From 6019a6571fe427334762594a426dd87c532f6652 Mon Sep 17 00:00:00 2001 From: Tom Miller Date: Thu, 12 Apr 2018 09:47:43 -0600 Subject: [PATCH 1/6] Add just a bashrc file for Centos7 and check for file existence before checking for values in it. --- controls/5_4_user_accounts_and_environments.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/controls/5_4_user_accounts_and_environments.rb b/controls/5_4_user_accounts_and_environments.rb index 0291736..56019eb 100644 --- a/controls/5_4_user_accounts_and_environments.rb +++ b/controls/5_4_user_accounts_and_environments.rb @@ -161,15 +161,15 @@ tag cis: 'distribution-independent-linux:5.4.4' tag level: 1 - %w(bash.bashrc profile).each do |f| + %w(bash.bashrc profile bashrc).each do |f| describe file("/etc/#{f}") do its(:content) { should_not match(/^umask [01234567](0[7654321]|[7654321][654321])\s*(?:#.*)?$/) } end end describe.one do - %w(bash.bashrc profile).each do |f| - describe file("/etc/#{f}") do + %w(bash.bashrc profile bashrc).each do |f| + describe file("/etc/#{f}").exists do its(:content) { should match(/^umask [01234567][2367]7\s*(?:#.*)?$/) } end end From 045ec8111cc02283b1d8f0bcce9cb71d5000e2cd Mon Sep 17 00:00:00 2001 From: Tom Miller Date: Thu, 12 Apr 2018 09:53:21 -0600 Subject: [PATCH 2/6] Fix file existence syntax. --- .ruby-version | 1 + Gemfile.lock | 192 ++++++++++++++++++ .../5_4_user_accounts_and_environments.rb | 2 +- 3 files changed, 194 insertions(+), 1 deletion(-) create mode 100644 .ruby-version create mode 100644 Gemfile.lock diff --git a/.ruby-version b/.ruby-version new file mode 100644 index 0000000..e75da3e --- /dev/null +++ b/.ruby-version @@ -0,0 +1 @@ +2.3.6 diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..3e745b9 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,192 @@ +GEM + remote: https://rubygems.org/ + specs: + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) + ast (2.4.0) + aws-sdk (2.11.33) + aws-sdk-resources (= 2.11.33) + aws-sdk-core (2.11.33) + aws-sigv4 (~> 1.0) + jmespath (~> 1.0) + aws-sdk-resources (2.11.33) + aws-sdk-core (= 2.11.33) + aws-sigv4 (1.0.2) + azure_mgmt_resources (0.16.0) + ms_rest_azure (~> 0.10.0) + builder (3.2.3) + coderay (1.1.2) + colorize (0.8.1) + concurrent-ruby (1.0.5) + descendants_tracker (0.0.4) + thread_safe (~> 0.3, >= 0.3.1) + diff-lcs (1.3) + docker-api (1.34.2) + excon (>= 0.47.0) + multi_json + domain_name (0.5.20170404) + unf (>= 0.0.5, < 1.0.0) + erubis (2.7.0) + excon (0.62.0) + faraday (0.12.2) + multipart-post (>= 1.2, < 3) + faraday-cookie_jar (0.0.6) + faraday (>= 0.7.4) + http-cookie (~> 1.0.0) + ffi (1.9.23) + github_api (0.18.2) + addressable (~> 2.4) + descendants_tracker (~> 0.0.4) + faraday (~> 0.8) + hashie (~> 3.5, >= 3.5.2) + oauth2 (~> 1.0) + github_changelog_generator (1.12.1) + colorize (~> 0.7) + github_api (~> 0.12) + rake (>= 10.0) + gssapi (1.2.0) + ffi (>= 1.0.1) + gyoku (1.3.1) + builder (>= 2.1.2) + hashie (3.5.7) + htmlentities (4.3.4) + http-cookie (1.0.3) + domain_name (~> 0.5) + httpclient (2.8.3) + inifile (3.0.0) + inspec (2.1.0) + addressable (~> 2.4) + faraday (>= 0.9.0) + hashie (~> 3.4) + htmlentities + json (>= 1.8, < 3.0) + method_source (~> 0.8) + mixlib-log + parallel (~> 1.9) + parslet (~> 1.5) + pry (~> 0) + rspec (~> 3) + rspec-its (~> 1.2) + rubyzip (~> 1.1) + semverse + sslshake (~> 1.2) + thor (~> 0.19) + tomlrb (~> 1.2) + train (~> 1.2) + jmespath (1.4.0) + json (2.1.0) + jwt (1.5.6) + little-plugger (1.1.4) + logging (2.2.2) + little-plugger (~> 1.1) + multi_json (~> 1.10) + method_source (0.9.0) + mixlib-log (2.0.3) + mixlib-shellout (2.3.2) + ms_rest (0.7.2) + concurrent-ruby (~> 1.0) + faraday (~> 0.9) + timeliness (~> 0.3) + ms_rest_azure (0.10.4) + concurrent-ruby (~> 1.0) + faraday (~> 0.9) + faraday-cookie_jar (~> 0.0.6) + ms_rest (~> 0.7.2) + multi_json (1.13.1) + multi_xml (0.6.0) + multipart-post (2.0.0) + net-scp (1.2.1) + net-ssh (>= 2.6.5) + net-ssh (4.2.0) + nori (2.6.0) + oauth2 (1.4.0) + faraday (>= 0.8, < 0.13) + jwt (~> 1.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + parallel (1.12.1) + parser (2.5.0.5) + ast (~> 2.4.0) + parslet (1.8.2) + powerpack (0.1.1) + pry (0.11.3) + coderay (~> 1.1.0) + method_source (~> 0.9.0) + public_suffix (3.0.2) + rack (2.0.4) + rainbow (3.0.0) + rake (12.3.1) + rspec (3.7.0) + rspec-core (~> 3.7.0) + rspec-expectations (~> 3.7.0) + rspec-mocks (~> 3.7.0) + rspec-core (3.7.1) + rspec-support (~> 3.7.0) + rspec-expectations (3.7.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.7.0) + rspec-its (1.2.0) + rspec-core (>= 3.0.0) + rspec-expectations (>= 3.0.0) + rspec-mocks (3.7.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.7.0) + rspec-support (3.7.1) + rubocop (0.54.0) + parallel (~> 1.10) + parser (>= 2.5) + powerpack (~> 0.1) + rainbow (>= 2.2.2, < 4.0) + ruby-progressbar (~> 1.7) + unicode-display_width (~> 1.0, >= 1.0.1) + ruby-progressbar (1.9.0) + rubyntlm (0.6.2) + rubyzip (1.2.1) + semverse (2.0.0) + sslshake (1.2.0) + thor (0.20.0) + thread_safe (0.3.6) + timeliness (0.3.8) + tomlrb (1.2.6) + train (1.3.0) + aws-sdk (~> 2) + azure_mgmt_resources (~> 0.15) + docker-api (~> 1.26) + inifile + json (>= 1.8, < 3.0) + mixlib-shellout (~> 2.0) + net-scp (~> 1.2) + net-ssh (>= 2.9, < 5.0) + winrm (~> 2.0) + winrm-fs (~> 1.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.7.5) + unicode-display_width (1.3.0) + winrm (2.2.3) + builder (>= 2.1.2) + erubis (~> 2.7) + gssapi (~> 1.2) + gyoku (~> 1.0) + httpclient (~> 2.2, >= 2.2.0.2) + logging (>= 1.6.1, < 3.0) + nori (~> 2.0) + rubyntlm (~> 0.6.0, >= 0.6.1) + winrm-fs (1.2.0) + erubis (~> 2.7) + logging (>= 1.6.1, < 3.0) + rubyzip (~> 1.1) + winrm (~> 2.0) + +PLATFORMS + ruby + +DEPENDENCIES + github_changelog_generator (~> 1.12.0) + inspec (= 2.1.0) + rake + rubocop + +BUNDLED WITH + 1.16.1 diff --git a/controls/5_4_user_accounts_and_environments.rb b/controls/5_4_user_accounts_and_environments.rb index 56019eb..b89c2c7 100644 --- a/controls/5_4_user_accounts_and_environments.rb +++ b/controls/5_4_user_accounts_and_environments.rb @@ -169,7 +169,7 @@ describe.one do %w(bash.bashrc profile bashrc).each do |f| - describe file("/etc/#{f}").exists do + describe file("/etc/#{f}").file? do its(:content) { should match(/^umask [01234567][2367]7\s*(?:#.*)?$/) } end end From 1b5aceffa6cfd134ff4c7ca229b48e3f25894330 Mon Sep 17 00:00:00 2001 From: Tom Miller Date: Thu, 12 Apr 2018 09:55:32 -0600 Subject: [PATCH 3/6] Wrap block in if statement. --- controls/5_4_user_accounts_and_environments.