From deead00e47b2f2e04d2b119367b64b0517a47ccb Mon Sep 17 00:00:00 2001 From: Patrick Meier Date: Thu, 11 Sep 2014 22:10:12 +0200 Subject: [PATCH] changed GIS to DTAG SEC Signed-off-by: Patrick Meier --- default/serverspec/os_spec.rb | 20 ++++++++++---------- default/serverspec/sysctl_spec.rb | 26 +++++++++++++------------- lockdown/serverspec/os_spec.rb | 20 ++++++++++---------- lockdown/serverspec/sysctl_spec.rb | 26 +++++++++++++------------- 4 files changed, 46 insertions(+), 46 deletions(-) diff --git a/default/serverspec/os_spec.rb b/default/serverspec/os_spec.rb index 6f41d8b..24d9a83 100644 --- a/default/serverspec/os_spec.rb +++ b/default/serverspec/os_spec.rb @@ -21,47 +21,47 @@ c.filter_run_excluding skipOn: backend(Serverspec::Commands::Base).check_os[:family] end -# GIS: Req 3.21-4 +# DTAG SEC: Req 3.21-4 describe command('find / -name \'.rhosts\' | wc -l ') do its(:stdout) { should match(/^0/) } end -# GIS: Req 3.21-4 +# DTAG SEC: Req 3.21-4 describe command('find / -name \'hosts.equiv\' | wc -l ') do its(:stdout) { should match(/^0/) } end -# GIS: Req 3.21-7 +# DTAG SEC: Req 3.21-7 describe file('/etc/shadow') do it { should be_owned_by 'root' } end -# GIS: Req 3.21-7 +# DTAG SEC: Req 3.21-7 describe file('/etc/shadow') do it { should be_mode 600 } end -# GIS: Req 3.21-8 +# DTAG SEC: Req 3.21-8 describe command('echo $PATH | grep -ci \'\.\'') do its(:stdout) { should match(/^0/) } end -# GIS: Req 3.21-8 +# DTAG SEC: Req 3.21-8 describe file('/etc/login.defs') do its(:content) { should match(%r{^ENV_SUPATH\s+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin}) } end -# GIS: Req 3.21-8 +# DTAG SEC: Req 3.21-8 describe file('/etc/login.defs') do its(:content) { should match(%r{^ENV_PATH\s+PATH=/usr/local/bin:/usr/bin:/bin}) } end -# GIS: Req 3.21-10 +# DTAG SEC: Req 3.21-10 describe file('/etc/login.defs') do its(:content) { should match(/^UMASK +027/) } end -# GIS: Req 3.21-12 +# DTAG SEC: Req 3.21-12 describe 'SUID/ SGID blacklist check' do it 'found no blacklisted suid/sgid' do blacklist = [ @@ -97,7 +97,7 @@ end end -# GIS: Req 3.21-16 +# DTAG SEC: Req 3.21-16 describe 'Unique uid' do it 'check for unique uids' do actual = command('cat /etc/passwd | cut -d \':\' -f 3').stdout.split(/\r?\n/) diff --git a/default/serverspec/sysctl_spec.rb b/default/serverspec/sysctl_spec.rb index f35a9ad..5ca5ec1 100644 --- a/default/serverspec/sysctl_spec.rb +++ b/default/serverspec/sysctl_spec.rb @@ -23,27 +23,27 @@ describe 'IP V4 networking' do - # GIS: Req 3.21-1 + # DTAG SEC: Req 3.21-1 context linux_kernel_parameter('net.ipv4.ip_forward') do its(:value) { should eq 0 } end - # GIS: Req 3.21-1 + # DTAG SEC: Req 3.21-1 context linux_kernel_parameter('net.ipv4.conf.all.forwarding') do its(:value) { should eq 0 } end - # GIS: Req 3.21-3 + # DTAG SEC: Req 3.21-3 context linux_kernel_parameter('net.ipv4.conf.all.rp_filter') do its(:value) { should eq 1 } end - # GIS: Req 3.21-3 ; GIS: Req 3.37-10 + # DTAG SEC: Req 3.21-3 ; DTAG SEC: Req 3.37-10 context linux_kernel_parameter('net.ipv4.conf.default.rp_filter') do its(:value) { should eq 1 } end - # GIS: Req 3.21-1 + # DTAG SEC: Req 3.21-1 context linux_kernel_parameter('net.ipv4.icmp_echo_ignore_broadcasts') do its(:value) { should eq 1 } end @@ -52,7 +52,7 @@ its(:value) { should eq 1 } end - # GIS: Req 3.01-9 + # DTAG SEC: Req 3.01-9 context linux_kernel_parameter('net.ipv4.icmp_ratelimit') do its(:value) { should eq 100 } end @@ -65,12 +65,12 @@ its(:value) { should eq 0 } end - # GIS: Req 3.21-3 + # DTAG SEC: Req 3.21-3 context linux_kernel_parameter('net.ipv4.conf.all.arp_ignore') do its(:value) { should eq 1 } end - # GIS: Req 3.21-3 + # DTAG SEC: Req 3.21-3 context linux_kernel_parameter('net.ipv4.conf.all.arp_announce') do its(:value) { should eq 2 } end @@ -91,12 +91,12 @@ its(:value) { should eq 1 } end - # GIS: Req 3.37-12 + # DTAG SEC: Req 3.37-12 context linux_kernel_parameter('net.ipv4.conf.all.accept_source_route') do its(:value) { should eq 0 } end - # GIS: Req 3.37-12 + # DTAG SEC: Req 3.37-12 context linux_kernel_parameter('net.ipv4.conf.default.accept_source_route') do its(:value) { should eq 0 } end @@ -138,7 +138,7 @@ its(:value) { should eq 1 } end - # GIS: Req 3.21-1 + # DTAG SEC: Req 3.21-1 context linux_kernel_parameter('net.ipv6.conf.all.forwarding') do its(:value) { should eq 0 } end @@ -202,7 +202,7 @@ describe 'ExecShield' do - # GIS: Req 3.21-5 + # DTAG SEC: Req 3.21-5 # check if we find the nx flag if command('cat /proc/cpuinfo').return_stdout?(/^flags.*?:.*? nx( .*?)?$/) true @@ -217,7 +217,7 @@ end end - # GIS: Req 3.21-5 + # DTAG SEC: Req 3.21-5 context linux_kernel_parameter('kernel.randomize_va_space') do its(:value) { should eq 2 } end diff --git a/lockdown/serverspec/os_spec.rb b/lockdown/serverspec/os_spec.rb index b5753b1..4bbbf6a 100644 --- a/lockdown/serverspec/os_spec.rb +++ b/lockdown/serverspec/os_spec.rb @@ -21,47 +21,47 @@ c.filter_run_excluding skipOn: backend(Serverspec::Commands::Base).check_os[:family] end -# GIS: Req 3.21-4 +# DTAG SEC: Req 3.21-4 describe command('find / -name \'.rhosts\' | wc -l ') do its(:stdout) { should match(/^0/) } end -# GIS: Req 3.21-4 +# DTAG SEC: Req 3.21-4 describe command('find / -name \'hosts.equiv\' | wc -l ') do its(:stdout) { should match(/^0/) } end -# GIS: Req 3.21-7 +# DTAG SEC: Req 3.21-7 describe file('/etc/shadow') do it { should be_owned_by 'root' } end -# GIS: Req 3.21-7 +# DTAG SEC: Req 3.21-7 describe file('/etc/shadow') do it { should be_mode 600 } end -# GIS: Req 3.21-8 +# DTAG SEC: Req 3.21-8 describe command('echo $PATH | grep -ci \'\.