fix rubocop Conventions

2025-02-16 17:58:24 +00:00 · 2016-12-22 04:17:32 -05:00 · 2016-12-22 04:17:32 -05:00 · b2cd7ee312
commit b2cd7ee312
parent e297ff2b1e
2 changed files with 30 additions and 27 deletions
--- a/controls/os_spec.rb
+++ b/controls/os_spec.rb
@ -108,11 +108,6 @@ control 'os-05' do
    it { should be_readable.by('group') }
    it { should be_readable.by('other') }
  end
-  if os.redhat?
-    describe file('/etc/login.defs') do
-      it { should_not be_writable }
-    end
-  end
  describe login_defs do
    its('ENV_SUPATH') { should include('/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin') }
    its('ENV_PATH') { should include('/usr/local/bin:/usr/bin:/bin') }
@ -125,7 +120,16 @@ control 'os-05' do
    its('UID_MIN') { should eq '1000' }
    its('GID_MIN') { should eq '1000' }
  end
+end
+
+control 'os-05b' do
+  impact 1.0
+  title 'Check login.defs - RedHat specific'
+  desc 'Check owner and permissions for login.defs. Also check the configured PATH variable and umask in login.defs'
  if os.redhat?
+    describe file('/etc/login.defs') do
+      it { should_not be_writable }
+    end
    describe login_defs do
      its('SYS_UID_MIN') { should eq '100' }
      its('SYS_UID_MAX') { should eq '999' }
@ -168,19 +172,19 @@ control 'os-06' do
    '/usr/lib/eject/dmcrypt-get-device',
    '/usr/lib/mc/cons.saver', # midnight commander screensaver
    # from Ubuntu xenial, need to investigate
-    #'/sbin/unix_chkpwd',
-    #'/sbin/pam_extrausers_chkpwd',
-    #'/usr/lib/x86_64-linux-gnu/utempter/utempter',
-    #'/usr/sbin/postdrop',
-    #'/usr/sbin/postqueue',
-    #'/usr/bin/ssh-agent',
-    #'/usr/bin/mlocate',
-    #'/usr/bin/crontab',
-    #'/usr/bin/screen',
-    #'/usr/bin/expiry',
-    #'/usr/bin/wall',
-    #'/usr/bin/chage',
-    #'/usr/bin/bsd-write',
+    # '/sbin/unix_chkpwd',
+    # '/sbin/pam_extrausers_chkpwd',
+    # '/usr/lib/x86_64-linux-gnu/utempter/utempter',
+    # '/usr/sbin/postdrop',
+    # '/usr/sbin/postqueue',
+    # '/usr/bin/ssh-agent',
+    # '/usr/bin/mlocate',
+    # '/usr/bin/crontab',
+    # '/usr/bin/screen',
+    # '/usr/bin/expiry',
+    # '/usr/bin/wall',
+    # '/usr/bin/chage',
+    # '/usr/bin/bsd-write',
  ]

  output = command('find / -perm -4000 -o -perm -2000 -type f ! -path \'/proc/*\' ! -path \'/var/lib/lxd/containers/*\' -print 2>/dev/null | grep -v \'^find:\'')
@ -222,4 +226,3 @@ control 'os-09' do
    it { should be_empty }
  end
 end
-
--- a/controls/sysctl_spec.rb
+++ b/controls/sysctl_spec.rb
@ -325,19 +325,19 @@ control 'sysctl-31' do

  describe kernel_parameter('fs.suid_dumpable') do
    ## those are not valid. how to?
-    #its(:value) { should eq 0 or should eq 2 }
-    #its(:value) { should match /[02]/ }
-    #its(:value) { should match /0|2/ }
+    # its(:value) { should eq 0 or should eq 2 }
+    # its(:value) { should match /[02]/ }
+    # its(:value) { should match /0|2/ }
    its(:value) { should eq 2 }
  end
-  #unless kernel_parameter('fs.suid_dumpable') == 2
-    #describe kernel_parameter('fs.suid_dumpable') do
-      #its(:value) { should eq 2 }
-    #end
+  # unless kernel_parameter('fs.suid_dumpable') == 2
+    # describe kernel_parameter('fs.suid_dumpable') do
+      # its(:value) { should eq 2 }
+    # end
  describe kernel_parameter('kernel.core_pattern') do
    its(:value) { should match %r{^/.*} }
  end
-  #end
+  # end
 end

 control 'sysctl-32' do