hardening/tests/resolvedconf.bats at master · Dimi8146/hardening · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#!/usr/bin/env bats

load test_helper

@test "Verify a DNS server is set in $RESOLVEDCONF" {
  run bash -c "grep '^DNS=...' $RESOLVEDCONF"
  [ "$status" -eq 0 ]
}

@test "Verify a FallbackDNS server is set in $RESOLVEDCONF" {
  run bash -c "grep '^FallbackDNS=...' $RESOLVEDCONF"
  [ "$status" -eq 0 ]
}

@test "Verify that DNSSEC is used in $RESOLVEDCONF" {
  run bash -c "grep '^DNSSEC=...' $RESOLVEDCONF"
  [ "$status" -eq 0 ]
}

@test "Verify that DNSOverTLS is used in $RESOLVEDCONF" {
  run bash -c "grep '^DNSOverTLS=opportunistic$' $RESOLVEDCONF"
  [ "$status" -eq 0 ]
}

@test "Verify that nss-resolve is present in /etc/nsswitch.conf" {
  run bash -c "grep '^hosts:.*files.*resolve' /etc/nsswitch.conf"
  [ "$status" -eq 0 ]
}