our solution with cmp for fs.protected_fifos did not work. Checking for
all possible values combined with an `or` seems more reasonable here.
Also both sysctl parameters are not available in RHEL7. The chosen
solution seems to be the least complex, that also works on all systems.
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* use input instead of attribute
In the last versions of Inspec and cinc-auditor, attribute is deprecated and input should be used.
https://docs.chef.io/workstation/cookstyle/inspec_deprecations_attributehelper/
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
* Update sysctl_spec.rb
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
* Update inspec.yml
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
* Update Rakefile
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
Common and long-standing exploits regard unprotected links, fifos and
regular files, which are created or controlled by an attacker to gain
access to other files or control over other programs.
Signed-off-by: Claudius Heine <ch@denx.de>
* update code to conform to new linting rules
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* disable unneeded linting rule
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
This profile throws an exception when using InSpec < 2.0.30 on non-virtualized systems because this fix (https://github.com/inspec/inspec/pull/2603) was not included in prior versions. This pull simply catches the exception where virtualization.* is called in pure Ruby.