\'') do its(:stdout) { should match(/^0/) } end -# GIS: Req 3.21-8 +# DTAG SEC: Req 3.21-8 describe file('/etc/login.defs') do its(:content) { should match(%r{^ENV_SUPATH\s+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin}) } end -# GIS: Req 3.21-8 +# DTAG SEC: Req 3.21-8 describe file('/etc/login.defs') do its(:content) { should match(%r{^ENV_PATH\s+PATH=/usr/local/bin:/usr/bin:/bin}) } end -# GIS: Req 3.21-10 +# DTAG SEC: Req 3.21-10 describe file('/etc/login.defs') do its(:content) { should match(/^UMASK +027/) } end -# GIS: Req 3.21-12 +# DTAG SEC: Req 3.21-12 describe 'SUID/ SGID whitelist check' do it 'found only whitelist suid/sgid' do whitelist = [ @@ -116,7 +116,7 @@ end end -# GIS: Req 3.21-16 +# DTAG SEC: Req 3.21-16 describe 'Unique uid' do it 'check for unique uids' do actual = command('cat /etc/passwd | cut -d \':\' -f 3').stdout.split(/\r?\n/) diff --git a/lockdown/serverspec/sysctl_spec.rb b/lockdown/serverspec/sysctl_spec.rb index cb1cd30..6fc488f 100644 --- a/lockdown/serverspec/sysctl_spec.rb +++ b/lockdown/serverspec/sysctl_spec.rb @@ -23,27 +23,27 @@ describe 'IP V4 networking' do - # GIS: Req 3.21-1 + # DTAG SEC: Req 3.21-1 context linux_kernel_parameter('net.ipv4.ip_forward') do its(:value) { should eq 0 } end - # GIS: Req 3.21-1 + # DTAG SEC: Req 3.21-1 context linux_kernel_parameter('net.ipv4.conf.all.forwarding') do its(:value) { should eq 0 } end - # GIS: Req 3.21-3 + # DTAG SEC: Req 3.21-3 context linux_kernel_parameter('net.ipv4.conf.all.rp_filter') do its(:value) { should eq 1 } end - # GIS: Req 3.21-3 ; GIS: Req 3.37-10 + # DTAG SEC: Req 3.21-3 ; DTAG SEC: Req 3.37-10 context linux_kernel_parameter('net.ipv4.conf.default.rp_filter') do its(:value) { should eq 1 } end - # GIS: Req 3.21-1 + # DTAG SEC: Req 3.21-1 context linux_kernel_parameter('net.ipv4.icmp_echo_ignore_broadcasts') do its(:value) { should eq 1 } end @@ -52,7 +52,7 @@ its(:value) { should eq 1 } end - # GIS: Req 3.01-9 + # DTAG SEC: Req 3.01-9 context linux_kernel_parameter('net.ipv4.icmp_ratelimit') do its(:value) { should eq 100 } end @@ -65,12 +65,12 @@ its(:value) { should eq 0 } end - # GIS: Req 3.21-3 + # DTAG SEC: Req 3.21-3 context linux_kernel_parameter('net.ipv4.conf.all.arp_ignore') do its(:value) { should eq 1 } end - # GIS: Req 3.21-3 + # DTAG SEC: Req 3.21-3 context linux_kernel_parameter('net.ipv4.conf.all.arp_announce') do its(:value) { should eq 2 } end @@ -91,12 +91,12 @@ its(:value) { should eq 1 } end - # GIS: Req 3.37-12 + # DTAG SEC: Req 3.37-12 context linux_kernel_parameter('net.ipv4.conf.all.accept_source_route') do its(:value) { should eq 0 } end - # GIS: Req 3.37-12 + # DTAG SEC: Req 3.37-12 context linux_kernel_parameter('net.ipv4.conf.default.accept_source_route') do its(:value) { should eq 0 } end @@ -138,7 +138,7 @@ its(:value) { should eq 1 } end - # GIS: Req 3.21-1 + # DTAG SEC: Req 3.21-1 context linux_kernel_parameter('net.ipv6.conf.all.forwarding') do its(:value) { should eq 0 } end @@ -202,7 +202,7 @@ describe 'ExecShield' do - # GIS: Req 3.21-5 + # DTAG SEC: Req 3.21-5 # check if we find the nx flag if command('cat /proc/cpuinfo').return_stdout?(/^flags.*?:.*? nx( .*?)?$/) true @@ -217,7 +217,7 @@ end end - # GIS: Req 3.21-5 + # DTAG SEC: Req 3.21-5 context linux_kernel_parameter('kernel.randomize_va_space') do its(:value) { should eq 2 } end