# shellcheck shell=bash # run-shellcheck test_audit() { describe Running on blank host register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all local dir="/test" local test_user="userrootpathtest" describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "Empty Directory in PATH (::)" run noncompliant path="$PATH::" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "Trailing : in PATH" run noncompliant path="$PATH:" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "PATH contains ." run noncompliant path="$PATH:." /opt/debian-cis/bin/hardening/"${script}".sh --audit-all describe Tests purposely failing mkdir -m 770 $dir register_test retvalshouldbe 1 register_test contain "Group Write permission set on directory $dir" run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # clean rmdir $dir describe Tests purposely failing mkdir -m 707 $dir register_test retvalshouldbe 1 register_test contain "Other Write permission set on directory $dir" run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # clean rmdir $dir describe Tests purposely failing useradd $test_user mkdir -m 700 $dir chown userrootpathtest:userrootpathtest $dir register_test retvalshouldbe 1 register_test contain "$dir is not owned by root" run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # clean rmdir $dir userdel $test_user }