inspec/lib/resources/group_policy.rb

# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
# author: Christoph Hartmann
# author: Dominik Richter
# license: All rights reserved

require 'json'

# return JSON object
def gpo(policy_path, policy_name)
  file = ::File.read(::File.join ::File.dirname(__FILE__), 'gpo.json')
  gpo_hash = JSON.parse(file)
  key = 'Machine--' + policy_path + '--' + policy_name
  gpo_hash[key]
end

# Group Policy
class GroupPolicy < Inspec.resource(1)
  name 'group_policy'

  def get_registry_value(entry)
    keys = entry['registry_information'][0]
    cmd = "(Get-Item 'Registry::#{keys['path']}').GetValue('#{keys['key']}')"
    command_result ||= inspec.command(cmd)
    val = { exit_code: command_result.exit_status.to_i, data: command_result.stdout }
    val
  end

  def convert_value(value)
    val = value.strip
    val = val.to_i if val.match(/^\d+$/)
    val
  end

  # returns nil, if not existant or value
  def method_missing(meth)
    # map gpo to registry key
    entry = gpo(@name, meth.to_s)

    # get data
    val = get_registry_value(entry)

    # verify data
    if (val[:exit_code] == 0)
      return convert_value(val[:data])
    else
      return nil
    end
  end

  def to_s
    'Group Policy'
  end
end
feature: add rules with IDs Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-06-07 15:09:02 +00:00			`# encoding: utf-8`
update copyright header 2015-07-15 13:15:18 +00:00			`# copyright: 2015, Vulcano Security GmbH`
add author header 2015-10-06 16:55:44 +00:00			`# author: Christoph Hartmann`
			`# author: Dominik Richter`
feature: add rules with IDs Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-06-07 15:09:02 +00:00			`# license: All rights reserved`

feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00			`require 'json'`

refactor types 2015-07-26 10:30:12 +00:00			`# return JSON object`
fix rubocop issues 2015-09-05 14:07:54 +00:00			`def gpo(policy_path, policy_name)`
			`file = ::File.read(::File.join ::File.dirname(__FILE__), 'gpo.json')`
move resource methods to respective library files Signed-off-by: Dominik Richter <dominik@vulcanosec.com> 2015-08-03 00:40:08 +00:00			`gpo_hash = JSON.parse(file)`
more rubocop fixes 2015-09-04 07:59:30 +00:00			`key = 'Machine--' + policy_path + '--' + policy_name`
refactor types 2015-07-26 10:30:12 +00:00			`gpo_hash[key]`
			`end`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00
refactor types 2015-07-26 10:30:12 +00:00			`# Group Policy`
rename vulcanosec -> inspec 2015-10-26 03:04:18 +00:00			`class GroupPolicy < Inspec.resource(1)`
migrate group policy Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:09:35 +00:00			`name 'group_policy'`
refactor types 2015-07-26 10:30:12 +00:00
lint resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-09-09 16:37:16 +00:00			`def get_registry_value(entry)`
refactor types 2015-07-26 10:30:12 +00:00			`keys = entry['registry_information'][0]`
			`cmd = "(Get-Item 'Registry::#{keys['path']}').GetValue('#{keys['key']}')"`
rename vulcanosec -> inspec 2015-10-26 03:04:18 +00:00			`command_result \|\|= inspec.command(cmd)`
fix rubocop issues 2015-09-05 14:07:54 +00:00			`val = { exit_code: command_result.exit_status.to_i, data: command_result.stdout }`
refactor types 2015-07-26 10:30:12 +00:00			`val`
			`end`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00
lint resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-09-09 16:37:16 +00:00			`def convert_value(value)`
refactor types 2015-07-26 10:30:12 +00:00			`val = value.strip`
			`val = val.to_i if val.match(/^\d+$/)`
more rubocop fixes 2015-09-04 07:59:30 +00:00			`val`
refactor types 2015-07-26 10:30:12 +00:00			`end`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00
refactor types 2015-07-26 10:30:12 +00:00			`# returns nil, if not existant or value`
			`def method_missing(meth)`
			`# map gpo to registry key`
			`entry = gpo(@name, meth.to_s)`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00
refactor types 2015-07-26 10:30:12 +00:00			`# get data`
lint resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-09-09 16:37:16 +00:00			`val = get_registry_value(entry)`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00
refactor types 2015-07-26 10:30:12 +00:00			`# verify data`
			`if (val[:exit_code] == 0)`
lint resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-09-09 16:37:16 +00:00			`return convert_value(val[:data])`
refactor types 2015-07-26 10:30:12 +00:00			`else`
more rubocop fixes 2015-09-04 07:59:30 +00:00			`return nil`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00			`end`
refactor types 2015-07-26 10:30:12 +00:00			`end`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00
refactor types 2015-07-26 10:30:12 +00:00			`def to_s`
			`'Group Policy'`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00			`end`
			`end`