# encoding: utf-8 # copyright: 2015, Vulcano Security GmbH # author: Christoph Hartmann # author: Dominik Richter # license: All rights reserved require 'utils/simpleconfig' class LimitsConf < Inspec.resource(1) name 'limits_conf' desc 'Use the limits_conf InSpec audit resource to test configuration settings in the /etc/security/limits.conf file. The limits.conf defines limits for processes (by user and/or group names) and helps ensure that the system on which those processes are running remains stable. Each process may be assigned a hard or soft limit.' example " describe limits_conf do its('*') { should include ['hard','core','0'] } end " def initialize(path = nil) @conf_path = path || '/etc/security/limits.conf' end def method_missing(name) read_params[name.to_s] end def read_params return @params if defined?(@params) # read the file file = inspec.file(@conf_path) if !file.file? skip_resource "Can't find file \"#{@conf_path}\"" return @params = {} end content = file.content if content.empty? && file.size > 0 skip_resource "Can't read file \"#{@conf_path}\"" return @params = {} end # parse the file conf = SimpleConfig.new( content, assignment_re: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/, key_vals: 3, multiple_values: true, ) @params = conf.params end def to_s 'limits.conf' end end