Skip to content
Example InSpec profile to detect presence of a malicious rest-client gem (CVE-2019-15224)
Ruby Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
controls
habitat
libraries
.gitignore
README.md
inspec.yml

README.md

a malicious rest-client gem

On August 19, 2019, it was discovered that the rest-client gem had had several versions published containing malicious code. In discovering the malicious rest-client, several other new gems were determined to be carrying similar code.

Coverage:

This repo is an example of how one could use InSpec to create controls to audit hosts for the presence of malicious versions of rest-client and for the other gems discovered during the investigation. The checks require a scan of entire filesystem directory structures. Because this is a slow process, it is recommended that these controls should not be added to continuous system checks.

You can’t perform that action at this time.