Send and Accept locale environment variables #167
Conversation
|
@artem-sidorenko tests seem to fail on Oracle only, I'm not sure why, and I can't see how to view the specific failures in Travis? |
|
@mikemoate you just click the failed job and can see the log: https://travis-ci.org/dev-sec/chef-ssh-hardening/jobs/196915943 I looks totally unrelated to your changes and actually looks like master should be also broken. I will have a look |
|
it looks like this is related to the fix within train: inspec/train@6b5d582 We have to add oracle platform to the ssh-baseline, I'll create a PR |
|
OK thanks. I could see the Travis logs but not the details of the failing test cases. Now I realise they are just very un-obvious (compared to the test passed lines which are highlighted red), maybe I'll give TravisCI some feedback :-) |
|
@mikemoate I guess this color problem is related somehow to the bash-color done by inspec. Usually it looks properly |
|
@mikemoate the dev-sec/ssh-baseline#80 should fix the tests |
templates/default/openssh.conf.erb
Outdated
| @@ -112,3 +112,6 @@ Compression yes | |||
|
|
|||
| # http://undeadly.org/cgi?action=article&sid=20160114142733 | |||
| UseRoaming <%= @node['ssh-hardening']['ssh']['client']['roaming'] ? 'yes' : 'no' %> | |||
|
|
|||
| #Send locale environment variables | |||
| SendEnv LANG LC_* LANGUAGE | |||
There was a problem hiding this comment.
Could we have it configurable? Some attribute like ['ssh-hardening']['ssh']['client']['send_env'] as with ['LANG', 'LC_*', 'LANGUAGE'] as default in the attributes/default.rb
templates/default/opensshd.conf.erb
Outdated
| @@ -193,6 +193,9 @@ UseDNS <%= ((@node['ssh-hardening']['ssh']['server']['use_dns']) ? 'yes' : 'no' | |||
| #ChrootDirectory none | |||
| #ChrootDirectory /home/%u | |||
|
|
|||
| #Accept locale environment variables | |||
| AcceptEnv LANG LC_* LANGUAGE | |||
There was a problem hiding this comment.
Could we have it configurable too? Attribute like ['ssh-hardening']['ssh']['server']['accept_env'] with ['LANG', 'LC_*', 'LANGUAGE'] as default in the attributes/default.rb would be cool
spec/recipes/server_spec.rb
Outdated
| @@ -64,6 +64,11 @@ | |||
| ) | |||
| end | |||
|
|
|||
| it 'accepts locale environment variables' do | |||
| expect(chef_run).to render_file('/etc/ssh/sshd_config'). | |||
| with_content('AcceptEnv LANG LC_* LANGUAGE') | |||
There was a problem hiding this comment.
If you implement it as attribute, could you please add the second test: to verify the attribute change? Good example is here for allow_root_with_key attribute
|
Thank you for this PR! I've added some comments:) |
|
@artem-sidorenko I think this covers everything you asked for now. |
|
@mikemoate looks good to me, could you please also cleanup the commit history by squashing the commits? |
Use attributes to set the environment variables that ssh client should send and that ssh daemon should accept. The primary use case here is for locale, and the default attribute value reflects this (as discussed in dev-sec#160). Chefspec tests cover the default, custom/overriden and empty cases for the attributes.
mikemoate
force-pushed
the
issue_160_locale
branch
from
a9adb7d
to
d5d7ea6
Compare
|
@artem-sidorenko squashed as requested. |
|
@mikemoate thank you! |
Fixes #160