Mirrors/linux-baseline
2
0
Fork 0
mirror of https://github.com/dev-sec/linux-baseline synced 2025-02-16 17:58:24 +00:00
Code Issues Projects Releases Packages Wiki Activity

again some more rubocop fixing

Browse source 
Signed-off-by: Patrick Meier <patrick.meier111@googlemail.com>
This commit is contained in:
Patrick Meier 2015-11-26 20:38:12 +01:00
parent 0213b9152e
commit 0940d070d8
2 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
default/inspec/sysctl_spec.rb
View file

@ -80,7 +80,7 @@ end
control '07' do control '07' do
impact 1.0 impact 1.0
title #TCP timestamps' title 'TCP timestamps'
desc "It is possible to estimate the current uptime of a Linux system. It's preferable to disable TCP timestamps on your systems." desc "It is possible to estimate the current uptime of a Linux system. It's preferable to disable TCP timestamps on your systems."
describe kernel_parameter('net.ipv4.tcp_timestamps') do describe kernel_parameter('net.ipv4.tcp_timestamps') do
its(:value) { should eq 0 } its(:value) { should eq 0 }
@ -260,8 +260,8 @@ end
control '25' do control '25' do
impact 1.0 impact 1.0
title "Disable the system`s acceptance of router advertisement" title 'Disable the system`s acceptance of router advertisement'
desc "Setting controls whether the system will accept router advertisement" desc 'Setting controls whether the system will accept router advertisement'
describe kernel_parameter('net.ipv6.conf.all.accept_ra') do describe kernel_parameter('net.ipv6.conf.all.accept_ra') do
its(:value) { should eq 0 } its(:value) { should eq 0 }
end end
@ -337,7 +337,7 @@ control '33' do
impact 1.0 impact 1.0
title 'CPU No execution Flag or Kernel ExecShield' title 'CPU No execution Flag or Kernel ExecShield'
desc 'Kernel features and CPU flags provide a protection against buffer overflows. The CPU NX Flag and the kernel parameter exec-shield prevents code execution on a per memory page basis. If the CPU supports the NX-Flag then this should be used instead of the kernel parameter exec-shield.' desc 'Kernel features and CPU flags provide a protection against buffer overflows. The CPU NX Flag and the kernel parameter exec-shield prevents code execution on a per memory page basis. If the CPU supports the NX-Flag then this should be used instead of the kernel parameter exec-shield.'
flags = parse_config_file('/proc/cpuinfo', { assignment_re: /^([^:]*?)\s+:\s+(.*?)$/ }).flags.split(' ') flags = parse_config_file('/proc/cpuinfo', assignment_re: /^([^:]*?)\s+:\s+(.*?)$/).flags.split(' ')
describe '/proc/cpuinfo' do describe '/proc/cpuinfo' do
it 'Flags should include NX' do it 'Flags should include NX' do
expect(flags).to include('nx') expect(flags).to include('nx')

8
lockdown/inspec/sysctl_spec.rb
View file

@ -80,7 +80,7 @@ end
control '07' do control '07' do
impact 1.0 impact 1.0
title #TCP timestamps' title 'TCP timestamps'
desc "It is possible to estimate the current uptime of a Linux system. It's preferable to disable TCP timestamps on your systems." desc "It is possible to estimate the current uptime of a Linux system. It's preferable to disable TCP timestamps on your systems."
describe kernel_parameter('net.ipv4.tcp_timestamps') do describe kernel_parameter('net.ipv4.tcp_timestamps') do
its(:value) { should eq 0 } its(:value) { should eq 0 }
@ -260,8 +260,8 @@ end
control '25' do control '25' do
impact 1.0 impact 1.0
title "Disable the system`s acceptance of router advertisement" title 'Disable the system`s acceptance of router advertisement'
desc "Setting controls whether the system will accept router advertisement" desc 'Setting controls whether the system will accept router advertisement'
describe kernel_parameter('net.ipv6.conf.all.accept_ra') do describe kernel_parameter('net.ipv6.conf.all.accept_ra') do
its(:value) { should eq 0 } its(:value) { should eq 0 }
end end
@ -337,7 +337,7 @@ control '33' do
impact 1.0 impact 1.0
title 'CPU No execution Flag or Kernel ExecShield' title 'CPU No execution Flag or Kernel ExecShield'
desc 'Kernel features and CPU flags provide a protection against buffer overflows. The CPU NX Flag and the kernel parameter exec-shield prevents code execution on a per memory page basis. If the CPU supports the NX-Flag then this should be used instead of the kernel parameter exec-shield.' desc 'Kernel features and CPU flags provide a protection against buffer overflows. The CPU NX Flag and the kernel parameter exec-shield prevents code execution on a per memory page basis. If the CPU supports the NX-Flag then this should be used instead of the kernel parameter exec-shield.'
flags = parse_config_file('/proc/cpuinfo', { assignment_re: /^([^:]*?)\s+:\s+(.*?)$/ }).flags.split(' ') flags = parse_config_file('/proc/cpuinfo', assignment_re: /^([^:]*?)\s+:\s+(.*?)$/).flags.split(' ')
describe '/proc/cpuinfo' do describe '/proc/cpuinfo' do
it 'Flags should include NX' do it 'Flags should include NX' do
expect(flags).to include('nx') expect(flags).to include('nx')