Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-10 15:14:23 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/lib/resources/login_def.rb
eramoto c7e87ca3e3 Unify method in which file content is read across all resources (#2359) 
* Create file-check functionality into utility file

There are the similar issues as PR #2302. Almost resources return false
positives when a file does not exist or is not read.

* Replace to file-check functionality
* Fix dh_params and x509_certificate resources

If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have
raised an exception and have skipped the inspection. Thus x509_certificate
and dh_params resources are not allowed to read a empty file.

* to_s of shadow expects filters is not nil
* Remove workaround of sshd_config

Removes the workaround of sshd_config since Travis CI fails due to a bug
of dev-sec/ssh-baseline and the PR #100 will fix it.

* Use init block variable in methods

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-22 08:25:45 -04:00

57 lines
1.4 KiB
Ruby
Raw Blame History

# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
require 'utils/simpleconfig'
require 'utils/file_reader'
# Usage:
#
# describe login_def do
# its('UMASK') {
# should eq '077'
# }
#
# its('PASS_MAX_DAYS.to_i') {
# should be <= 90
# }
# end
module Inspec::Resources
class LoginDef < Inspec.resource(1)
name 'login_defs'
supports platform: 'unix'
desc 'Use the login_defs InSpec audit resource to test configuration settings in the /etc/login.defs file. The logins.defs file defines site-specific configuration for the shadow password suite on Linux and UNIX platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.'
example "
describe login_defs do
its('ENCRYPT_METHOD') { should eq 'SHA512' }
end
"
include FileReader
def initialize(path = nil)
@conf_path = path || '/etc/login.defs'
@content = read_file_content(@conf_path)
end
def method_missing(name)
read_params[name.to_s]
end
def read_params
return @params if defined?(@params)
# parse the file
conf = SimpleConfig.new(
@content,
assignment_regex: /^\s*(\S+)\s+(\S*)\s*$/,
multiple_values: false,
)
@params = conf.params
end
def to_s
'login.defs'
end
end
end
Reference in a new issue View git blame Copy permalink