fix rubocop Conventions

2024-11-23 03:33:02 +00:00 · 2016-12-22 04:27:09 -05:00 · 2016-12-22 04:27:09 -05:00 · e62cb3f0ef
commit e62cb3f0ef
parent 4b029d7e99
2 changed files with 45 additions and 47 deletions
--- a/controls/os_spec.rb
+++ b/controls/os_spec.rb
@ -27,49 +27,47 @@ elsif os.debian?
  shadow_group = 'shadow'
 end
 blacklist = attribute('blacklist', default: [
-    # blacklist as provided by NSA
+  # blacklist as provided by NSA
-    '/usr/bin/rcp', '/usr/bin/rlogin', '/usr/bin/rsh',
+  '/usr/bin/rcp', '/usr/bin/rlogin', '/usr/bin/rsh',
-    # sshd must not use host-based authentication (see ssh cookbook)
+  # sshd must not use host-based authentication (see ssh cookbook)
-    '/usr/libexec/openssh/ssh-keysign',
+  '/usr/libexec/openssh/ssh-keysign',
-    '/usr/lib/openssh/ssh-keysign',
+  '/usr/lib/openssh/ssh-keysign',
-    # misc others
+  # misc others
-    '/sbin/netreport',                                            # not normally required for user
+  '/sbin/netreport',                                            # not normally required for user
-    '/usr/sbin/usernetctl',                                       # modify interfaces via functional accounts
+  '/usr/sbin/usernetctl',                                       # modify interfaces via functional accounts
-    # connecting to ...
+  # connecting to ...
-    '/usr/sbin/userisdnctl',                                      # no isdn...
+  '/usr/sbin/userisdnctl',                                      # no isdn...
-    '/usr/sbin/pppd',                                             # no ppp / dsl ...
+  '/usr/sbin/pppd',                                             # no ppp / dsl ...
-    # lockfile
+  # lockfile
-    '/usr/bin/lockfile',
+  '/usr/bin/lockfile',
-    '/usr/bin/mail-lock',
+  '/usr/bin/mail-lock',
-    '/usr/bin/mail-unlock',
+  '/usr/bin/mail-unlock',
-    '/usr/bin/mail-touchlock',
+  '/usr/bin/mail-touchlock',
-    '/usr/bin/dotlockfile',
+  '/usr/bin/dotlockfile',
-    # need more investigation, blacklist for now
+  # need more investigation, blacklist for now
-    '/usr/bin/arping',
+  '/usr/bin/arping',
-    '/usr/sbin/arping',
+  '/usr/sbin/arping',
-    '/usr/sbin/uuidd',
+  '/usr/sbin/uuidd',
-    '/usr/bin/mtr',                                               # investigate current state...
+  '/usr/bin/mtr',                                               # investigate current state...
-    '/usr/lib/evolution/camel-lock-helper-1.2',                   # investigate current state...
+  '/usr/lib/evolution/camel-lock-helper-1.2',                   # investigate current state...
-    '/usr/lib/pt_chown',                                          # pseudo-tty, needed?
+  '/usr/lib/pt_chown',                                          # pseudo-tty, needed?
-    '/usr/lib/eject/dmcrypt-get-device',
+  '/usr/lib/eject/dmcrypt-get-device',
-    '/usr/lib/mc/cons.saver', # midnight commander screensaver
+  '/usr/lib/mc/cons.saver', # midnight commander screensaver
-    # from Ubuntu xenial, need to investigate
+  # from Ubuntu xenial, need to investigate
-    # '/sbin/unix_chkpwd',
+  # '/sbin/unix_chkpwd',
-    # '/sbin/pam_extrausers_chkpwd',
+  # '/sbin/pam_extrausers_chkpwd',
-    # '/usr/lib/x86_64-linux-gnu/utempter/utempter',
+  # '/usr/lib/x86_64-linux-gnu/utempter/utempter',
-    # '/usr/sbin/postdrop',
+  # '/usr/sbin/postdrop',
-    # '/usr/sbin/postqueue',
+  # '/usr/sbin/postqueue',
-    # '/usr/bin/ssh-agent',
+  # '/usr/bin/ssh-agent',
-    # '/usr/bin/mlocate',
+  # '/usr/bin/mlocate',
-    # '/usr/bin/crontab',
+  # '/usr/bin/crontab',
-    # '/usr/bin/screen',
+  # '/usr/bin/screen',
-    # '/usr/bin/expiry',
+  # '/usr/bin/expiry',
-    # '/usr/bin/wall',
+  # '/usr/bin/wall',
-    # '/usr/bin/chage',
+  # '/usr/bin/chage',
-    # '/usr/bin/bsd-write',
+  # '/usr/bin/bsd-write',
-  ],
+  ], description: 'blacklist of suid/sgid program on system')
  description: 'blacklist of suid/sgid program on system')
 control 'os-01' do
  impact 1.0
--- a/controls/sysctl_spec.rb
+++ b/controls/sysctl_spec.rb
@ -329,10 +329,10 @@ control 'sysctl-31' do
    # its(:value) { should match /0|2/ }
    its(:value) { should eq 2 }
  end
-    # unless kernel_parameter('fs.suid_dumpable') == 2
+  # unless kernel_parameter('fs.suid_dumpable') == 2
-      # describe kernel_parameter('fs.suid_dumpable') do
+    # describe kernel_parameter('fs.suid_dumpable') do
-        # its(:value) { should eq 2 }
+      # its(:value) { should eq 2 }
-      # end
+    # end
  describe kernel_parameter('kernel.core_pattern') do
    its(:value) { should match %r{^/.*} }
  end