From c5dc86b78a2aec7179c86a04adc42d01d23ff678 Mon Sep 17 00:00:00 2001
From: Michael Geiger <info@mgeiger.de>
Date: Thu, 13 Jul 2017 20:16:28 +0200
Subject: [PATCH] Optimize file search routines - Remove redundant search for
 .rhosts files from os-01 (see os-09) - Direct lookup of /etc/hosts.equiv
 instead of recursive search (os-01) - Limit find to 3 sublevels in os-09

Signed-off-by: Michael Geiger <info@mgeiger.de>
---
 controls/os_spec.rb | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/controls/os_spec.rb b/controls/os_spec.rb
index 3648160..c41384b 100644
--- a/controls/os_spec.rb
+++ b/controls/os_spec.rb
@@ -73,12 +73,9 @@ blacklist = attribute(
 control 'os-01' do
   impact 1.0
   title 'Trusted hosts login'
-  desc "Rhosts/hosts.equiv files are a weak implemenation of authentication. Disabling the .rhosts and hosts.equiv support helps to prevent users from subverting the system's normal access control mechanisms of the system."
-  describe command('find / -name \'.rhosts\'') do
-    its('stdout') { should be_empty }
-  end
-  describe command('find / -name \'hosts.equiv\' ') do
-    its('stdout') { should be_empty }
+  desc "hosts.equiv file is a weak implemenation of authentication. Disabling the hosts.equiv support helps to prevent users from subverting the system's normal access control mechanisms of the system."
+  describe file('/etc/hosts.equiv') do
+    it { should_not exist }
   end
 end
 
@@ -217,8 +214,7 @@ control 'os-09' do
   impact 1.0
   title 'Check for .rhosts and .netrc file'
   desc 'Find .rhosts and .netrc files - CIS Benchmark 9.2.9-10'
-
-  output = command('find / \( -iname .rhosts -o -iname .netrc \) -print 2>/dev/null | grep -v \'^find:\'')
+  output = command('find / -maxdepth 3 \( -iname .rhosts -o -iname .netrc \) -print 2>/dev/null | grep -v \'^find:\'')
   out = output.stdout.split(/\r?\n/)
   describe out do
     it { should be_empty }