About sectests

sectests is a python/pytest test suite for infrastructure.

Usage

It can be used to check the CIS Distribution Independent Linux Benchmark v2.0.0 with:

pytest test_cis_dil_benchmark.py

showing an useful report like:

----------------------------------- Security Report -----------------------------------
1.1.11: CIS 1.1.11: Ensure separate partition exists for /var/log (Scored) (impact: 1.0)

The /var/log directory is used by system services to store log data.
Solution:
Configure /etc/fstab as appropriate.
--
1.1.12: CIS 1.1.12: Ensure separate partition exists for /var/log/audit (Scored) (impact: 1.0)

The auditing daemon, auditd , stores log data in the /var/log/audit directory.
Solution:
Configure /etc/fstab as appropriate.
--
Score: 6.0
============================== short test summary info ================================
SKIPPED [3] test_cis_dil_benchmark.py:18: /tmp has no separated partition
SKIPPED [3] test_cis_dil_benchmark.py:18: /var/tmp has no separated partition
SKIPPED [1] test_cis_dil_benchmark.py:521: Not implemented yet
SKIPPED [1] test_cis_dil_benchmark.py:540: Not implemented yet
FAILED test_cis_dil_benchmark.py::test_separate_partition_for_var_log[local] - AssertionError: /var/log should be mounted on its own partition
FAILED test_cis_dil_benchmark.py::test_separate_partition_for_var_log_audit[local] - AssertionError: /var/log/audit should be mounted on its own partition

Running it remotely

Thanks to pytest-testinfra it can be run remotely with ssh:

pytest test_cis_dil_benchmark.py --hosts ssh://hostname

or using ansible connections:

pytest test_cis_dil_benchmark.py --hosts ansible://all

or inside a docker instance:

pytest test_cis_dil_benchmark.py --hosts docker://docker-uid

or inside a kubernetes Pod instance:

pytest test_cis_dil_benchmark.py --hosts kubectl://somepod-2536ab?container=nginx&namespace=web

Please, check the pytest-testinfra backends documentation for more connectivity information.

Current status:

CIS Distribution indenpendent Linux Benchmark:

type	status
Filesystem configuration	incomplete
Services	not started yet
Network configuration	not started yet
Logging and Auditing	not started yet
Access, authentication and authorization	not started yet
System Maintenance	not started yet

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
Makefile		Makefile
README.md		README.md
conftest.py		conftest.py
requirements.txt		requirements.txt
setup.cfg		setup.cfg
test_cis_dil_benchmark_filesystem.py		test_cis_dil_benchmark_filesystem.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About sectests

Usage

Running it remotely

Current status:

About

Releases

Packages

Languages

magmax/sectests

Folders and files

Latest commit

History

Repository files navigation

About sectests

Usage

Running it remotely

Current status:

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages