From e21e8679e0514a75a0c11a889f192f6cc435752c Mon Sep 17 00:00:00 2001
From: mboelen <michael@cisofy.com>
Date: Tue, 7 Apr 2015 17:19:25 +0200
Subject: Check also /var and assign hardening points

---
 include/tests_filesystems | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/include/tests_filesystems b/include/tests_filesystems
index b9715e46..6d9453da 100644
--- a/include/tests_filesystems
+++ b/include/tests_filesystems
@@ -29,13 +29,12 @@
 #################################################################################
 #
     # Test        : FILE-6310
-    # Description : Checking if /tmp and /home are separated from /
-    # Goal        : Users should not be able to fill their home directory or
-    #               temporary directory and creating a Denial of Service
-    Register --test-no FILE-6310 --weight L --network NO --description "Checking /tmp and /home directory"
+    # Description : Checking if some mount points are separated from /
+    # Goal        : Users should not be able to fill their home directory or temporary directory and creating a Denial of Service
+    Register --test-no FILE-6310 --weight L --network NO --description "Checking /tmp, /home and /var directory"
     if [ ${SKIPTEST} -eq 0 ]; then
         Display --indent 2 --text "- Checking mount points"
-        SEPARATED_FILESYTEMS="/home /tmp"
+        SEPARATED_FILESYTEMS="/home /tmp /var"
         for I in ${SEPARATED_FILESYTEMS}; do
             logtext "Test: Checking if ${I} is mounted separately or mounted on / file system"
             if [ -L ${I} ]; then
@@ -47,10 +46,12 @@
                 if [ ! "${FIND}" = "" ]; then
                     logtext "Result: found ${I} as a separated mount point"
                     Display --indent 4 --text "- Checking ${I} mount point" --result OK --color GREEN
+                    AddHP 10 10
                   else
                     logtext "Result: ${I} not found in mount list. Directory most likely stored on / file system"
                     Display --indent 4 --text "- Checking ${I} mount point" --result SUGGESTION --color YELLOW
                     ReportSuggestion ${TEST_NO} "To decrease the impact of a full ${I} file system, place ${I} on a separated partition"
+                    AddHP 9 10
                 fi
               else
                 logtext "Result: directory ${I} does not exist"
@@ -59,10 +60,6 @@
     fi
 #
 #################################################################################
-#
-    # YYY Checking Physical Volumes
-#
-#################################################################################
 #
     # Test        : FILE-6311
     # Description : Checking LVM Volume Groups
-- 
cgit v1.2.3