mirror of
https://github.com/inspec/inspec
synced 2024-11-27 07:00:39 +00:00
84817366a1
* Add `release-2.0` target branch to AppVeyor/Travis (#2510) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * simpleconfig: Remove deprecated config keys Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * cli (exec): Remove `--cache` command line argument Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * platform: Remove lowercase os name protection Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * matcher: Remove `contain_legacy_plus` matcher Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * matcher: Remove `contain_match` matcher Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * matcher: Remove `with_version` matcher Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * matcher: Remove `belong_to_group` matcher Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * matcher: Remove `belong_to_primary_group` matcher Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * matcher: Remove `contain` matcher Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * passwd: Remove deprecated properties This removes: - `passwd.count` - `passwd.username` - `passwd.usernames` - `passwd.uid` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * auditd_rules: Remove in favor of `auditd` resource Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * cli: Remove `login_automate` command Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Remove `resource_skipped` message method Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
75 lines
1.9 KiB
Ruby
75 lines
1.9 KiB
Ruby
# encoding: utf-8
|
|
# copyright: 2015, Vulcano Security GmbH
|
|
# author: Christoph Hartmann
|
|
# author: Dominik Richter
|
|
|
|
# The file format consists of
|
|
# - username
|
|
# - password
|
|
# - userid
|
|
# - groupid
|
|
# - user id info
|
|
# - home directory
|
|
# - command
|
|
|
|
require 'utils/parser'
|
|
require 'utils/filter'
|
|
|
|
module Inspec::Resources
|
|
class Passwd < Inspec.resource(1)
|
|
name 'passwd'
|
|
desc 'Use the passwd InSpec audit resource to test the contents of /etc/passwd, which contains the following information for users that may log into the system and/or as users that own running processes.'
|
|
example "
|
|
describe passwd do
|
|
its('users') { should_not include 'forbidden_user' }
|
|
end
|
|
|
|
describe passwd.uids(0) do
|
|
its('users') { should cmp 'root' }
|
|
end
|
|
|
|
describe passwd.shells(/nologin/) do
|
|
# find all users with a nologin shell
|
|
its('users') { should_not include 'my_login_user' }
|
|
end
|
|
"
|
|
|
|
include PasswdParser
|
|
|
|
attr_reader :params
|
|
attr_reader :content
|
|
attr_reader :lines
|
|
|
|
def initialize(path = nil, opts = nil)
|
|
opts ||= {}
|
|
@path = path || '/etc/passwd'
|
|
@content = opts[:content] || inspec.file(@path).content
|
|
@lines = @content.to_s.split("\n")
|
|
@params = parse_passwd(@content)
|
|
end
|
|
|
|
filter = FilterTable.create
|
|
filter.add_accessor(:where)
|
|
.add_accessor(:entries)
|
|
.add(:users, field: 'user')
|
|
.add(:passwords, field: 'password')
|
|
.add(:uids, field: 'uid')
|
|
.add(:gids, field: 'gid')
|
|
.add(:descs, field: 'desc')
|
|
.add(:homes, field: 'home')
|
|
.add(:shells, field: 'shell')
|
|
|
|
# rebuild the passwd line from raw content
|
|
filter.add(:content) { |t, _|
|
|
t.entries.map do |e|
|
|
[e.user, e.password, e.uid, e.gid, e.desc, e.home, e.shell].join(':')
|
|
end.join("\n")
|
|
}
|
|
|
|
filter.connect(self, :params)
|
|
|
|
def to_s
|
|
'/etc/passwd'
|
|
end
|
|
end
|
|
end
|