Tests

We provide a simple way to evaluate the effective code coverage of our tool (see the issue).

Travis

The travis-ci environment gives an isolated Ubuntu 12.04 to perform two run of cis-ubuntu-ansible.

Drone.io

The drone environment is close to travis, but provides Ubuntu 14.04 and the ability to export files. @pchaigno created the settings and the dynamic code coverage badge with this PR.

Code coverage

All sections cannot be tested given the strong impact on the testing systems, and our rights. Note that the current document focus on the drone.io build where the badge is generated. If you have a creative way to do the same on travis, contact us or open an issue.

Section 01 - Patching and Sofware Updates

The section tests for new packages and require a long time. Given our ephemeral travis and drone builds, we skip this step.

[]

Section 02 - Filesystem configuration

This section deals with current filesystem mounts and we are not able to perform such modifications on the CI environments.

[]

Section 03 - Secure boot settings

This section hardens the grub related files, which is not available on the testing system.

[]

Section 04 - Additional process hardening

This section looks for potential leaks and fix them. The build environment prohibid us from modifying some variables (such as fs.suid_dumpable).

[]

Section 05 - OS services

This section disables unneeded services on the system to reduce the attack surface. There is no restriction here.

[]

Section 06 - Special purposes services

This section extends section 05 with other services.

[]

Section 07

This section forces sysctl values to correctly setup network and IPv6.

[]

Section 08

This section configures logs and rights.

[]

Section 09

[]

Section 010

[]

Section 011

[]

Section 012

[]

Section 013

[]