Skip to content

Commit

Permalink
less ugly test report
Browse files Browse the repository at this point in the history 
Signed-off-by: Thomas Sjögren <[email protected]>
  • Loading branch information
@konstruktoid
konstruktoid committed May 24, 2019
1 parent a0d7891 commit 36a2ec6
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 35 deletions.
80 changes: 54 additions & 26 deletions TESTRESULTS.adoc
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
= Vagrant Ubuntu Test results - Wed May 22 20:55:23 UTC 2019
= Vagrant Ubuntu Test results - Fri May 24 12:36:18 UTC 2019
:icons: font
Number of tests: 489

Expand All @@ -7,16 +7,21 @@ The score is calculated using `100-(100*FAILED_TESTS/TESTS)`.
NOTE: This is a quick test script using Vagrant boxes and some functions may fail resulting in incorrect output or score. Always verify using systems similar too those used by your organization.

== System information
----
Vagrant 2.2.4
ubuntu/bionic86 (virtualbox, 20190521.0.0)
ubuntu/cosmic86 (virtualbox, 20190514.0.1)
ubuntu/bionic86 (virtualbox, 20190521.0.0)
ubuntu/bionic86 (virtualbox, 20190523.0.0)
ubuntu/cosmic86 (virtualbox, 20190522.0.0)
ubuntu/bionic86 (virtualbox, 20190523.0.0)
ubuntu/disco86 (virtualbox, 20190514.0.1)
----

== bionic
* Failed number of tests: 19
----
Failed number of tests: 19
----

* Failed tests:
=== Failed tests:
----
not ok 23 Verify that runtime kernel module squashfs is disabled
not ok 25 Verify that runtime kernel module vfat is disabled
not ok 59 Verify that /home is a separate partition
Expand All @@ -36,14 +41,16 @@ not ok 469 Verify that DNSOverTLS is used in /etc/systemd/resolved.conf
not ok 487 Verify password protected GRUB
not ok 488 Verify Google 2FA in /etc/pam.d/sshd
not ok 489 Verify Yubico 2FA in /etc/pam.d/sshd
----
=== Lynis score:
----
* Score: 97

* Lynis score:
os_version=18.04
hardening_index=91
----

* Lynis warnings and suggestions:
=== Lynis warnings and suggestions:
----
suggestion[]=TOOL-5002|Determine if automation tools are present for system management|-|-|
suggestion[]=SSH-7408|Consider hardening SSH configuration|TCPKeepAlive (YES --> NO)|-|
suggestion[]=SSH-7408|Consider hardening SSH configuration|Port (22 --> )|-|
Expand All @@ -59,11 +66,17 @@ suggestion[]=BOOT-5122|Set a password on GRUB bootloader to prevent altering boo
suggestion[]=BANN-7130|Add legal banner to /etc/issue.net, to warn unauthorized users|-|-|
suggestion[]=BANN-7126|Add a legal banner to /etc/issue, to warn unauthorized users|-|-|
suggestion[]=ACCT-9626|Enable sysstat to collect accounting (no results)|-|-|
----

=== Score: 97

== cosmic
* Failed number of tests: 25
----
Failed number of tests: 25
----

* Failed tests:
=== Failed tests:
----
not ok 23 Verify that runtime kernel module squashfs is disabled
not ok 25 Verify that runtime kernel module vfat is disabled
not ok 59 Verify that /home is a separate partition
Expand All @@ -89,14 +102,16 @@ not ok 438 Ensure user uucp is removed
not ok 487 Verify password protected GRUB
not ok 488 Verify Google 2FA in /etc/pam.d/sshd
not ok 489 Verify Yubico 2FA in /etc/pam.d/sshd
----
=== Lynis score:
----
* Score: 95

* Lynis score:
os_version=18.10
hardening_index=91
----

* Lynis warnings and suggestions:
=== Lynis warnings and suggestions:
----
suggestion[]=TOOL-5002|Determine if automation tools are present for system management|-|-|
suggestion[]=SSH-7408|Consider hardening SSH configuration|TCPKeepAlive (YES --> NO)|-|
suggestion[]=SSH-7408|Consider hardening SSH configuration|Port (22 --> )|-|
Expand All @@ -113,11 +128,17 @@ suggestion[]=BOOT-5122|Set a password on GRUB bootloader to prevent altering boo
suggestion[]=BANN-7130|Add legal banner to /etc/issue.net, to warn unauthorized users|-|-|
suggestion[]=BANN-7126|Add a legal banner to /etc/issue, to warn unauthorized users|-|-|
suggestion[]=ACCT-9626|Enable sysstat to collect accounting (no results)|-|-|
----

