From 1726723827e4720774b5dbd1c554be85c5d164b3 Mon Sep 17 00:00:00 2001 From: juju4 Date: Thu, 22 Dec 2016 04:39:14 -0500 Subject: [PATCH] fix rubocop Conventions --- controls/os_spec.rb | 82 ++++++++++++++++++++--------------------- controls/sysctl_spec.rb | 2 +- 2 files changed, 42 insertions(+), 42 deletions(-) diff --git a/controls/os_spec.rb b/controls/os_spec.rb index d5d689f..13ec639 100644 --- a/controls/os_spec.rb +++ b/controls/os_spec.rb @@ -27,47 +27,47 @@ elsif os.debian? shadow_group = 'shadow' end blacklist = attribute('blacklist', default: [ - # blacklist as provided by NSA - '/usr/bin/rcp', '/usr/bin/rlogin', '/usr/bin/rsh', - # sshd must not use host-based authentication (see ssh cookbook) - '/usr/libexec/openssh/ssh-keysign', - '/usr/lib/openssh/ssh-keysign', - # misc others - '/sbin/netreport', # not normally required for user - '/usr/sbin/usernetctl', # modify interfaces via functional accounts - # connecting to ... - '/usr/sbin/userisdnctl', # no isdn... - '/usr/sbin/pppd', # no ppp / dsl ... - # lockfile - '/usr/bin/lockfile', - '/usr/bin/mail-lock', - '/usr/bin/mail-unlock', - '/usr/bin/mail-touchlock', - '/usr/bin/dotlockfile', - # need more investigation, blacklist for now - '/usr/bin/arping', - '/usr/sbin/arping', - '/usr/sbin/uuidd', - '/usr/bin/mtr', # investigate current state... - '/usr/lib/evolution/camel-lock-helper-1.2', # investigate current state... - '/usr/lib/pt_chown', # pseudo-tty, needed? - '/usr/lib/eject/dmcrypt-get-device', - '/usr/lib/mc/cons.saver' # midnight commander screensaver - # from Ubuntu xenial, need to investigate - # '/sbin/unix_chkpwd', - # '/sbin/pam_extrausers_chkpwd', - # '/usr/lib/x86_64-linux-gnu/utempter/utempter', - # '/usr/sbin/postdrop', - # '/usr/sbin/postqueue', - # '/usr/bin/ssh-agent', - # '/usr/bin/mlocate', - # '/usr/bin/crontab', - # '/usr/bin/screen', - # '/usr/bin/expiry', - # '/usr/bin/wall', - # '/usr/bin/chage', - # '/usr/bin/bsd-write' - ], description: 'blacklist of suid/sgid program on system') + # blacklist as provided by NSA + '/usr/bin/rcp', '/usr/bin/rlogin', '/usr/bin/rsh', + # sshd must not use host-based authentication (see ssh cookbook) + '/usr/libexec/openssh/ssh-keysign', + '/usr/lib/openssh/ssh-keysign', + # misc others + '/sbin/netreport', # not normally required for user + '/usr/sbin/usernetctl', # modify interfaces via functional accounts + # connecting to ... + '/usr/sbin/userisdnctl', # no isdn... + '/usr/sbin/pppd', # no ppp / dsl ... + # lockfile + '/usr/bin/lockfile', + '/usr/bin/mail-lock', + '/usr/bin/mail-unlock', + '/usr/bin/mail-touchlock', + '/usr/bin/dotlockfile', + # need more investigation, blacklist for now + '/usr/bin/arping', + '/usr/sbin/arping', + '/usr/sbin/uuidd', + '/usr/bin/mtr', # investigate current state... + '/usr/lib/evolution/camel-lock-helper-1.2', # investigate current state... + '/usr/lib/pt_chown', # pseudo-tty, needed? + '/usr/lib/eject/dmcrypt-get-device', + '/usr/lib/mc/cons.saver' # midnight commander screensaver + # from Ubuntu xenial, need to investigate + # '/sbin/unix_chkpwd', + # '/sbin/pam_extrausers_chkpwd', + # '/usr/lib/x86_64-linux-gnu/utempter/utempter', + # '/usr/sbin/postdrop', + # '/usr/sbin/postqueue', + # '/usr/bin/ssh-agent', + # '/usr/bin/mlocate', + # '/usr/bin/crontab', + # '/usr/bin/screen', + # '/usr/bin/expiry', + # '/usr/bin/wall', + # '/usr/bin/chage', + # '/usr/bin/bsd-write' + ], description: 'blacklist of suid/sgid program on system') control 'os-01' do impact 1.0 diff --git a/controls/sysctl_spec.rb b/controls/sysctl_spec.rb index d92ab3d..8520675 100644 --- a/controls/sysctl_spec.rb +++ b/controls/sysctl_spec.rb @@ -332,7 +332,7 @@ control 'sysctl-31' do # unless kernel_parameter('fs.suid_dumpable') == 2 # describe kernel_parameter('fs.suid_dumpable') do # its(:value) { should eq 2 } - # end + # end describe kernel_parameter('kernel.core_pattern') do its(:value) { should match %r{^/.*} } end