You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Logged in as vagrant, I first tried using the following control, but it failed.
control"cis-4-5-3"doimpact1.0title"4.5.3 Verify Permissions on /etc/hosts.allow (Scored)"desc"It is critical to ensure that the /etc/hosts.allow file is protected from unauthorized write access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions."describefile('/etc/hosts.allow')doits('owner'){shouldeq'root'}its('mode'){shouldeq644}endend
I tried remediating in Chef with Kitchen using this, but it still failed.
control"cis-4-5-3"doimpact1.0title"4.5.3 Verify Permissions on /etc/hosts.allow (Scored)"desc"It is critical to ensure that the /etc/hosts.allow file is protected from unauthorized write access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions."describefile("/etc/hosts.allow")doit{shouldexist}it{should_notbe_executable.by"group"}it{shouldbe_readable.by"group"}it{should_notbe_writable.by"group"}it{should_notbe_executable.by"other"}it{shouldbe_readable.by"other"}it{should_notbe_writable.by"other"}it{should_notbe_executable.by"owner"}it{shouldbe_readable.by"owner"}it{shouldbe_writable.by"owner"}endend
And it passed. But I'm curious as to why the mode matcher didn't work. I thought at first it was because I was logged in as vagrant, perhaps, but even through Chef it didn't work. Does running through Chef change the root?
InSpec and Platform Version
InSpec version 0.21.3
CentOS 6
Replication Case
See above
Possible Solutions
Just wondering if this has something to do with being logged in as vagrant or if it's more to do with the control. I was surprised when I looked at the "official" profile for CentOS 6 that it didn't check for mode but rather checked for group, other, and owner permissions. The mode matcher seems simpler.
The text was updated successfully, but these errors were encountered:
Description
Logged in as vagrant, I first tried using the following control, but it failed.
I tried remediating in Chef with Kitchen using this, but it still failed.
And finally I used
And it passed. But I'm curious as to why the mode matcher didn't work. I thought at first it was because I was logged in as vagrant, perhaps, but even through Chef it didn't work. Does running through Chef change the root?
InSpec and Platform Version
InSpec version 0.21.3
CentOS 6
Replication Case
See above
Possible Solutions
Just wondering if this has something to do with being logged in as vagrant or if it's more to do with the control. I was surprised when I looked at the "official" profile for CentOS 6 that it didn't check for mode but rather checked for group, other, and owner permissions. The mode matcher seems simpler.
The text was updated successfully, but these errors were encountered: