[GH-ISSUE #26] Several bats tests failed on a clean Ubuntu install #7

New issue

Closed

opened 2026-03-03 13:58:15 +03:00 by kerem · 1 comment

kerem commented

2026-03-03 13:58:15 +03:00

Owner

Originally created by @fanfelle on GitHub (May 1, 2018).
Original GitHub issue: https://github.com/konstruktoid/hardening/issues/26

Thanks for putting together these scripts; I am a *nix novice and was getting worn down trying to implement every CIS benchmark step manually. I am looking to harden my VPS starting with using a minimal install of Ubuntu 16.04. I created all of the partitions with two standard partitions (/boot and swap) and the rest I am using LVM2.

I assume that after running the scripts that the tests should run relatively error free. I have found that most in the 17_packages module fail (aide, apparmor, etc), several in 19_password, and most in 22_auditd.

It isn't clear whether the scripts are robust enough to be rerun without causing problems; can you confirm? Unfortunately I neglected to send the output of the ubuntu.sh to a file and it doesn't appear that the scripts create a log file automatically.

Any recommendations on how to proceed?

Originally created by @fanfelle on GitHub (May 1, 2018). Original GitHub issue: https://github.com/konstruktoid/hardening/issues/26 Thanks for putting together these scripts; I am a *nix novice and was getting worn down trying to implement every CIS benchmark step manually. I am looking to harden my VPS starting with using a minimal install of Ubuntu 16.04. I created all of the partitions with two standard partitions (/boot and swap) and the rest I am using LVM2. I assume that after running the scripts that the tests should run relatively error free. I have found that most in the 17_packages module fail (aide, apparmor, etc), several in 19_password, and most in 22_auditd. It isn't clear whether the scripts are robust enough to be rerun without causing problems; can you confirm? Unfortunately I neglected to send the output of the ubuntu.sh to a file and it doesn't appear that the scripts create a log file automatically. Any recommendations on how to proceed?

kerem closed this issue

2026-03-03 13:58:16 +03:00

kerem commented

2026-03-03 13:58:16 +03:00

Author

Owner

@konstruktoid commented on GitHub (May 2, 2018):

Hi @fanfelle, running the test on a Vagrant (patched and rebooted) Ubuntu 18.04 there will be around 380 failures.
Running the same tests on the same server after the script and a reboot, there will be around 20 fails (disk partitions etc due to Vagrant).
I've noticed some tests haven't been updated recently, so that will be fixed soonish.

There will be some duplicates if you run the script multiple times (e.g. kernel module blacklists), so before running the script again, reboot the server and run the tests again.

Ref #25 about logging.

@konstruktoid commented on GitHub (May 2, 2018): Hi @fanfelle, running the test on a Vagrant (patched and rebooted) Ubuntu 18.04 there will be around 380 failures. Running the same tests on the same server after the script and a reboot, there will be around 20 fails (disk partitions etc due to Vagrant). I've noticed some tests haven't been updated recently, so that will be fixed soonish. There will be some duplicates if you run the script multiple times (e.g. kernel module blacklists), so before running the script again, reboot the server and run the tests again. Ref #25 about logging.

kerem referenced this issue

2026-03-03 14:29:39 +03:00

[PR #7] [MERGED] hashsize, dmidecode, rc #95