diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-24 18:22:00 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-24 18:22:00 +0300 |
| commit | 2f4c854ba7790d1c8fb8c664daea6c971f18aa72 (patch) | |
| tree | c3eed34233a165d56df1173b3f08e047b47ae47e /include/tests_filesystems | |
| parent | 0b5af4ed387ea0582181e56a56609c4a633cb91f (diff) | |
Rename of categories, introduction of groups
Diffstat (limited to 'include/tests_filesystems')
| -rw-r--r-- | include/tests_filesystems | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/include/tests_filesystems b/include/tests_filesystems index f5f1fc09..479a5d36 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -35,7 +35,7 @@ # Test : FILE-6310 # Description : Checking if some mount points are separated from / # Goal : Users should not be able to fill their home directory or temporary directory and creating a Denial of Service - Register --test-no FILE-6310 --weight L --network NO --description "Checking /tmp, /home and /var directory" + Register --test-no FILE-6310 --weight L --network NO --category security --description "Checking /tmp, /home and /var directory" if [ ${SKIPTEST} -eq 0 ]; then Display --indent 2 --text "- Checking mount points" SEPARATED_FILESYTEMS="/home /tmp /var" @@ -71,7 +71,7 @@ # Description : Checking LVM Volume Groups # Notes : No volume groups found is sent to STDERR for unclear reasons. Filtering both STDERR redirecting and grep. if [ ! "${VGDISPLAYBINARY}" = "" -o ! "${LSVGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FILE-6311 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking LVM volume groups" + Register --test-no FILE-6311 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking LVM volume groups" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking for LVM volume groups" case ${OS} in @@ -104,7 +104,7 @@ # Test : FILE-6312 # Description : Checking LVM volumes if [ ${LVM_VG_USED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FILE-6312 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking LVM volumes" + Register --test-no FILE-6312 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking LVM volumes" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking for LVM volumes" case ${OS} in @@ -136,7 +136,7 @@ # # Test : FILE-6316 # Description : Checking /etc/fstab file permissions - #Register --test-no FILE-6316 --os Linux --weight L --network NO --description "Checking /etc/fstab" + #Register --test-no FILE-6316 --os Linux --weight L --network NO --category security --description "Checking /etc/fstab" #if [ ${SKIPTEST} -eq 0 ]; then # 644 # @@ -144,7 +144,7 @@ # # Test : FILE-6323 # Description : Checking Linux EXT2, EXT3, EXT4 file systems - Register --test-no FILE-6323 --os Linux --weight L --network NO --description "Checking EXT file systems" + Register --test-no FILE-6323 --os Linux --weight L --network NO --category security --description "Checking EXT file systems" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking for Linux EXT file systems" FIND=`mount -t ext2,ext3,ext4 | awk '{ print $3","$5 }'` @@ -167,7 +167,7 @@ # Test : FILE-6329 # Description : Query all FFS/UFS mounts from /etc/fstab if [ -f /etc/fstab ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FILE-6329 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking FFS/UFS file systems" + Register --test-no FILE-6329 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking FFS/UFS file systems" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Query /etc/fstab for available FFS/UFS mount points" FIND=`awk '{ if ($3 == "ufs" || $3 == "ffs" ) { print $1":"$2":"$3":"$4":" }}' /etc/fstab` @@ -188,7 +188,7 @@ # # Test : FILE-6330 # Description : Query all ZFS mounts from /etc/fstab - Register --test-no FILE-6330 --os FreeBSD --weight L --network NO --description "Checking ZFS file systems" + Register --test-no FILE-6330 --os FreeBSD --weight L --network NO --category security --description "Checking ZFS file systems" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Query /etc/fstab for available ZFS mount points" FIND=`mount -p | awk '{ if ($3 == "zfs") { print $1":"$2":"$3":"$4":" }}'` @@ -210,7 +210,7 @@ # Test : FILE-6332 # Description : Check swap partitions if [ -f /etc/fstab ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FILE-6332 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking swap partitions" + Register --test-no FILE-6332 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking swap partitions" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 LogText "Test: query swap partitions from /etc/fstab file" @@ -271,7 +271,7 @@ # Examples : [partition] swap swap defaults 0 0 # [partition] none swap sw 0 0 if [ -f /etc/fstab ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FILE-6336 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking swap mount options" + Register --test-no FILE-6336 