Commit graph

1679 commits

Author SHA1 Message Date
Christoph Hartmann
a7efec310b implement yum resource 2015-09-22 01:10:56 +02:00
Christoph Hartmann
7e9eb2920d add usage header for audit resource 2015-09-21 14:12:34 +02:00
Christoph Hartmann
62d0b217f9 optimize comments for audit_policy resource 2015-09-21 14:09:43 +02:00
Christoph Hartmann
e57e5f3fd6 bugfix: use new volcano backend for registry key 2015-09-21 14:09:10 +02:00
Christoph Hartmann
92ff33cbba improvement: use separate object to hold filter state, optimize users output 2015-09-21 14:07:58 +02:00
Christoph Hartmann
d40ab9a9ad bugfix: set default path for inetd_conf 2015-09-21 14:06:01 +02:00
Christoph Hartmann
0d7d01efbd bugfix: set default path for limits.conf 2015-09-21 14:04:02 +02:00
Christoph Hartmann
797d24c14a add login_def resource unit test 2015-09-21 14:01:51 +02:00
Christoph Hartmann
9358ac3035 rename env.rb to os_env.rb 2015-09-21 13:58:47 +02:00
Christoph Hartmann
672f03a0dd improve output of ntp resource for single value arrays 2015-09-21 13:58:03 +02:00
Christoph Hartmann
7295e4c16f improve handling on uid data view 2015-09-21 13:56:08 +02:00
Christoph Hartmann
852e5ae627 improvement: remove class variables from security policy implementation 2015-09-21 13:52:49 +02:00
Christoph Hartmann
53eb3b6990 bugfix: escape string before regex, fix regular expression to identify key 2015-09-21 13:52:33 +02:00
Christoph Hartmann
e9e24a6bd5 use new volcano backend for security policy 2015-09-21 13:51:27 +02:00
Christoph Hartmann
f0ac64cf31 improvement: extend mock to support simulated cmds 2015-09-21 13:43:09 +02:00
Christoph Hartmann
cdf15b9dd1 bugfix: support multiple values in ssh config like 'HostKey', improve readability by extracting the first value from array, if we have only one value 2015-09-21 13:43:09 +02:00
Christoph Hartmann
0e8651bf26 fix rubocop issues 2015-09-05 16:07:54 +02:00
Christoph Hartmann
36c9de7529 more rubocop fixes 2015-09-04 09:59:30 +02:00
Christoph Hartmann
91ea24d538 replace :: with . syntax 2015-09-04 09:15:20 +02:00
Christoph Hartmann
bbbb8380ca replace raise with fail 2015-09-03 23:24:42 +02:00
Christoph Hartmann
556bb5a0f0 remove empty lines 2015-09-03 23:20:53 +02:00
Christoph Hartmann
1773d20178 use single quotes 2015-09-03 23:18:28 +02:00
Christoph Hartmann
5c137a7ab1 remove redundant return 2015-09-03 20:45:37 +02:00
Christoph Hartmann
349d5bf9f1 harmonize method definition style 2015-09-03 20:43:58 +02:00
Christoph Hartmann
7bdcc00e94 add utf-8 header 2015-09-03 20:36:46 +02:00
Christoph Hartmann
5612752b82 use single quotes 2015-09-03 20:35:23 +02:00
Christoph Hartmann
a895d19f03 simplify mock file loading method 2015-09-03 17:53:38 +02:00
Christoph Hartmann
a206d0ef09 (re)add debug for mock backend 2015-09-03 17:51:08 +02:00
Christoph Hartmann
7db6941219 feature: add bond resource implementation 2015-09-03 17:34:11 +02:00
Christoph Hartmann
ceb68f94cf feature: extend mock framework to support file mappings 2015-09-03 17:34:11 +02:00
Dominik Richter
c9fcb2913a complete all file tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 16:17:52 +02:00
Dominik Richter
29a143a67f remove file ctime
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 15:43:30 +02:00
Dominik Richter
708fa8485d bugfix: reset specinfra backends between runs manually
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 15:32:33 +02:00
Dominik Richter
f54fa6537a use string for backend conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 14:56:08 +02:00
Dominik Richter
f618fa391b bugfix: specinfra file type detection
mask & tmask returns non-zero values, if some bits fit the file-type. this leads to overlapping results. make sure the mask result has the full mask present, then use it.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 14:14:57 +02:00
Dominik Richter
841198993d runner conf must use string-keys
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 13:43:32 +02:00
Dominik Richter
18701752a7 improvement: make runner config map work with keys and string
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 12:56:40 +02:00
Dominik Richter
199cb84ab3 not implemented only throws on missing methods
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 17:30:49 +02:00
Dominik Richter
951f63c6c8 feature: configurable formatter for test exec
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 16:44:14 +02:00
Dominik Richter
1c2ab098f5 specify methods all backends must implement
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 11:53:25 +02:00
Dominik Richter
05b4167971 start backend and file tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 04:55:22 +02:00
Dominik Richter
32964c1e4e tests for backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 04:19:23 +02:00
Dominik Richter
e08787d14e move file interface + helpers to backend plugin
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 00:50:52 +02:00
Dominik Richter
f60b7580d5 complete specinfra file backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-01 11:48:50 +02:00
Dominik Richter
a64597594e minor bugfixes
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-01 11:11:34 +02:00
Dominik Richter
04db46f116 add aliases for target and backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 19:49:39 -07:00
Dominik Richter
601abe2579 rename backend reference @vulcano -> vulcano
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 19:33:15 -07:00
Dominik Richter
b2e031c056 start serverspec migration
This project is inspired by Serverspec and all the wonderful contributions that went into it. Thank you all so much! We have used Serverspec as our audit base and have now a slightly different perspective. We hope to continue the spirit on this path. Hopefully both projects will find their way together.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:36:05 -07:00
Dominik Richter
d292ed6ea5 migrate directory resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:24:34 -07:00
Dominik Richter
e5daa52064 fix ssh config path
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:18:37 -07:00
Dominik Richter
1bbe67682e start migrating file resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:14:17 -07:00
Dominik Richter
50a5803427 rename is_file? -> file?
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:13:53 -07:00
Dominik Richter
431c27d4ab migrate all specinfra backends
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:13:07 -07:00
Dominik Richter
40784c7c8e safeguard against empty backends
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 16:31:36 -07:00
Dominik Richter
de27b3d8e9 move mock backend to new plugin structure
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 16:14:28 -07:00
Dominik Richter
a8ed53c337 move backend to new plugin structure
use the same structure as for resources

