mirror of
https://github.com/inspec/inspec
synced 2025-01-09 19:59:10 +00:00
577688a3a0
Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the *real* changes. :)
57 lines
1.5 KiB
Ruby
57 lines
1.5 KiB
Ruby
# encoding: utf-8
|
|
# copyright: 2015, Vulcano Security GmbH
|
|
# author: Christoph Hartmann
|
|
# author: Dominik Richter
|
|
# license: All rights reserved
|
|
|
|
require 'utils/simpleconfig'
|
|
|
|
module Inspec::Resources
|
|
class LimitsConf < Inspec.resource(1)
|
|
name 'limits_conf'
|
|
desc 'Use the limits_conf InSpec audit resource to test configuration settings in the /etc/security/limits.conf file. The limits.conf defines limits for processes (by user and/or group names) and helps ensure that the system on which those processes are running remains stable. Each process may be assigned a hard or soft limit.'
|
|
example "
|
|
describe limits_conf do
|
|
its('*') { should include ['hard','core','0'] }
|
|
end
|
|
"
|
|
|
|
def initialize(path = nil)
|
|
@conf_path = path || '/etc/security/limits.conf'
|
|
end
|
|
|
|
def method_missing(name)
|
|
read_params[name.to_s]
|
|
end
|
|
|
|
def read_params
|
|
return @params if defined?(@params)
|
|
|
|
# read the file
|
|
file = inspec.file(@conf_path)
|
|
if !file.file?
|
|
skip_resource "Can't find file \"#{@conf_path}\""
|
|
return @params = {}
|
|
end
|
|
|
|
content = file.content
|
|
if content.empty? && file.size > 0
|
|
skip_resource "Can't read file \"#{@conf_path}\""
|
|
return @params = {}
|
|
end
|
|
|
|
# parse the file
|
|
conf = SimpleConfig.new(
|
|
content,
|
|
assignment_re: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
|
|
key_vals: 3,
|
|
multiple_values: true,
|
|
)
|
|
@params = conf.params
|
|
end
|
|
|
|
def to_s
|
|
'limits.conf'
|
|
end
|
|
end
|
|
end
|