def run_os_checks():
log("Starting OS hardening checks.", level=DEBUG)
checks = apt.get_audits()
checks.extend(limits.get_audits())
checks.extend(login.get_audits())
checks.extend(minimize_access.get_audits())
checks.extend(pam.get_audits())
checks.extend(profile.get_audits())
checks.extend(securetty.get_audits())
checks.extend(suid_sgid.get_audits())
checks.extend(sysctl.get_audits())
for check in checks:
log("Running '%s' check" % (check.__class__.__name__), level=DEBUG)
check.ensure_compliance()
log("OS hardening checks complete.", level=DEBUG)
def run_os_checks():
log("Starting OS hardening checks.", level=DEBUG)
checks = apt.get_audits()
checks.extend(limits.get_audits())
checks.extend(login.get_audits())
checks.extend(minimize_access.get_audits())
checks.extend(pam.get_audits())
checks.extend(profile.get_audits())
checks.extend(securetty.get_audits())
checks.extend(suid_sgid.get_audits())
checks.extend(sysctl.get_audits())
for check in checks:
log("Running '%s' check" % (check.__class__.__name__), level=DEBUG)
check.ensure_compliance()
log("OS hardening checks complete.", level=DEBUG)
def test_os_securetty_and_check(self, mock_write, mock_ensure_permissions):
audits = securetty.get_audits()
contentcheckers = self.get_contentcheckers(audits)
renderers = self.get_renderers(audits)
def write(path, data):
if path in self.pathindex:
raise Exception("File already rendered '%s'" % path)
with tempfile.NamedTemporaryFile(delete=False) as ftmp:
self.pathindex[path] = ftmp.name
with open(ftmp.name, 'wb') as fd:
fd.write(data)
mock_write.side_effect = write
self.render(renderers)
self.checkcontents(contentcheckers)
self.assertTrue(mock_write.called)
args_list = mock_write.call_args_list
self.assertEqual('/etc/securetty', args_list[0][0][0])
self.assertEqual(mock_write.call_count, 1)
def test_securetty(self):
audits = securetty.get_audits()
self.assertEqual(1, len(audits))
audit = audits[0]
self.assertTrue(isinstance(audit, securetty.TemplatedFile))
self.assertEqual('/etc/securetty', audit.paths[0])