mirror of
https://github.com/inspec/inspec
synced 2024-11-23 13:13:22 +00:00
c7e87ca3e3
* Create file-check functionality into utility file There are the similar issues as PR #2302. Almost resources return false positives when a file does not exist or is not read. * Replace to file-check functionality * Fix dh_params and x509_certificate resources If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have raised an exception and have skipped the inspection. Thus x509_certificate and dh_params resources are not allowed to read a empty file. * to_s of shadow expects filters is not nil * Remove workaround of sshd_config Removes the workaround of sshd_config since Travis CI fails due to a bug of dev-sec/ssh-baseline and the PR #100 will fix it. * Use init block variable in methods Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
106 lines
2.8 KiB
Ruby
106 lines
2.8 KiB
Ruby
# encoding: utf-8
|
|
|
|
require 'utils/parser'
|
|
require 'utils/filter'
|
|
require 'utils/file_reader'
|
|
|
|
module Inspec::Resources
|
|
class XinetdConf < Inspec.resource(1)
|
|
name 'xinetd_conf'
|
|
supports platform: 'unix'
|
|
desc 'Xinetd services configuration.'
|
|
example "
|
|
describe xinetd_conf.services('chargen') do
|
|
its('socket_types') { should include 'dgram' }
|
|
end
|
|
|
|
describe xinetd_conf.services('chargen').socket_types('dgram') do
|
|
it { should be_disabled }
|
|
end
|
|
"
|
|
|
|
include XinetdParser
|
|
include FileReader
|
|
|
|
def initialize(conf_path = '/etc/xinetd.conf')
|
|
@conf_path = conf_path
|
|
@contents = {}
|
|
read_content(@conf_path)
|
|
end
|
|
|
|
def to_s
|
|
"Xinetd config #{@conf_path}#{@filters}"
|
|
end
|
|
|
|
def params
|
|
@params ||= read_params
|
|
end
|
|
|
|
filter = FilterTable.create
|
|
filter.add_accessor(:where)
|
|
.add_accessor(:entries)
|
|
.add(:services, field: 'service')
|
|
.add(:ids, field: 'id')
|
|
.add(:socket_types, field: 'socket_type')
|
|
.add(:types, field: 'type')
|
|
.add(:protocols, field: 'protocol')
|
|
.add(:wait, field: 'wait')
|
|
.add(:disabled?) { |x| x.where('disable' => 'no').services.empty? }
|
|
.add(:enabled?) { |x| x.where('disable' => 'yes').services.empty? }
|
|
.connect(self, :service_lines)
|
|
|
|
private
|
|
|
|
def read_content(path = @conf_path)
|
|
return @contents[path] if @contents.key?(path)
|
|
|
|
@contents[path] = read_file_content(path)
|
|
end
|
|
|
|
def read_params
|
|
return {} if read_content.nil?
|
|
flat_params = parse_xinetd(read_content)
|
|
# we need to map service data in order to use it with filtertable
|
|
params = { 'services' => {} }
|
|
# map services that were defined and map it to the service hash
|
|
flat_params.each do |k, v|
|
|
name = k[/^service (.+)$/, 1]
|
|
# its not a service, no change required
|
|
if name.nil?
|
|
params[k] = v
|
|
# handle service entries
|
|
else
|
|
# store service
|
|
params['services'][name] = v
|
|
|
|
# add the service identifier to its parameters
|
|
if v.is_a?(Array)
|
|
v.each { |service| service.params['service'] = name }
|
|
else
|
|
v.params['service'] = name
|
|
end
|
|
end
|
|
end
|
|
params
|
|
end
|
|
|
|
# Method used to derive the default protocol used from the socket_type
|
|
def default_protocol(type)
|
|
case type
|
|
when 'stream'
|
|
'tcp'
|
|
when 'dgram'
|
|
'udp'
|
|
else
|
|
'unknown'
|
|
end
|
|
end
|
|
|
|
def service_lines
|
|
@services ||= params['services'].values.flatten.map { |service|
|
|
service.params['protocol'] ||= default_protocol(service.params['socket_type'])
|
|
service.params
|
|
}
|
|
end
|
|
end
|
|
end
|