mirror of
https://github.com/inspec/inspec
synced 2024-11-23 21:23:29 +00:00
577688a3a0
Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the *real* changes. :)
83 lines
2.2 KiB
Ruby
83 lines
2.2 KiB
Ruby
# encoding: utf-8
|
|
# copyright: 2015, Vulcano Security GmbH
|
|
# author: Dominik Richter
|
|
# author: Christoph Hartmann
|
|
# license: All rights reserved
|
|
|
|
require 'utils/simpleconfig'
|
|
|
|
module Inspec::Resources
|
|
class SshConf < Inspec.resource(1)
|
|
name 'ssh_config'
|
|
desc 'Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command executation, and data exchanges.'
|
|
example "
|
|
describe sshd_config do
|
|
its('Protocol') { should eq '2' }
|
|
end
|
|
"
|
|
|
|
def initialize(conf_path = nil, type = nil)
|
|
@conf_path = conf_path || '/etc/ssh/ssh_config'
|
|
typename = (@conf_path.include?('sshd') ? 'Server' : 'Client')
|
|
@type = type || "SSH #{typename} configuration #{conf_path}"
|
|
end
|
|
|
|
def content
|
|
read_content
|
|
end
|
|
|
|
def params(*opts)
|
|
opts.inject(read_params) do |res, nxt|
|
|
res.respond_to?(:key) ? res[nxt] : nil
|
|
end
|
|
end
|
|
|
|
def method_missing(name)
|
|
param = read_params[name.to_s]
|
|
return nil if param.nil?
|
|
# extract first value if we have only one value in array
|
|
return param[0] if param.length == 1
|
|
param
|
|
end
|
|
|
|
def to_s
|
|
'SSH Configuration'
|
|
end
|
|
|
|
private
|
|
|
|
def read_content
|
|
return @content if defined?(@content)
|
|
file = inspec.file(@conf_path)
|
|
if !file.file?
|
|
return skip_resource "Can't find file \"#{@conf_path}\""
|
|
end
|
|
|
|
@content = file.content
|
|
if @content.empty? && file.size > 0
|
|
return skip_resource "Can't read file \"#{@conf_path}\""
|
|
end
|
|
|
|
@content
|
|
end
|
|
|
|
def read_params
|
|
return @params if defined?(@params)
|
|
return @params = {} if read_content.nil?
|
|
conf = SimpleConfig.new(
|
|
read_content,
|
|
assignment_re: /^\s*(\S+?)\s+(.*?)\s*$/,
|
|
multiple_values: true,
|
|
)
|
|
@params = conf.params
|
|
end
|
|
end
|
|
|
|
class SshdConf < SshConf
|
|
name 'sshd_config'
|
|
|
|
def initialize(path = nil)
|
|
super(path || '/etc/ssh/sshd_config')
|
|
end
|
|
end
|
|
end
|