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/controls/5_4_user_accounts_and_environments.rb b/controls/5_4_user_accounts_and_environments.rb index b89c2c7..f259239 100644 --- a/controls/5_4_user_accounts_and_environments.rb +++ b/controls/5_4_user_accounts_and_environments.rb @@ -169,8 +169,10 @@ describe.one do %w(bash.bashrc profile bashrc).each do |f| - describe file("/etc/#{f}").file? do - its(:content) { should match(/^umask [01234567][2367]7\s*(?:#.*)?$/) } + if file("/etc/#{f}").file? + describe file("/etc/#{f}") do + its(:content) { should match(/^umask [01234567][2367]7\s*(?:#.*)?$/) } + end end end end From edfab364ad75d7697b1e1927446559bcabe4efee Mon Sep 17 00:00:00 2001 From: Tom Miller Date: Thu, 12 Apr 2018 10:14:09 -0600 Subject: [PATCH 4/6] Fix style issues for rubocop. --- controls/5_4_user_accounts_and_environments.rb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/controls/5_4_user_accounts_and_environments.rb b/controls/5_4_user_accounts_and_environments.rb index f259239..bea8dc8 100644 --- a/controls/5_4_user_accounts_and_environments.rb +++ b/controls/5_4_user_accounts_and_environments.rb @@ -169,10 +169,9 @@ describe.one do %w(bash.bashrc profile bashrc).each do |f| - if file("/etc/#{f}").file? - describe file("/etc/#{f}") do - its(:content) { should match(/^umask [01234567][2367]7\s*(?:#.*)?$/) } - end + next unless file("/etc/#{f}").file? + describe file("/etc/#{f}") do + its(:content) { should match(/^umask [01234567][2367]7\s*(?:#.*)?$/) } end end end From 1211296874a1b204975f9f40ced49e29f8e7b4b4 Mon Sep 17 00:00:00 2001 From: Tom Miller Date: Thu, 12 Apr 2018 10:16:45 -0600 Subject: [PATCH 5/6] Remove ruby-version from commit. --- .ruby-version | 1 - 1 file changed, 1 deletion(-) delete mode 100644 .ruby-version diff --git a/.ruby-version b/.ruby-version deleted file mode 100644 index e75da3e..0000000 --- a/.ruby-version +++ /dev/null @@ -1 +0,0 @@ -2.3.6 From 659e808b25326e78e8bf7cb3fa142ee9c01281b9 Mon Sep 17 00:00:00 2001 From: Tom Miller Date: Thu, 12 Apr 2018 10:19:35 -0600 Subject: [PATCH 6/6] Remove Gemfile.lock. --- Gemfile.lock | 192 --------------------------------------------------- 1 file changed, 192 deletions(-) delete mode 100644 Gemfile.lock diff --git a/Gemfile.lock b/Gemfile.lock deleted file mode 100644 index 3e745b9..0000000 --- a/Gemfile.lock +++ /dev/null @@ -1,192 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) - ast (2.4.0) - aws-sdk (2.11.33) - aws-sdk-resources (= 2.11.33) - aws-sdk-core (2.11.33) - aws-sigv4 (~> 1.0) - jmespath (~> 1.0) - aws-sdk-resources (2.11.33) - aws-sdk-core (= 2.11.33) - aws-sigv4 (1.0.2) - azure_mgmt_resources (0.16.0) - ms_rest_azure (~> 0.10.0) - builder (3.2.3) - coderay (1.1.2) - colorize (0.8.1) - concurrent-ruby (1.0.5) - descendants_tracker (0.0.4) - thread_safe (~> 0.3, >= 0.3.1) - diff-lcs (1.3) - docker-api (1.34.2) - excon (>= 0.47.0) - multi_json - domain_name (0.5.20170404) - unf (>= 0.0.5, < 1.0.0) - erubis (2.7.0) - excon (0.62.0) - faraday (0.12.2) - multipart-post (>= 1.2, < 3) - faraday-cookie_jar (0.0.6) - faraday (>= 