$EXCEPTIONS usertest1"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Adding exceptions register_test retvalshouldbe 0 register_test contain "[ OK ] No account with uid 0 appart from root and configured exceptions: usertest1" - run exception /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run exception "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel -f usertest1 diff --git a/tests/hardening/6.2.7_sanitize_root_path.sh b/tests/hardening/6.2.7_sanitize_root_path.sh index d3574926..6869a37c 100644 --- a/tests/hardening/6.2.7_sanitize_root_path.sh +++ b/tests/hardening/6.2.7_sanitize_root_path.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local dir="/test" local test_user="userrootpathtest" @@ -13,23 +13,23 @@ test_audit() { describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "Empty Directory in PATH (::)" - run noncompliant path="$PATH::" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant path="$PATH::" "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "Trailing : in PATH" - run noncompliant path="$PATH:" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant path="$PATH:" "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "PATH contains ." - run noncompliant path="$PATH:." /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant path="$PATH:." "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing mkdir -m 770 "$dir" register_test retvalshouldbe 1 register_test contain "Group Write permission set on directory $dir" - run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant path="$PATH:$dir" "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # clean rmdir "$dir" @@ -37,7 +37,7 @@ test_audit() { mkdir -m 707 "$dir" register_test retvalshouldbe 1 register_test contain "Other Write permission set on directory $dir" - run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant path="$PATH:$dir" "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # clean rmdir "$dir" @@ -47,7 +47,7 @@ test_audit() { chown "$test_user":"$test_user" "$dir" register_test retvalshouldbe 1 register_test contain "$dir is not owned by root" - run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant path="$PATH:$dir" "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # clean rmdir "$dir" userdel "$test_user" diff --git a/tests/hardening/6.2.8_check_user_dir_perm.sh b/tests/hardening/6.2.8_check_user_dir_perm.sh index da09e25a..72b695c5 100644 --- a/tests/hardening/6.2.8_check_user_dir_perm.sh +++ b/tests/hardening/6.2.8_check_user_dir_perm.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testhomepermuser" @@ -18,16 +18,16 @@ test_audit() { register_test contain "Other Write permission set on directory" register_test contain "Other Execute permission set on directory" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No incorrect permissions on home directories" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel -r "$test_user" diff --git a/tests/hardening/6.2.9_users_homedir_ownership.sh b/tests/hardening/6.2.9_users_homedir_ownership.sh index f0e52d37..fe07f54a 100644 --- a/tests/hardening/6.2.9_users_homedir_ownership.sh +++ b/tests/hardening/6.2.9_users_homedir_ownership.sh @@ -4,7 +4,7 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testhomeuser" @@ -13,14 +13,14 @@ test_audit() { chown root:root /home/"$test_user" register_test retvalshouldbe 1 register_test contain "[ KO ] The home directory (/home/$test_user) of user testhomeuser is owned by root" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - echo "EXCEPTIONS=\"/home/$test_user:$test_user:root\"" >/opt/debian-cis/etc/conf.d/"${script}".cfg + echo "EXCEPTIONS=\"/home/$test_user:$test_user:root\"" >"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Checking resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup rm -rf "/home/${test_user:?}" diff --git a/tests/hardening/99.1.1.1_disable_cramfs.sh b/tests/hardening/99.1.1.1_disable_cramfs.sh index 5195a499..23e8ccd6 100644 --- a/tests/hardening/99.1.1.1_disable_cramfs.sh +++ b/tests/hardening/99.1.1.1_disable_cramfs.