Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-14 17:07:09 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/lib/resources/shadow.rb
Adam Leff 577688a3a0 Placing all resources in the Inspec::Resources namespace 
Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix.

Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes.

I strongly recommend viewing this diff with `git diff --ignore-space-change`
to see the *real* changes. :)
2016-03-08 13:40:16 -05:00

137 lines
3.7 KiB
Ruby
Raw Blame History

# encoding: utf-8
# copyright: 2016, Chef Software Inc.
# author: Dominik Richter
# author: Christoph Hartmann
require 'forwardable'
# The file format consists of
# - user
# - password
# - last_change
# - min_days before password change
# - max_days until password change
# - warn_days before warning about expiry
# - inactive_days before deactivating the account
# - expiry_date when this account will expire
module Inspec::Resources
class Shadow < Inspec.resource(1)
name 'shadow'
desc 'Use the shadow InSpec resource to test the contents of /etc/shadow, '\
'which contains the following information for users that may log into '\
'the system and/or as users that own running processes.'
example "
describe shadow do
its('users') { should_not include 'forbidden_user' }
end
describe shadow.users('bin') do
its('password') { should cmp 'x' }
its('count') { should eq 1 }
end
"
extend Forwardable
attr_reader :params
attr_reader :content
attr_reader :lines
def initialize(path = '/etc/shadow', opts = nil)
opts ||= {}
@path = path || '/etc/shadow'
@content = opts[:content] || inspec.file(@path).content
@lines = @content.to_s.split("\n")
@filters = opts[:filters] || ''
@params = @lines.map { |l| parse_shadow_line(l) }
end
def filter(hm = {})
return self if hm.nil? || hm.empty?
res = @params
filters = ''
hm.each do |attr, condition|
condition = condition.to_s if condition.is_a? Integer
filters += " #{attr} = #{condition.inspect}"
res = res.find_all do |line|
case line[attr.to_s]
when condition
true
else
false
end
end
end
content = res.map { |x| x.values.join(':') }.join("\n")
Shadow.new(@path, content: content, filters: @filters + filters)
end
def entries
@lines.map { |line| Shadow.new(@path, content: line, filters: @filters) }
end
def users(name = nil)
name.nil? ? map_data('user') : filter(user: name)
end
def passwords(password = nil)
password.nil? ? map_data('password') : filter(password: password)
end
def last_changes(filter_by = nil)
filter_by.nil? ? map_data('last_change') : filter(last_change: filter_by)
end
def min_days(filter_by = nil)
filter_by.nil? ? map_data('min_days') : filter(min_days: filter_by)
end
def max_days(filter_by = nil)
filter_by.nil? ? map_data('max_days') : filter(max_days: filter_by)
end
def warn_days(filter_by = nil)
filter_by.nil? ? map_data('warn_days') : filter(warn_days: filter_by)
end
def inactive_days(filter_by = nil)
filter_by.nil? ? map_data('inactive_days') : filter(inactive_days: filter_by)
end
def expiry_dates(filter_by = nil)
filter_by.nil? ? map_data('expiry_date') : filter(expiry_date: filter_by)
end
def to_s
f = @filters.empty? ? '' : ' with'+@filters
"/etc/shadow#{f}"
end
def_delegator :@params, :length, :count
private
def map_data(id)
@params.map { |x| x[id] }
end
# Parse a line of /etc/shadow
#
# @param [String] line a line of /etc/shadow
# @return [Hash] Map of entries in this line
def parse_shadow_line(line)
x = line.split(':')
{
'user' => x.at(0),
'password' => x.at(1),
'last_change' => x.at(2),
'min_days' => x.at(3),
'max_days' => x.at(4),
'warn_days' => x.at(5),
'inactive_days' => x.at(6),
'expiry_date' => x.at(7),
'reserved' => x.at(8),
}
end
end
end
Reference in a new issue View git blame Copy permalink