0.7.4) - http-cookie (~> 1.0.0) - ffi (1.9.23) - github_api (0.18.2) - addressable (~> 2.4) - descendants_tracker (~> 0.0.4) - faraday (~> 0.8) - hashie (~> 3.5, >= 3.5.2) - oauth2 (~> 1.0) - github_changelog_generator (1.12.1) - colorize (~> 0.7) - github_api (~> 0.12) - rake (>= 10.0) - gssapi (1.2.0) - ffi (>= 1.0.1) - gyoku (1.3.1) - builder (>= 2.1.2) - hashie (3.5.7) - htmlentities (4.3.4) - http-cookie (1.0.3) - domain_name (~> 0.5) - httpclient (2.8.3) - inifile (3.0.0) - inspec (2.1.0) - addressable (~> 2.4) - faraday (>= 0.9.0) - hashie (~> 3.4) - htmlentities - json (>= 1.8, < 3.0) - method_source (~> 0.8) - mixlib-log - parallel (~> 1.9) - parslet (~> 1.5) - pry (~> 0) - rspec (~> 3) - rspec-its (~> 1.2) - rubyzip (~> 1.1) - semverse - sslshake (~> 1.2) - thor (~> 0.19) - tomlrb (~> 1.2) - train (~> 1.2) - jmespath (1.4.0) - json (2.1.0) - jwt (1.5.6) - little-plugger (1.1.4) - logging (2.2.2) - little-plugger (~> 1.1) - multi_json (~> 1.10) - method_source (0.9.0) - mixlib-log (2.0.3) - mixlib-shellout (2.3.2) - ms_rest (0.7.2) - concurrent-ruby (~> 1.0) - faraday (~> 0.9) - timeliness (~> 0.3) - ms_rest_azure (0.10.4) - concurrent-ruby (~> 1.0) - faraday (~> 0.9) - faraday-cookie_jar (~> 0.0.6) - ms_rest (~> 0.7.2) - multi_json (1.13.1) - multi_xml (0.6.0) - multipart-post (2.0.0) - net-scp (1.2.1) - net-ssh (>= 2.6.5) - net-ssh (4.2.0) - nori (2.6.0) - oauth2 (1.4.0) - faraday (>= 0.8, < 0.13) - jwt (~> 1.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - parallel (1.12.1) - parser (2.5.0.5) - ast (~> 2.4.0) - parslet (1.8.2) - powerpack (0.1.1) - pry (0.11.3) - coderay (~> 1.1.0) - method_source (~> 0.9.0) - public_suffix (3.0.2) - rack (2.0.4) - rainbow (3.0.0) - rake (12.3.1) - rspec (3.7.0) - rspec-core (~> 3.7.0) - rspec-expectations (~> 3.7.0) - rspec-mocks (~> 3.7.0) - rspec-core (3.7.1) - rspec-support (~> 3.7.0) - rspec-expectations (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-its (1.2.0) - rspec-core (>= 3.0.0) - rspec-expectations (>= 3.0.0) - rspec-mocks (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-support (3.7.1) - rubocop (0.54.0) - parallel (~> 1.10) - parser (>= 2.5) - powerpack (~> 0.1) - rainbow (>= 2.2.2, < 4.0) - ruby-progressbar (~> 1.7) - unicode-display_width (~> 1.0, >= 1.0.1) - ruby-progressbar (1.9.0) - rubyntlm (0.6.2) - rubyzip (1.2.1) - semverse (2.0.0) - sslshake (1.2.0) - thor (0.20.0) - thread_safe (0.3.6) - timeliness (0.3.8) - tomlrb (1.2.6) - train (1.3.0) - aws-sdk (~> 2) - azure_mgmt_resources (~> 0.15) - docker-api (~> 1.26) - inifile - json (>= 1.8, < 3.0) - mixlib-shellout (~> 2.0) - net-scp (~> 1.2) - net-ssh (>= 2.9, < 5.0) - winrm (~> 2.0) - winrm-fs (~> 1.0) - unf (0.1.4) - unf_ext - unf_ext (0.0.7.5) - unicode-display_width (1.3.0) - winrm (2.2.3) - builder (>= 2.1.2) - erubis (~> 2.7) - gssapi (~> 1.2) - gyoku (~> 1.0) - httpclient (~> 2.2, >= 2.2.0.2) - logging (>= 1.6.1, < 3.0) - nori (~> 2.0) - rubyntlm (~> 0.6.0, >= 0.6.1) - winrm-fs (1.2.0) - erubis (~> 2.7) - logging (>= 1.6.1, < 3.0) - rubyzip (~> 1.1) - winrm (~> 2.0) - -PLATFORMS - ruby - -DEPENDENCIES - github_changelog_generator (~> 1.12.0) - inspec (= 2.1.0) - rake - rubocop - -BUNDLED WITH - 1.16.1