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/99.1.1.23_disable_usb_devices.sh b/tests/hardening/99.1.1.23_disable_usb_devices.sh index 69db7fe0..5e9f1078 100644 --- a/tests/hardening/99.1.1.23_disable_usb_devices.sh +++ b/tests/hardening/99.1.1.23_disable_usb_devices.sh @@ -11,13 +11,13 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo 'ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0"' >/etc/udev/rules.d/10-CIS_99.2_usb_devices.sh describe compliant register_test retvalshouldbe 0 - run compliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run compliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests diff --git a/tests/hardening/99.1.3_acc_sudoers_no_all.sh b/tests/hardening/99.1.3_acc_sudoers_no_all.sh index b0f47c28..785c2d84 100644 --- a/tests/hardening/99.1.3_acc_sudoers_no_all.sh +++ b/tests/hardening/99.1.3_acc_sudoers_no_all.sh @@ -2,16 +2,16 @@ # run-shellcheck test_audit() { # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'EXCEPT="$EXCEPT debian"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPT="$EXCEPT debian"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Running on blank host register_test retvalshouldbe 0 dismiss_count_for_test register_test contain "There is no carte-blanche sudo permission in" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Proceed to operation that will end up to a non compliant system useradd -s /bin/bash jeantestuser @@ -19,14 +19,14 @@ test_audit() { describe Fail: Not compliant system register_test retvalshouldbe 1 register_test contain "[ KO ] jeantestuser ALL = (ALL) NOPASSWD:ALL is present in /etc/sudoers.d/jeantestuser" - run userallcmd /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run userallcmd "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'EXCEPT="$EXCEPT debian jeantestuser"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPT="$EXCEPT debian jeantestuser"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Adding jeantestuser to exceptions register_test retvalshouldbe 0 register_test contain "[ OK ] jeantestuser ALL = (ALL) NOPASSWD:ALL is present in /etc/sudoers.d/jeantestuser but was EXCUSED because jeantestuser is part of exceptions" - run userexcept /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run userexcept "${CIS_CHECKS_DIR}/${script}.sh" --audit-all rm -f /etc/sudoers.d/jeantestuser userdel jeantestuser diff --git a/tests/hardening/99.2.2_disable_telnet_server.sh b/tests/hardening/99.2.2_disable_telnet_server.sh index a5243cb7..4ad9ef85 100644 --- a/tests/hardening/99.2.2_disable_telnet_server.sh +++ b/tests/hardening/99.2.2_disable_telnet_server.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/99.3.3.1_install_tcp_wrapper.sh b/tests/hardening/99.3.3.1_install_tcp_wrapper.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/99.3.3.1_install_tcp_wrapper.sh +++ b/tests/hardening/99.3.3.1_install_tcp_wrapper.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/99.3.3.2_hosts_allow.sh b/tests/hardening/99.3.3.2_hosts_allow.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/99.3.3.2_hosts_allow.sh +++ b/tests/hardening/99.3.3.2_hosts_allow.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/99.3.3.3_hosts_deny.sh b/tests/hardening/99.3.3.3_hosts_deny.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/99.3.3.3_hosts_deny.sh +++ b/tests/hardening/99.3.3.3_hosts_deny.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/99.3.3.4_hosts_allow_permissions.sh b/tests/hardening/99.3.3.4_hosts_allow_permissions.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/99.3.3.4_hosts_allow_permissions.sh +++ b/tests/hardening/99.3.3.4_hosts_allow_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/99.3.3.5_hosts_deny_permissions.sh b/tests/hardening/99.3.3.5_hosts_deny_permissions.sh index f85b20df..5bb5d862 100644 --- a/tests/hardening/99.3.3.5_hosts_deny_permissions.sh +++ b/tests/hardening/99.3.3.5_hosts_deny_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/99.4.0_enable_auditd_kernel.sh b/tests/hardening/99.4.0_enable_auditd_kernel.sh index af007f7f..f92d5f1b 100644 --- a/tests/hardening/99.4.0_enable_auditd_kernel.sh +++ b/tests/hardening/99.4.0_enable_auditd_kernel.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/99.5.2.1_ssh_auth_pubk_only.sh b/tests/hardening/99.5.2.1_ssh_auth_pubk_only.sh index 54bede0a..27ca134e 100644 --- a/tests/hardening/99.5.2.1_ssh_auth_pubk_only.sh +++ b/tests/hardening/99.5.2.1_ssh_auth_pubk_only.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -25,5 +25,5 @@ test_audit() { register_test contain "[ OK ] ^HostbasedAuthentication[[:space:]]+no is present in /etc/ssh/sshd_config" register_test contain "[ OK ] ^GSSAPIAuthentication[[:space:]]+no is present in /etc/ssh/sshd_config" register_test contain "[ OK ] ^GSSAPIKeyExchange[[:space:]]+no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.2.2_ssh_cry_rekey.sh b/tests/hardening/99.5.2.2_ssh_cry_rekey.sh index 62b83081..5e73d99c 100644 --- a/tests/hardening/99.5.2.2_ssh_cry_rekey.sh +++ b/tests/hardening/99.5.2.2_ssh_cry_rekey.