mirror of
https://github.com/inspec/inspec
synced 2024-11-23 13:13:22 +00:00
a6582bea9b
* Remove any "All Rights Reserved" references InSpec is licensed and released under the Apache 2.0 license. This change removes all reference to legacy code files that still had any Copyright or License lines referring to "All Rights Reserved". Signed-off-by: Adam Leff <adam@leff.co> * fix functional tests Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
102 lines
2.7 KiB
Ruby
102 lines
2.7 KiB
Ruby
# encoding: utf-8
|
|
# copyright: 2015, Vulcano Security GmbH
|
|
# author: Dominik Richter
|
|
# author: Christoph Hartmann
|
|
|
|
require 'utils/simpleconfig'
|
|
|
|
module Inspec::Resources
|
|
class SshConf < Inspec.resource(1)
|
|
name 'ssh_config'
|
|
desc 'Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms.'
|
|
example "
|
|
describe ssh_config do
|
|
its('cipher') { should contain '3des' }
|
|
its('port') { should eq '22' }
|
|
its('hostname') { should include('example.com') }
|
|
end
|
|
"
|
|
|
|
def initialize(conf_path = nil, type = nil)
|
|
@conf_path = conf_path || '/etc/ssh/ssh_config'
|
|
typename = (@conf_path.include?('sshd') ? 'Server' : 'Client')
|
|
@type = type || "SSH #{typename} configuration #{conf_path}"
|
|
end
|
|
|
|
def content
|
|
read_content
|
|
end
|
|
|
|
def params(*opts)
|
|
opts.inject(read_params) do |res, nxt|
|
|
res.respond_to?(:key) ? res[nxt] : nil
|
|
end
|
|
end
|
|
|
|
def convert_hash(hash)
|
|
new_hash = {}
|
|
hash.each do |k, v|
|
|
new_hash[k.downcase] = v
|
|
end
|
|
new_hash
|
|
end
|
|
|
|
def method_missing(name)
|
|
param = read_params[name.to_s.downcase]
|
|
return nil if param.nil?
|
|
# extract first value if we have only one value in array
|
|
return param[0] if param.length == 1
|
|
param
|
|
end
|
|
|
|
def to_s
|
|
'SSH Configuration'
|
|
end
|
|
|
|
private
|
|
|
|
def read_content
|
|
return @content if defined?(@content)
|
|
file = inspec.file(@conf_path)
|
|
if !file.file?
|
|
return skip_resource "Can't find file \"#{@conf_path}\""
|
|
end
|
|
|
|
@content = file.content
|
|
if @content.empty? && !file.empty?
|
|
return skip_resource "Can't read file \"#{@conf_path}\""
|
|
end
|
|
|
|
@content
|
|
end
|
|
|
|
def read_params
|
|
return @params if defined?(@params)
|
|
return @params = {} if read_content.nil?
|
|
conf = SimpleConfig.new(
|
|
read_content,
|
|
assignment_regex: /^\s*(\S+?)\s+(.*?)\s*$/,
|
|
multiple_values: true,
|
|
)
|
|
@params = convert_hash(conf.params)
|
|
end
|
|
end
|
|
|
|
class SshdConf < SshConf
|
|
name 'sshd_config'
|
|
desc 'Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges.'
|
|
example "
|
|
describe sshd_config do
|
|
its('Protocol') { should eq '2' }
|
|
end
|
|
"
|
|
|
|
def initialize(path = nil)
|
|
super(path || '/etc/ssh/sshd_config')
|
|
end
|
|
|
|
def to_s
|
|
'SSHD Configuration'
|
|
end
|
|
end
|
|
end
|