diff options
| author | mboelen <michael@cisofy.com> | 2015-04-07 18:19:25 +0300 |
|---|---|---|
| committer | mboelen <michael@cisofy.com> | 2015-04-07 18:19:25 +0300 |
| commit | e21e8679e0514a75a0c11a889f192f6cc435752c (patch) | |
| tree | 4e9e410efc92e6cf7c83e3972ec2df58349f0f88 | |
| parent | 7785c5a61081844a31c70ba96699226d73351fb1 (diff) | |
Check also /var and assign hardening points
| -rw-r--r-- | include/tests_filesystems | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/include/tests_filesystems b/include/tests_filesystems index b9715e46..6d9453da 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -29,13 +29,12 @@ ################################################################################# # # Test : FILE-6310 - # Description : Checking if /tmp and /home are separated from / - # Goal : Users should not be able to fill their home directory or - # temporary directory and creating a Denial of Service - Register --test-no FILE-6310 --weight L --network NO --description "Checking /tmp and /home directory" + # Description : Checking if some mount points are separated from / + # Goal : Users should not be able to fill their home directory or temporary directory and creating a Denial of Service + Register --test-no FILE-6310 --weight L --network NO --description "Checking /tmp, /home and /var directory" if [ ${SKIPTEST} -eq 0 ]; then Display --indent 2 --text "- Checking mount points" - SEPARATED_FILESYTEMS="/home /tmp" + SEPARATED_FILESYTEMS="/home /tmp /var" for I in ${SEPARATED_FILESYTEMS}; do logtext "Test: Checking if ${I} is mounted separately or mounted on / file system" if [ -L ${I} ]; then @@ -47,10 +46,12 @@ if [ ! "${FIND}" = "" ]; then logtext "Result: found ${I} as a separated mount point" Display --indent 4 --text "- Checking ${I} mount point" --result OK --color GREEN + AddHP 10 10 else logtext "Result: ${I} not found in mount list. Directory most likely stored on / file system" Display --indent 4 --text "- Checking ${I} mount point" --result SUGGESTION --color YELLOW ReportSuggestion ${TEST_NO} "To decrease the impact of a full ${I} file system, place ${I} on a separated partition" + AddHP 9 10 fi else logtext "Result: directory ${I} does not exist" @@ -60,10 +61,6 @@ # ################################################################################# # - # YYY Checking Physical Volumes -# -################################################################################# -# # Test : FILE-6311 # Description : Checking LVM Volume Groups # Notes : No volume groups found is sent to STDERR for unclear reasons. Filtering both STDERR redirecting and grep. |