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^RekeyLimit[[:space:]]*512M\s+6h is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.2.3_ssh_disable_features.sh b/tests/hardening/99.5.2.3_ssh_disable_features.sh index 14188a00..fd835f43 100644 --- a/tests/hardening/99.5.2.3_ssh_disable_features.sh +++ b/tests/hardening/99.5.2.3_ssh_disable_features.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -24,5 +24,5 @@ test_audit() { " register_test contain "[ OK ] ^PermitUserRC[[:space:]]*no is present in /etc/ssh/sshd_config" register_test contain "[ OK ] ^GatewayPorts[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.2.4_ssh_keys_from.sh b/tests/hardening/99.5.2.4_ssh_keys_from.sh index ec2b1118..4da22903 100644 --- a/tests/hardening/99.5.2.4_ssh_keys_from.sh +++ b/tests/hardening/99.5.2.4_ssh_keys_from.sh @@ -2,11 +2,11 @@ # run-shellcheck test_audit() { # shellcheck disable=2154 - echo 'EXCEPTION_USER="root"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTION_USER="root"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" skip_tests # shellcheck disable=2154 - run genconf /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run genconf "${CIS_CHECKS_DIR}/${script}.sh" --audit-all useradd -s /bin/bash jeantestuser describe Running on blank host @@ -16,19 +16,19 @@ test_audit() { register_test contain "[INFO] User jeantestuser has a valid shell" register_test contain "[INFO] User jeantestuser has no home directory" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all mkdir -p /home/secaudit/.ssh touch /home/secaudit/.ssh/authorized_keys2 describe empty authorized keys file register_test retvalshouldbe 0 - run emptyauthkey /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run emptyauthkey "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ssh-keygen -N "" -t ed25519 -f /tmp/key1 cat /tmp/key1.pub >>/home/secaudit/.ssh/authorized_keys2 describe Key without from field register_test retvalshouldbe 1 - run keynofrom /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run keynofrom "${CIS_CHECKS_DIR}/${script}.sh" --audit-all { echo -n 'from="127.0.0.1" ' @@ -36,26 +36,26 @@ test_audit() { } >/home/secaudit/.ssh/authorized_keys2 describe Key with from, no ip check register_test retvalshouldbe 0 - run keyfrom /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run keyfrom "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" { echo -n 'from="10.0.1.2" ' cat /tmp/key1.pub } >>/home/secaudit/.ssh/authorized_keys2 describe Key with from, filled allowed IPs, one bad ip register_test retvalshouldbe 1 - run badfromip /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run badfromip "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'ALLOWED_IPS="$ALLOWED_IPS 10.0.1.2"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'ALLOWED_IPS="$ALLOWED_IPS 10.0.1.2"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Key with from, filled allowed IPs, all IPs allowed register_test retvalshouldbe 0 - run allwdfromip /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run allwdfromip "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1,10.2.3.1"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1,10.2.3.1"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" { echo -n 'from="10.0.1.2",command="echo bla" ' cat /tmp/key1.pub @@ -64,14 +64,14 @@ test_audit() { } >>/home/secaudit/.ssh/authorized_keys2 describe Key with from and command options register_test retvalshouldbe 0 - run keyfromcommand /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run keyfromcommand "${CIS_CHECKS_DIR}/${script}.sh" --audit-all useradd -s /bin/bash -m jeantest2 # shellcheck disable=2016 - echo 'USERS_TO_CHECK="jeantest2 secaudit"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'USERS_TO_CHECK="jeantest2 secaudit"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Check only specified user register_test retvalshouldbe 0 - run checkuser /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run checkuser "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel jeantestuser diff --git a/tests/hardening/99.5.2.5_ssh_strict_modes.sh b/tests/hardening/99.5.2.5_ssh_strict_modes.sh