inspec/lib/resources/auditd_conf.rb
eramoto c7e87ca3e3 Unify method in which file content is read across all resources (#2359)
* Create file-check functionality into utility file

There are the similar issues as PR #2302. Almost resources return false
positives when a file does not exist or is not read.

* Replace to file-check functionality
* Fix dh_params and x509_certificate resources

If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have
raised an exception and have skipped the inspection. Thus x509_certificate
and dh_params resources are not allowed to read a empty file.

* to_s of shadow expects filters is not nil
* Remove workaround of sshd_config

Removes the workaround of sshd_config since Travis CI fails due to a bug
of dev-sec/ssh-baseline and the PR #100 will fix it.

* Use init block variable in methods

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-22 08:25:45 -04:00

46 lines
1 KiB
Ruby

# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
require 'utils/simpleconfig'
require 'utils/file_reader'
module Inspec::Resources
class AuditDaemonConf < Inspec.resource(1)
name 'auditd_conf'
supports platform: 'unix'
desc "Use the auditd_conf InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under /etc/audit/auditd.conf' on UNIX and Linux platforms."
example "
describe auditd_conf do
its('space_left_action') { should eq 'email' }
end
"
include FileReader
def initialize(path = nil)
@conf_path = path || '/etc/audit/auditd.conf'
@content = read_file_content(@conf_path)
end
def method_missing(name)
read_params[name.to_s]
end
def to_s
'Audit Daemon Config'
end
private
def read_params
return @params if defined?(@params)
# parse the file
conf = SimpleConfig.new(
@content,
multiple_values: false,
)
@params = conf.params
end
end
end