When we harden the OS via content, some services may either not work, or have degraded functionality. This may be tracked by looking at their journal logs before vs after hardening, ideally on boot (as they start up).
Diffing all of the output would probably generate too much noise, but we can check for some common words like
obsolete
deprecated
notice[^a-zA-Z]
error
warning
critical
denied
unknown
no such file
not found
no [^ ]+ found
fail[^a-zA-Z]
failed
failure
fatal
invalid
unable
does not
could not
problem
unexpected
traceback
please
insecure
for more
cannot
can't
[^a-zA-Z]bug([^a-zA-Z]|$)
and compare findings with these words before hardening vs after hardening, and fail on any difference.
The test (or a similar one) should also diff lists of failed services - if there are any new failing services that were starting up fine before hardening, that's a fail.
When we harden the OS via content, some services may either not work, or have degraded functionality. This may be tracked by looking at their journal logs before vs after hardening, ideally on boot (as they start up).
Diffing all of the output would probably generate too much noise, but we can check for some common words like
and compare findings with these words before hardening vs after hardening, and fail on any difference.