index e10dc0c9..16078975 100644 --- a/tests/hardening/99.5.2.5_ssh_strict_modes.sh +++ b/tests/hardening/99.5.2.5_ssh_strict_modes.sh @@ -6,18 +6,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^StrictModes[[:space:]]*yes is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.2.6_ssh_sys_accept_env.sh b/tests/hardening/99.5.2.6_ssh_sys_accept_env.sh index 03d219d1..5783774b 100644 --- a/tests/hardening/99.5.2.6_ssh_sys_accept_env.sh +++ b/tests/hardening/99.5.2.6_ssh_sys_accept_env.sh @@ -5,25 +5,25 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Proceed to operation that will end up to a non compliant system describe Tests purposely failing sed -ri 's/^\s*AcceptEnv\s+LANG LC_\*//' /etc/ssh/sshd_config register_test retvalshouldbe 1 register_test contain "[ KO ] ^\s*AcceptEnv\s+LANG LC_\* is not present in /etc/ssh/sshd_config" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^\s*AcceptEnv\s+LANG LC_\* is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.2.7_ssh_sys_no_legacy.sh b/tests/hardening/99.5.2.7_ssh_sys_no_legacy.sh index 7aabbf49..31cb6117 100644 --- a/tests/hardening/99.5.2.7_ssh_sys_no_legacy.sh +++ b/tests/hardening/99.5.2.7_ssh_sys_no_legacy.sh @@ -4,5 +4,5 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.2.8_ssh_sys_sandbox.sh b/tests/hardening/99.5.2.8_ssh_sys_sandbox.sh index 398724d6..060934d0 100644 --- a/tests/hardening/99.5.2.8_ssh_sys_sandbox.sh +++ b/tests/hardening/99.5.2.8_ssh_sys_sandbox.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^UsePrivilegeSeparation[[:space:]]*sandbox is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.4.5.1_acc_logindefs_sha512.sh b/tests/hardening/99.5.4.5.1_acc_logindefs_sha512.sh index 80bfe07c..b5ce731e 100644 --- a/tests/hardening/99.5.4.5.1_acc_logindefs_sha512.sh +++ b/tests/hardening/99.5.4.5.1_acc_logindefs_sha512.sh @@ -5,34 +5,34 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "ENCRYPT_METHOD SHA512 is present in /etc/login.defs" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all cp /etc/login.defs /tmp/login.defs.bak describe Line as comment sed -i 's/\(ENCRYPT_METHOD SHA512\)/# \1/' /etc/login.defs register_test retvalshouldbe 1 register_test contain "SHA512 is not present" - run commented /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run commented "${CIS_CHECKS_DIR}/${script}.sh" --audit-all rm /etc/login.defs describe Fail: missing conf file register_test retvalshouldbe 1 register_test contain "/etc/login.defs is not readable" - run missconffile /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run missconffile "${CIS_CHECKS_DIR}/${script}.sh" --audit-all cp /tmp/login.defs.bak /etc/login.defs sed -ir 's/ENCRYPT_METHOD[[:space:]]\+SHA512/ENCRYPT_METHOD MD5/' /etc/login.defs describe Fail: wrong hash function configuration register_test retvalshouldbe 1 register_test contain "SHA512 is not present" - run wrongconf /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run wrongconf "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/disabled/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state mv /tmp/login.defs.bak /etc/login.defs register_test retvalshouldbe 0 - run sha512pass /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run sha512pass "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.4.5.2_acc_shadow_sha512.sh b/tests/hardening/99.5.4.5.2_acc_shadow_sha512.sh index 25e176af..9b240478 100644 --- a/tests/hardening/99.5.4.5.2_acc_shadow_sha512.sh +++ b/tests/hardening/99.5.4.5.2_acc_shadow_sha512.sh @@ -6,20 +6,20 @@ test_audit() { register_test contain "There is no password in /etc/shadow" dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all cp -a /etc/shadow /tmp/shadow.bak sed -i 's/secaudit:!/secaudit:mypassword/' /etc/shadow describe Fail: Found unsecure password register_test retvalshouldbe 1 register_test contain "User secaudit has a password that is not SHA512 hashed" - run unsecpasswd /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run unsecpasswd "${CIS_CHECKS_DIR}/${script}.sh" --audit-all sed -i 's/secaudit:mypassword/secaudit:!!/' /etc/shadow describe Fail: Found disabled password register_test retvalshouldbe 0 register_test contain "User secaudit has a disabled password" - run lockedpasswd /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run lockedpasswd "${CIS_CHECKS_DIR}/${script}.sh" --audit-all mv /tmp/shadow.bak /etc/shadow chpasswd -c SHA512 <