Mirrors/linux-baseline
2
0
Fork 0
mirror of https://github.com/dev-sec/linux-baseline synced 2025-04-04 06:36:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request from rndmh3ro/logcheck

Browse source 
add logdir-check
This commit is contained in:
Artem Sidorenko 2017-10-31 13:55:19 +01:00 committed by GitHub
commit f31904ff02
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions

18
controls/os_spec.rb
View file

@ -17,6 +17,13 @@
# author: Dominik Richter
# author: Patrick Muench
log_dir_group = case os[:family]
when 'debian', 'redhat', 'fedora'
'root'
when 'ubuntu'
os[:release] == '14.04' ? 'syslog' : 'root'
end
login_defs_umask = attribute('login_defs_umask', default: '027', description: 'Default umask to set in login.defs')
login_defs_passmaxdays = attribute('login_defs_passmaxdays', default: '60', description: 'Default password maxdays to set in login.defs')
login_defs_passmindays = attribute('login_defs_passmindays', default: '7', description: 'Default password mindays to set in login.defs')
@ -236,3 +243,14 @@ control 'os-10' do
its(:content) { should match 'install vfat /bin/true' }
end
end
control 'os-11' do
impact 1.0
title 'Protect log-directory'
desc 'The log-directory /var/log should belong to root'
describe file('/var/log') do
it { should be_directory }
it { should be_owned_by 'root' }
it { should be_grouped_into log_dir_group }
end
end