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 16:11:23 -07:00
Dominik Richter
df8a668d8c combine resoure+resources -> resource.rb
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 16:08:17 -07:00
Dominik Richter
84102b89de rename contents -> content
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 02:10:36 -07:00
Dominik Richter
5a8bcf2b93 migrate file resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 00:44:16 -07:00
Dominik Richter
1d805aca2c migrate group policy
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 16:09:35 -07:00
Dominik Richter
554accdedc reimplement command resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 16:08:24 -07:00
Dominik Richter
e0459c4116 migrate all of audit
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 16:04:52 -07:00
Dominik Richter
2a8b8d3394 migrate env and apache conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 13:02:18 -07:00
Dominik Richter
dddc9daed0 migrated inetd config and etc group
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:52:59 -07:00
Dominik Richter
2103a4485b migrate limits and login defs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:47:37 -07:00
Dominik Richter
8004d6f129 migrate all mysql resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:41:48 -07:00
Dominik Richter
1a45f32f0b migrated all postgres resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:37:03 -07:00
Dominik Richter
83d846ac7f migrate ntp conf and parse_config
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:32:17 -07:00
Dominik Richter
d9d67e943a migrate passwd and processes
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:27:35 -07:00
Dominik Richter
dc0f61a0ef migrate registry_key + security_policy
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 11:52:22 -07:00
Dominik Richter
d7bcf6dfea move resource plugin to vulcano/plugins
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 11:49:21 -07:00
Dominik Richter
2c2d2d8d27 rename resources -> tests in the context of runner
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 10:13:05 -07:00
Dominik Richter
3bf8037638 move to a simpler plugin structure
This has been inspired in its calling structure by the wonderful work done in Vagrant. Kudos to all contributors!

