colin
/
UBUNTU24-CIS-Audit
mirror of https://github.com/ansible-lockdown/UBUNTU24-CIS-Audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated script 

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-12-06 13:58:47 +00:00
parent 22f89f4b55
commit c96f1bc4ac
No known key found for this signature in database
GPG Key ID: 997FF7FE93AEB5B9
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
run_audit.sh
View File

@ -17,14 +17,15 @@
# benchmark vars moved # benchmark vars moved
# December 2023 Added goss version and testing # December 2023 Added goss version and testing
# April 2024 Updating of OS discovery to work for all supported OSs # April 2024 Updating of OS discovery to work for all supported OSs
# August 2024 Improve failure capture
# Variables in upper case tend to be able to be adjusted # Variables in upper case tend to be able to be adjusted
# lower case variables are discovered or built from other variables # lower case variables are discovered or built from other variables
# Goss benchmark variables (these should not need changing unless new release) # Goss benchmark variables (these should not need changing unless new release)
BENCHMARK=CIS # Benchmark Name aligns to the audit BENCHMARK=CIS # Benchmark Name aligns to the audit
BENCHMARK_VER=2.0.0 BENCHMARK_VER=1.0.0
BENCHMARK_OS=UBUNTU24 BENCHMARK_OS=UBUNTU
# Goss host Variables # Goss host Variables
AUDIT_BIN="${AUDIT_BIN:-/usr/local/bin/goss}" # location of the goss executable AUDIT_BIN="${AUDIT_BIN:-/usr/local/bin/goss}" # location of the goss executable
@ -202,12 +203,13 @@ echo
$AUDIT_BIN -g "$audit_content_dir/$AUDIT_FILE" --vars "$varfile_path" --vars-inline "$audit_json_vars" v $format_output > "$audit_out" $AUDIT_BIN -g "$audit_content_dir/$AUDIT_FILE" --vars "$varfile_path" --vars-inline "$audit_json_vars" v $format_output > "$audit_out"
# create screen output # create screen output
if [ "$(grep -c $BENCHMARK "$audit_out")" != 0 ] || [ "$format" = junit ] || [ "$format" = tap ]; then if [ "$(grep -c Count: "$audit_out")" -ge 1 ] || [ "$format" = junit ] || [ "$format" = tap ]; then
eval $output_summary eval $output_summary
echo "Completed file can be found at $audit_out" echo "Completed file can be found at $audit_out"
echo "###############" echo "###############"
echo "Audit Completed" echo "Audit Completed"
echo "###############" echo "###############"
else else
echo -e "Fail: There were issues when running the audit please investigate $audit_out" echo -e "Fail: There were issues when running the audit please investigate $audit_out";
exit 1
fi fi