a malicious rest-client gem
On August 19, 2019, it was discovered that the
rest-client gem had had several versions published containing malicious code. In discovering the malicious
rest-client, several other new gems were determined to be carrying similar code.
This repo is an example of how one could use InSpec to create controls to audit hosts for the presence of malicious versions of
rest-client and for the other gems discovered during the investigation. The checks require a scan of entire filesystem directory structures. Because this is a slow process, it is recommended that these controls should not be added to continuous system checks.