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 10:10:03 -07:00
Dominik Richter
9e7ea1ef5d move ssh_conf to new structure
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-27 20:02:38 -07:00
Dominik Richter
90a2d45462 create new pluggable profile context
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-27 13:59:58 -07:00
Dominik Richter
a1af0ad24b start mock backend and change backend mechanics
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-27 13:59:15 -07:00
Dominik Richter
7e1f9b8a15 move resources lib
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-27 13:58:07 -07:00
Dominik Richter
38a99c065a 0.6.1
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-24 14:25:29 -07:00
Dominik Richter
22ce1d4b0d add docker backend support
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-24 10:35:03 -07:00
Christoph Hartmann
3570295007 bugfix: remove debug message 2015-08-14 01:46:43 -07:00
Christoph Hartmann
6e7d2f6bcf detect windows versions 2015-08-14 01:43:02 -07:00
Christoph Hartmann
e4de940dfe improve windows detection 2015-08-14 00:49:31 -07:00
Dominik Richter
8c82bca280 bugfix: skip resources with message
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 23:22:56 -07:00
Dominik Richter
1890ba9226 bugfix: correctly detect code line of block
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 22:51:53 -07:00
Dominik Richter
75c30d9892 bugfix: remove unnecessary only_if outer definition
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 22:36:50 -07:00
Dominik Richter
086d385fe0 add detect utility to get os info
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 17:18:17 -07:00
Dominik Richter
90ed1aed99 fix missing require winrm
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 23:45:32 -07:00
Dominik Richter
6360bf825f fix wrong variable ref
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 23:39:12 -07:00
Dominik Richter
83432ccfb4 fix typo
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 23:31:47 -07:00
Dominik Richter
1a165bc886 change the default impact to 0.5
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 23:05:26 -07:00
Dominik Richter
225b49fbd2 0.6.0
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 22:47:29 -07:00
Dominik Richter
5875864f45 move zip and tar helpers
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 22:45:42 -07:00
Dominik Richter
7a59d9ce76 feature: start github uri reader
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 22:34:37 -07:00
Christoph Hartmann
9065eaa35c add zip and tar helper 2015-08-12 21:14:48 -07:00
Dominik Richter
61794072e5 generalize folder handling
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 20:47:02 -07:00
Dominik Richter
9f0b6ebc46 add targets for chef-audit and serverspec
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 19:19:36 -07:00
Dominik Richter
6e4381f2d4 turn backend into a separate object
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 19:07:01 -07:00
Dominik Richter
9ba4fb1d00 add configurable targets and backends
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 18:48:17 -07:00
Dominik Richter
cecd86a119 improvement: unify ID generation for all tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 17:29:23 -07:00
Dominik Richter
7f67a088cb feature: --target option for scans
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 17:05:32 -07:00
Dominik Richter
be1cead58e improvement: always give a title to spec files
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 16:27:32 -07:00
Dominik Richter
5b0f5252c6 shorten anonymous describe IDs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 15:17:18 -07:00
Dominik Richter
116a9b46d8 run multiple files by aggregating results
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 15:16:50 -07:00
Dominik Richter
360da9a7ba feature: configure ssh+winrm targets on CLI-runner
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 14:19:44 -07:00
Dominik Richter
33043dd6a1 feature: run tests from cli
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 12:03:41 -07:00
Your Name
f6509b7f81 add method_source gem for getting source code
Signed-off-by: Your Name <your.name@email.com>
2015-08-10 00:01:11 +00:00
Your Name
0108ab2c75 simplify ruby source block detection
Signed-off-by: Your Name <your.name@email.com>
2015-08-09 20:31:51 +00:00
Your Name
39343367c2 feature: include rule code in json
Signed-off-by: Your Name <your.name@email.com>
2015-08-09 18:29:59 +00:00
Dominik Richter
5e8af49561 runtime bugfixes
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 23:39:43 -07:00