=== Score: 95

== disco
* Failed number of tests: 14
----
Failed number of tests: 14
----

* Failed tests:
=== Failed tests:
----
not ok 23 Verify that runtime kernel module squashfs is disabled
not ok 25 Verify that runtime kernel module vfat is disabled
not ok 109 Verify kernel.modules_disabled in /etc/sysctl.*
Expand All @@ -132,14 +153,16 @@ not ok 438 Ensure user uucp is removed
not ok 487 Verify password protected GRUB
not ok 488 Verify Google 2FA in /etc/pam.d/sshd
not ok 489 Verify Yubico 2FA in /etc/pam.d/sshd
----
=== Lynis score:
----
* Score: 98

* Lynis score:
os_version=19.04
hardening_index=91
----

* Lynis warnings and suggestions:
=== Lynis warnings and suggestions:
----
suggestion[]=TOOL-5002|Determine if automation tools are present for system management|-|-|
suggestion[]=SSH-7408|Consider hardening SSH configuration|TCPKeepAlive (YES --> NO)|-|
suggestion[]=SSH-7408|Consider hardening SSH configuration|Port (22 --> )|-|
Expand All @@ -155,12 +178,17 @@ suggestion[]=BOOT-5122|Set a password on GRUB bootloader to prevent altering boo
suggestion[]=BANN-7130|Add legal banner to /etc/issue.net, to warn unauthorized users|-|-|
suggestion[]=BANN-7126|Add a legal banner to /etc/issue, to warn unauthorized users|-|-|
suggestion[]=ACCT-9626|Enable sysstat to collect accounting (no results)|-|-|
----

=== Score: 98

== standard
* Failed number of tests: 408
=== Failed number of tests: 408

* Score: 17
=== Score: 17
=== Lynis score:
----
* Lynis score:
os_version=18.04
hardening_index=61
hardening_index=66
----
31 changes: 22 additions & 9 deletions runTests.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,13 @@ wait
echo "NOTE: This is a quick test script using Vagrant boxes and some functions may fail resulting in incorrect output or score. Always verify using systems similar too those used by your organization."
echo
echo "== System information"
echo "----"
vagrant --version

for box in $(grep 'vm.box' Vagrantfile | grep -o '".*"$' | tr -d '"'); do
vagrant box list | grep -i "${box}" | tail -n1 | sed 's/64.*(/86 \(/g'
done
echo "----"

# Modified VMs
for VM in $(vagrant status | grep -iE 'running.*virtualbox' |\
Expand All @@ -88,35 +90,44 @@ wait
echo
echo "== ${VM}"

echo "----"
while read -r f; do
if test -s "${f}"; then
FAILED_TESTS="$(grep -c '^not ok' "${f}")"
echo "* Failed number of tests: ${FAILED_TESTS}"
echo "Failed number of tests: ${FAILED_TESTS}"
else
echo "$f is empty, a test stage failed."
fi
done < <(find ./ -name "*${VM}*bats.log" -type f)
echo "----"

echo
echo "* Failed tests:"
echo "=== Failed tests:"
echo "----"
grep -shE '^not ok' ./*"${VM}"*bats.log | sort -k3n | uniq
echo "----"

echo
echo "* Score: $((100-(100*FAILED_TESTS/TESTS)))"

echo "=== Lynis score:"
echo "----"
find ./ -name "*${VM}*lynis.log" -type f | while read -r f; do
if test -s "${f}"; then
echo
echo "* Lynis score:"
grep -E 'hardening_index|os_version' "${f}"
else
echo "$f is empty, a test stage failed."
fi
done
echo "----"

echo
echo "* Lynis warnings and suggestions:"
echo "=== Lynis warnings and suggestions:"
echo "----"
grep -shE '^warning|^suggestion' ./*"${VM}"*lynis.log | sort -r | uniq
echo "----"

echo
echo "=== Score: $((100-(100*FAILED_TESTS/TESTS)))"
done


Expand All @@ -136,24 +147,26 @@ wait
while read -r f; do
if test -s "${f}"; then
FAILED_TESTS="$(grep -c '^not ok' "${f}")"
echo "* Failed number of tests: ${FAILED_TESTS}"
echo "=== Failed number of tests: ${FAILED_TESTS}"
else
echo "$f is empty, a test stage failed."
fi
done < <(find ./ -name "*${VM}*bats.log" -type f)

echo
echo "* Score: $((100-(100*FAILED_TESTS/TESTS)))"
echo "=== Score: $((100-(100*FAILED_TESTS/TESTS)))"

echo "=== Lynis score:"
echo "----"
find ./ -name "*${VM}*lynis.log" -type f | while read -r f; do
if test -s "${f}"; then
echo
echo "* Lynis score:"
grep -E 'hardening_index|os_version' "${f}"
else
echo "$f is empty, a test stage failed."
fi
done
echo "----"
done
} > TESTRESULTS.adoc

Expand Down

0 comments on commit 36a2ec6

Please sign in to comment.