Dominik Richter
34bc6a387c
feature: add configurable profile_id field
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-25 17:45:46 +02:00
Dominik Richter
3440f6f69e
bugfix scope
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 18:21:09 +02:00
Dominik Richter
8d0976a4cc
bugfix: scoping for ubuntu's ruby version
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 17:57:07 +02:00
Dominik Richter
e832a1f2c8
bugfix: typo
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 17:27:05 +02:00
Dominik Richter
6b8cd1078a
bugfix: mysql dynamic describe
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 16:33:22 +02:00
Dominik Richter
b3495e9fc5
bugfix: mysql resouce skipping and checking
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 16:18:40 +02:00
Dominik Richter
40ed9799b7
feature: mysql config resource updated
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 15:51:44 +02:00
Dominik Richter
232de91d9a
feature: mysql resource with debian login + skipping policy
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 15:24:35 +02:00
Dominik Richter
ff0020ac73
bugfix: enforce utf-8 encoding
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 08:56:13 +02:00
Dominik Richter
1b9997b204
bugfix: work around embedded only_if conditionals
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 22:52:40 +02:00
Dominik Richter
8294641b1e
bugfix: allow json/check methods to run despite only_if in profile
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 22:36:38 +02:00
Dominik Richter
cb3e067a1f
feature: helper method to check if a default command exists
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 18:19:04 +02:00
Dominik Richter
5d5b945933
feature: only_if for profiles added
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 18:07:35 +02:00
Dominik Richter
cceefa54cf
add base resource
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 17:06:04 +02:00
Dominik Richter
7a721dba7e
feature: skip ssh config if file isn't readable/found
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 16:33:08 +02:00
Dominik Richter
8026915ce5
feature: support skipping rules via resources
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 16:32:42 +02:00
Dominik Richter
e0e7fb8996
bugfix: indicate that file resource is really working with paths
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 11:23:30 +02:00
Dominik Richter
9e79b49f43
improvement: file permission matchers add full description
2015-06-21 11:06:39 +02:00
Dominik Richter
b942a1a103
bugfix: run without profile ID defined
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 10:28:13 +02:00
Dominik Richter
1abfdae264
bugfix: use fully qualified profile IDs
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 02:21:08 +02:00
Dominik Richter
e476ce6cae
Merge branch 'inheritance'
2015-06-20 01:55:17 +02:00
Dominik Richter
1d6a0decad
make json-builder work again with new rule-tree
2015-06-20 01:41:48 +02:00
Dominik Richter
83dc0a6425
make check work again with new rule-tree
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 01:36:59 +02:00
Dominik Richter
5e83779fb4
api: separate name from title in metadata
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 01:04:05 +02:00
Dominik Richter
ef4471d20b
feature: allow to skip rules
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 00:20:44 +02:00
Dominik Richter
2e1106b933
feature: add rule hierarchy with include and require rules
...
include_rules 'vulcanosec/ssh'
this will include all rules defined in vulcanosec/ssh
require_rules 'vulcanosec/linux'
this will not include any rules yet, but you may choose what you want to pull in.
both have a block attached which will allow you to choose rules (for require_rules) and redefined/change existing rules as you like. small example:
require_rules 'vulcanosec/linux' do
rule fs-3 do
impact 1.0
end
end
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 00:00:53 +02:00
Dominik Richter
a6748e2418
load rules from a spec file into a profile context
2015-06-19 22:23:07 +02:00
Dominik Richter
7649d1459c
simplify global vs embedded rule handling
...
i.e. one executes directly, the other just registers. this change makes such a distinction much easier
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 21:52:57 +02:00
Dominik Richter
da71e1e826
move DSL helper methods out of local DSL space
...
to avoid potential collissions
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 21:43:04 +02:00
Dominik Richter
8181ee038e
move rule execution and ID-fixing out
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 21:17:56 +02:00
Dominik Richter
f64f15ee6b
make syntax binding to scope programmable
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 20:11:26 +02:00
Dominik Richter
2c912d2fbe
initialize vulcano module + version first
...
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 18:45:38 +02:00
Dominik Richter
e689afb4b8
improvement: split vulcano core library from verification
2015-06-19 16:45:36 +02:00
Dominik Richter
aebed6cb55
bugfix: only call rule blocks if they are given
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-19 16:32:11 +02:00
Dominik Richter
6f4a1fc092
move log out of bin/vulcano; it's not used there
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-19 15:06:44 +02:00
Dominik Richter
c6b000a587
add license_finder to dev gems
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-19 15:06:13 +02:00
Dominik Richter
a8579985aa
update serverspec dependency
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-18 23:54:09 +02:00
Dominik Richter
86b85801a1
add gemfile
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-18 23:54:02 +02:00
Dominik Richter
1b36802589
feature: include other rules
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-18 17:32:40 +02:00
Dominik Richter
243c7b9892
feature: sudo configuration
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-17 10:49:25 +02:00
Dominik Richter
1a05865d6e
feature: print number of rules checked
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-16 23:33:27 +02:00
Dominik Richter
1247dd7bc7
api: change check -> rule
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-16 23:30:08 +02:00
Dominik Richter
e86cd978eb
bugfix: create check structure with meta-info
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-12 12:32:10 +02:00
Dominik Richter
8a8021a7ab
print validation info on default checking mode
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:54:35 +02:00
Dominik Richter
9f02a88e54
improvement: separate checking information from processing
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:53:25 +02:00
Dominik Richter
3013bdcc46
feature: add pry for development consoles
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:40:16 +02:00
Dominik Richter
c329b6743a
bugfix: add resources to rules
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:37:51 +02:00
Dominik Richter
0c0be4b09e
bugfix: don't evaluate nil impact
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:36:30 +02:00
Dominik Richter
b5fb4c46c0
improvement: print file which has error
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:26:29 +02:00
Dominik Richter
fb9d09af49
bugfix: gsub on empty desciption
...
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:23:36 +02:00