Dominik Richter
61f5f95147 make sure etc group values in where clause are strings
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:49:55 -07:00
Dominik Richter
b72ba08c06 trip whitespace
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:37:58 -07:00
Dominik Richter
a48d032cec double-check if data is read from conf apache/postgres/mysql
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:35:18 -07:00
Dominik Richter
df8be769af skip apache conf if file doesn't exist
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:28:32 -07:00
Dominik Richter
9621b1c9e9 skip postgres+mysql conf if file doesn't exist
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:27:34 -07:00
Dominik Richter
93065b9dda use FindFiles for postgres conf
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:17:07 -07:00
Dominik Richter
c733a577da improvement: unify FindFiles
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:11:01 -07:00
Dominik Richter
e9ee17c176 bugfix: find included files on remote host
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 19:50:49 -07:00
Dominik Richter
178ca83a4b specify inetd_conf path
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 19:34:24 -07:00
Dominik Richter
07edef95ad flatten users of groups
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 18:56:14 -07:00
Dominik Richter
3682a8279d make sure to get conditions as symbols
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 18:49:05 -07:00
Dominik Richter
e0b0b52af3 feature: etc_group with where-function overhaul
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 18:42:05 -07:00
Dominik Richter
53112f4156 move resource methods to respective library files
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 17:40:08 -07:00
Dominik Richter
42c3f95b41 move local parseconfig resources to library file
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 17:25:27 -07:00
Dominik Richter
6faf07aa7d rename parse_config back to parse_config_file
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 17:24:15 -07:00
Dominik Richter
1344fba629 configurable limits_conf path
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:52:55 +02:00
Dominik Richter
70a6130335 move ssh_config + sshd_config with paths to the resource file
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:43:38 +02:00
Dominik Richter
cc28749adf configurable paths for postgres + mysql confs
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:38:52 +02:00
Dominik Richter
700e2bab26 feature: add mysql resource
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:31:57 +02:00
Dominik Richter
7e9c8fe289 bugfix: get comment_char for simple_config
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:23:52 +02:00
Dominik Richter
f2fed3fa6d api: change default of multiple_values true -> false in SimpleConfig
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:23:02 +02:00
Dominik Richter
9bf968838c rename conf_ssh -> ssh_config
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:22:25 +02:00
Dominik Richter
0c5a28431d feature: postgres information based on OS
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:21:32 +02:00
Dominik Richter
f51e89d3b1 shorten mysql and postgres session resources
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-07-30 18:28:57 +02:00
Christoph Hartmann
378a98797e rename config_file resource 2015-07-27 23:26:10 +02:00
Christoph Hartmann
44f5ecef77 add apache config parser 2015-07-27 23:26:10 +02:00
Dominik Richter
252a88c24f improvement: warn on minor missing entries, error on major ones
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-07-27 17:31:17 +02:00
Christoph Hartmann
bd6a294ac5 bugfix: add toString method for resources 2015-07-26 22:45:44 +02:00
Christoph Hartmann
345d7fb5cb improvement: parse config can be configured 2015-07-26 22:45:18 +02:00
Christoph Hartmann
d926a67596 feature: resource for ntp configuration 2015-07-26 22:44:33 +02:00
Christoph Hartmann
24e9210160 feature: resources for audit daemon 2015-07-26 22:44:01 +02:00
Christoph Hartmann
34b8ab5f2a refactor audit policy 2015-07-26 22:43:24 +02:00
Christoph Hartmann
32c4575642 add inetd resource 2015-07-26 12:53:29 +02:00
Christoph Hartmann
17476fd634 add limits.conf resource 2015-07-26 12:30:46 +02:00
Christoph Hartmann
8e16decccd refactor types 2015-07-26 12:30:12 +02:00
Dominik Richter
35d3ee6b19 bugfix: ensure pseudo pty on remote
This first came up when scanning a RHEL6 EC2 box. Serverspec throws this error when the channel doesn't support a stdin.

Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-07-21 12:59:52 +02:00
Christoph Hartmann
5d4e44872c remove puts 2015-07-16 01:51:26 +02:00
Christoph Hartmann
fe7758a9a6 remove puts 2015-07-16 01:48:09 +02:00
Christoph Hartmann
fd4bb5f467 bugfix: fix id 2015-07-16 01:40:37 +02:00
Christoph Hartmann
0268d44052 add types 2015-07-16 01:09:54 +02:00
Christoph Hartmann
db8ff02313 add logindef and parse_config type 2015-07-15 16:33:39 +02:00
Christoph Hartmann
4809c33f93 add duplicate check matcher for arrays 2015-07-15 15:16:28 +02:00
Christoph Hartmann
018601480d add etc_group implementation 2015-07-15 15:16:10 +02:00
Christoph Hartmann
dc94f2c2b5 add description for passwd file format 2015-07-15 15:15:53 +02:00
Christoph Hartmann
37f0ea7d6a update copyright header 2015-07-15 15:15:18 +02:00
Christoph Hartmann
6ab07121de add line feed 2015-07-15 00:50:42 +02:00
Christoph Hartmann
f9867b4c8d add helper matcher 2015-07-15 00:50:34 +02:00
Christoph Hartmann
dbbad50c09 add passwd extraction of passwords 2015-07-15 00:50:19 +02:00
Christoph Hartmann
8c17ab29a5 add passwd support 2015-07-15 00:47:17 +02:00
Christoph Hartmann
4ff1687f6e add env support 2015-07-15 00:47:04 +02:00
Christoph Hartmann
d7d79d3d5b bugfix: remove winrm timeout 2015-06-28 10:09:04 +02:00
Christoph Hartmann
a25925057e bugfix: remove debug output 2015-06-28 00:07:02 +02:00
Christoph Hartmann
1e80a197c4 feature: switch winrm port based on protocol 2015-06-27 23:03:43 +02:00
Christoph Hartmann
5714395232 feature: add ssl support for winrm 2015-06-27 21:30:21 +02:00
Christoph Hartmann
f165e51e1f return nil, if we haven't received a value 2015-06-27 21:29:57 +02:00
Dominik Richter
8dd5ad2979 bugfix: prevent entries in known hosts files
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-27 15:49:54 +02:00
Dominik Richter
2e827fd699 bugfix: prevent any auth-method that is not configured + prevent interactive password login
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-27 15:47:45 +02:00
Dominik Richter
34bc6a387c feature: add configurable profile_id field
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-25 17:45:46 +02:00
Dominik Richter
3440f6f69e bugfix scope
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 18:21:09 +02:00
Dominik Richter
8d0976a4cc bugfix: scoping for ubuntu's ruby version
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 17:57:07 +02:00
Dominik Richter
e832a1f2c8 bugfix: typo
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 17:27:05 +02:00
Dominik Richter
6b8cd1078a bugfix: mysql dynamic describe
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 16:33:22 +02:00
Dominik Richter
b3495e9fc5 bugfix: mysql resouce skipping and checking
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 16:18:40 +02:00
Dominik Richter
40ed9799b7 feature: mysql config resource updated
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 15:51:44 +02:00
Dominik Richter
232de91d9a feature: mysql resource with debian login + skipping policy
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 15:24:35 +02:00
Dominik Richter
ff0020ac73 bugfix: enforce utf-8 encoding
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 08:56:13 +02:00
Dominik Richter
1b9997b204 bugfix: work around embedded only_if conditionals
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 22:52:40 +02:00
Dominik Richter
8294641b1e bugfix: allow json/check methods to run despite only_if in profile
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 22:36:38 +02:00
Dominik Richter
cb3e067a1f feature: helper method to check if a default command exists
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 18:19:04 +02:00
Dominik Richter
5d5b945933 feature: only_if for profiles added
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 18:07:35 +02:00
Dominik Richter
cceefa54cf add base resource
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 17:06:04 +02:00
Dominik Richter
7a721dba7e feature: skip ssh config if file isn't readable/found
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 16:33:08 +02:00
Dominik Richter
8026915ce5 feature: support skipping rules via resources
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 16:32:42 +02:00
Dominik Richter
e0e7fb8996 bugfix: indicate that file resource is really working with paths
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 11:23:30 +02:00
Dominik Richter
9e79b49f43 improvement: file permission matchers add full description 2015-06-21 11:06:39 +02:00
Dominik Richter
b942a1a103 bugfix: run without profile ID defined
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 10:28:13 +02:00
Dominik Richter
1abfdae264 bugfix: use fully qualified profile IDs
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 02:21:08 +02:00
Dominik Richter
1d6a0decad make json-builder work again with new rule-tree 2015-06-20 01:41:48 +02:00
Dominik Richter
83dc0a6425 make check work again with new rule-tree
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 01:36:59 +02:00
Dominik Richter
5e83779fb4 api: separate name from title in metadata
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 01:04:05 +02:00
Dominik Richter
ef4471d20b feature: allow to skip rules
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 00:20:44 +02:00
Dominik Richter
2e1106b933 feature: add rule hierarchy with include and require rules
include_rules 'vulcanosec/ssh'