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking swap mount options" if [ ${SKIPTEST} -eq 0 ]; then # Swap partitions should be mounted with 'sw' or 'swap' LogText "Test: check swap partitions with incorrect mount options" @@ -304,7 +304,7 @@ PREQS_MET="NO"; fi fi - Register --test-no FILE-6344 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking proc mount options" + Register --test-no FILE-6344 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking proc mount options" if [ ${SKIPTEST} -eq 0 ]; then # Proc should be mounted with 'hidepid=2' or 'hidepid=1' at least LogText "Test: check proc mount with incorrect mount options" @@ -327,7 +327,7 @@ # Test : FILE-6354 # Description : Search files within /tmp which are older than 3 months if [ -d /tmp ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FILE-6354 --preqs-met ${PREQS_MET} --weight L --network NO --description "Searching for old files in /tmp" + Register --test-no FILE-6354 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Searching for old files in /tmp" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Searching for old files in /tmp" # Search for files only in /tmp, with an access time older than X days @@ -357,7 +357,7 @@ # Test : FILE-6362 # Description : Check for sticky bit on /tmp if [ -d /tmp -a ! -L /tmp ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FILE-6362 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking /tmp sticky bit" + Register --test-no FILE-6362 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking /tmp sticky bit" if [ ${SKIPTEST} -eq 0 ]; then # Depending on OS, number of field with 'tmp' differs FIND=`ls -l / | tr -s ' ' | awk -F" " '{ if ( $8 == "tmp" || $9 == "tmp" ) { print $1 } }' | cut -c 10` @@ -388,7 +388,7 @@ # # Test : FILE-6368 # Description : Checking Linux root file system ACL support - Register --test-no FILE-6368 --os Linux --weight L --network NO --root-only YES --description "Checking ACL support on root file system" + Register --test-no FILE-6368 --os Linux --weight L --network NO --root-only YES --category security --description "Checking ACL support on root file system" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 LogText "Test: Checking acl option on ext[2-4] root file system" @@ -449,7 +449,7 @@ # Test : FILE-6372 # Description : Check / mount options for Linux # Notes : - Register --test-no FILE-6372 --os Linux --weight L --network NO --description "Checking / mount options" + Register --test-no FILE-6372 --os Linux --weight L --network NO --category security --description "Checking / mount options" if [ ${SKIPTEST} -eq 0 ]; then if [ -f /etc/fstab ]; then FIND=`cat /etc/fstab | grep -v "^#" | awk '{ if ($2=="/") { print $4 } }'` @@ -493,7 +493,7 @@ # --------------------------------------------------------- FILESYSTEMS_TO_CHECK="/boot:nodev,noexec,nosuid /dev/shm:nosuid,nodev,noexec /home:nodev,nosuid /tmp:nodev,noexec,nosuid /var:nosuid /var/log:nodev,noexec,nosuid /var/log/audit:nodev,noexec,nosuid /var/tmp:nodev,noexec,nosuid" - Register --test-no FILE-6374 --os Linux --weight L --network NO --description "Checking /boot mount options" + Register --test-no FILE-6374 --os Linux --weight L --network NO --category security --description "Checking /boot mount options" if [ ${SKIPTEST} -eq 0 ]; then if [ -f /etc/fstab ]; then for I in ${FILESYSTEMS_TO_CHECK}; do @@ -547,7 +547,7 @@ # # Test : FILE-6376 # Description : Bind mount the /var/tmp directory to /tmp - Register --test-no FILE-6376 --os Linux --weight L --network NO --description "Determine if /var/tmp is bound to /tmp" + Register --test-no FILE-6376 --os Linux --weight L --network NO --category security --description "Determine if /var/tmp is bound to /tmp" if [ ${SKIPTEST} -eq 0 ]; then if [ -f /etc/fstab ]; then FIND=`awk '{ if ($2=="/var/tmp") { print $4 } }' /etc/fstab` @@ -617,7 +617,7 @@ # or /var/cache/locate/locatedb # FreeBSD /var/db/locate.database if [ ! "${LOCATEBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FILE-6410 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Checking Locate database" + Register --test-no FILE-6410 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --category security --description "Checking Locate database" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking locate database" FOUND=0 @@ -681,7 +681,7 @@ # Description : Disable mounting of some filesystems # Rationale : Unless there is a specific reason to use a particular file system, disable it. # Data : cramfs freevxfs hfs hfsplus jffs2 squashfs udf - Register --test-no FILE-6430 --weight L --network NO --description "Disable mounting of some filesystems" + Register --test-no FILE-6430 --weight L --network NO --category security --description "Disable mounting of some filesystems" if [ ${SKIPTEST} -eq 0 ]; then if [ ! "${LSMODBINARY}" = "" -a -f /proc/modules ]; then Display --indent 2 --text "- Disable kernel support of some filesystems" |