Merge pull request #37 from stealthcopter/fix/ignore-broken-tests

Added sudo/sudoers check

deepce.sh

@@ -195,7 +195,7 @@ printTip() {
   if [ "$quiet" ]; then
     return
   fi
-  printer "$DG" "$1" | fold -s -w 95
+    printer "$DG" "$1" | fold -s -w 95
   nl
 }
 
@@ -369,14 +369,37 @@ userCheck() {
   printQuestion "User ...................."
   if [ "$(id -u)" = 0 ]; then
     isUserRoot="1"
-    printSuccess "root"
+    printEx "root"
   else
     printSuccess "$(whoami)"
   fi
 
   printQuestion "Groups .................."
   groups=$(groups| sed "s/\($DANGEROUS_GROUPS\)/${LG}${EX}&${NC}${DG}/g")
   printStatus "$groups" "None"
+
+  if ! [ $isUserRoot ]; then
+    printQuestion "Sudo ...................."
+    if [ -x "$(command -v sudo)" ]; then
+      if sudo -n -l 2>/dev/null; then
+        printEx "Passwordless Sudo"
+        isUserHasSudo="1"
+      else
+        printError "Password required"
+      fi
+    else
+      printError "sudo not found"
+    fi
+  else
+    printQuestion "Sudoers ................."
+    if [ -r /etc/sudoers ]; then
+      sudoers=$(grep -v "#\|^$\|^Defaults\|@include" /etc/sudoers)
+      printYes
+      printStatus "$sudoers"
+    else
+      printNo
+    fi
+  fi
 }
 
 dockerSockCheck() {
@@ -443,9 +466,7 @@ enumerateContainer() {
 
 containerID() {
   # Get container ID
-  containerID="$(cat /etc/hostname)"
-  #containerID="$(hostname)"
-  #containerID="$(uname -n)"
+  containerID="$(cat /etc/hostname || uname -n || hostname)"
   # Get container full ID
   printResult "Container ID ............" "$containerID" "Unknown"
 
@@ -499,13 +520,13 @@ containerName() {
     # Requires containerIP
     if [ "$containerIP" ]; then
         if [ -x "$(command -v host)" ]; then
-        containerName=$(host "$containerIP" | rev | cut -d' ' -f1 | rev)
+          containerName=$(host "$containerIP" | rev | cut -d' ' -f1 | rev)
         elif [ -x "$(command -v dig)" ]; then
-        containerName=$(dig -x "$containerIP" +noall +answer | grep 'PTR' | rev | cut -f1 | rev)
+          containerName=$(dig -x "$containerIP" +noall +answer | grep 'PTR' | rev | cut -f1 | rev)
         elif [ -x "$(command -v nslookup)" ]; then
-        containerName=$(nslookup "$containerIP" 2>/dev/null | grep 'name = ' | rev | cut -d' ' -f1 | rev)
+          containerName=$(nslookup "$containerIP" 2>/dev/null | grep 'name = ' | rev | cut -d' ' -f1 | rev)
         else
-        missingTools="1"
+          missingTools="1"
         fi
     fi
   else
@@ -807,16 +828,17 @@ findInterestingFiles() {
     printNo
   fi
 
-  hashes=$(cut -d':' -f2 < /etc/shadow 2>/dev/null | grep -v '^*$\|^!')
   printQuestion "Hashes in shadow file ..............."
-  if [ "$hashes" ]; then
-    printYes
-    printStatus "$hashes"
-  elif test -r /etc/shadow; then
-    # Cannot check...
-    printFail "No permissions"
+  if test -r /etc/shadow; then
+    hashes=$(cut -d':' -f2 < /etc/shadow 2>/dev/null | grep -v '^*$\|^!')
+    if [ "$hashes" ]; then
+      printYes
+      printStatus "$hashes"
+    else
+      printNo
+    fi
   else
-    printNo
+    printFail "Not readable"
   fi
 
   # TODO: Check this file /run/secrets/
@@ -829,7 +851,6 @@ findInterestingFiles() {
       printMsg "$(ls -lAh "$p")"
     fi
   done
-
 }
 
 checkDockerRootless() {