this will include all rules defined in vulcanosec/ssh

    require_rules 'vulcanosec/linux'

this will not include any rules yet, but you may choose what you want to pull in.

both have a block attached which will allow you to choose rules (for require_rules) and redefined/change existing rules as you like. small example:

    require_rules 'vulcanosec/linux' do
      rule fs-3 do
        impact 1.0
      end
    end

Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 00:00:53 +02:00
Dominik Richter
a6748e2418 load rules from a spec file into a profile context 2015-06-19 22:23:07 +02:00
Dominik Richter
7649d1459c simplify global vs embedded rule handling
i.e. one executes directly, the other just registers. this change makes such a distinction much easier

Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 21:52:57 +02:00
Dominik Richter
da71e1e826 move DSL helper methods out of local DSL space
to avoid potential collissions

Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 21:43:04 +02:00
Dominik Richter
8181ee038e move rule execution and ID-fixing out
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 21:17:56 +02:00
Dominik Richter
f64f15ee6b make syntax binding to scope programmable
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 20:11:26 +02:00
Dominik Richter
2c912d2fbe initialize vulcano module + version first
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 18:45:38 +02:00
Dominik Richter
e689afb4b8 improvement: split vulcano core library from verification 2015-06-19 16:45:36 +02:00
Dominik Richter
aebed6cb55 bugfix: only call rule blocks if they are given
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-19 16:32:11 +02:00
Dominik Richter
6f4a1fc092 move log out of bin/vulcano; it's not used there
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-19 15:06:44 +02:00
Dominik Richter
1b36802589 feature: include other rules
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-18 17:32:40 +02:00
Dominik Richter
243c7b9892 feature: sudo configuration
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-17 10:49:25 +02:00
Dominik Richter
1a05865d6e feature: print number of rules checked
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-16 23:33:27 +02:00
Dominik Richter
1247dd7bc7 api: change check -> rule
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-16 23:30:08 +02:00
Dominik Richter
e86cd978eb bugfix: create check structure with meta-info
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-12 12:32:10 +02:00
Dominik Richter
9f02a88e54 improvement: separate checking information from processing
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:53:25 +02:00
Dominik Richter
3013bdcc46 feature: add pry for development consoles
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:40:16 +02:00
Dominik Richter
c329b6743a bugfix: add resources to rules
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:37:51 +02:00
Dominik Richter
0c0be4b09e bugfix: don't evaluate nil impact
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:36:30 +02:00
Dominik Richter
b5fb4c46c0 improvement: print file which has error
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:26:29 +02:00
Dominik Richter
fb9d09af49 bugfix: gsub on empty desciption
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:23:36 +02:00
Dominik Richter
beee62fabd improvement: separate specfile sanitize vs check
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:21:03 +02:00
Dominik Richter
1833ff9aa0 bugfix: call lambda correctly
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:16:05 +02:00
Dominik Richter
5ba7fb0386 bugfix: recognize empty title as title==id
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:15:26 +02:00
Dominik Richter
4ab30252fb feature: vulcano check
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:03:12 +02:00
Dominik Richter
08035d7b61 bugfix: don't let dummy resources overwrite library files
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 23:05:00 +02:00
Dominik Richter
7a022f9c0a change json syntax to: map[string]check
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 22:24:53 +02:00
Dominik Richter
e9d642fc61 feature: replace vcheck
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 21:41:54 +02:00
Dominik Richter
44d1f88dda add version
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 19:49:55 +02:00
Dominik Richter
f56618f364 bugfix: cascade IDs to child describe-blocks (from :its)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 19:20:16 +02:00
Dominik Richter
64d90c326f feature: add rules with IDs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 17:09:02 +02:00
Dominik Richter
483c12edc7 feature: run specs on different port
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-05-14 18:30:50 +02:00
Dominik Richter
14eebb88e0 capitalize ssh conf name
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-05-14 18:30:38 +02:00
Dominik Richter
18277ddfad bugfix: postgres connection error detection fixed
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-05-14 18:29:55 +02:00
Dominik Richter
21d604820a feature: add windows resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-17 15:37:17 +02:00
Dominik Richter
e87af25d07 bugfix: ssh is simpleconf w/o multiassignemnt
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-17 15:36:55 +02:00
Dominik Richter
6875d373e8 feature: winrm specs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-17 15:36:34 +02:00
Dominik Richter
c1522ed98c feature: multi-assignments for simpleconfig
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-17 15:36:18 +02:00
Dominik Richter
985552731a import resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-09 22:01:23 +02:00