Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-14 00:47:10 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/lib/resources/ntp_conf.rb
eramoto c7e87ca3e3 Unify method in which file content is read across all resources (#2359) 
* Create file-check functionality into utility file

There are the similar issues as PR #2302. Almost resources return false
positives when a file does not exist or is not read.

* Replace to file-check functionality
* Fix dh_params and x509_certificate resources

If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have
raised an exception and have skipped the inspection. Thus x509_certificate
and dh_params resources are not allowed to read a empty file.

* to_s of shadow expects filters is not nil
* Remove workaround of sshd_config

Removes the workaround of sshd_config since Travis CI fails due to a bug
of dev-sec/ssh-baseline and the PR #100 will fix it.

* Use init block variable in methods

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-22 08:25:45 -04:00

51 lines
1.3 KiB
Ruby
Raw Blame History

# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
require 'utils/simpleconfig'
require 'utils/file_reader'
module Inspec::Resources
class NtpConf < Inspec.resource(1)
name 'ntp_conf'
supports platform: 'unix'
desc 'Use the ntp_conf InSpec audit resource to test the synchronization settings defined in the ntp.conf file. This file is typically located at /etc/ntp.conf.'
example "
describe ntp_conf do
its('server') { should_not eq nil }
its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
end
"
include FileReader
def initialize(path = nil)
@conf_path = path || '/etc/ntp.conf'
@content = read_file_content(@conf_path)
end
def method_missing(name)
param = read_params[name.to_s]
# extract first value if we have only one value in array
return param[0] if param.is_a?(Array) and param.length == 1
param
end
def to_s
'ntp.conf'
end
private
def read_params
return @params if defined?(@params)
# parse the file
conf = SimpleConfig.new(
@content,
assignment_regex: /^\s*(\S+)\s+(.*)\s*$/,
multiple_values: true,
)
@params = conf.params
end
end
end
Reference in a new issue View git blame Copy permalink