New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI: update to ruby 2.4.1 and gem update #164

Merged
merged 4 commits into from Jun 12, 2017
Jump to file or symbol
Failed to load files and symbols.
+61 −20
Diff settings

Always

Just for now

View
@@ -4,6 +4,7 @@
driver:
name: digitalocean
size: 512mb
region: nyc3
transport:
ssh_key: '~/.ssh/ci_id_rsa'
View
@@ -4,6 +4,7 @@ AllCops:
Exclude:
- vendor/**/*
- test/**/*
TargetRubyVersion: 2.1 # we need this because of chef 12.5.1 support
Metrics/AbcSize:
Max: 29
Metrics/LineLength:
@@ -13,13 +14,13 @@ Metrics/MethodLength:
Max: 40
Style/Documentation:
Enabled: false
Style/DotPosition:
Layout/DotPosition:
EnforcedStyle: trailing
Enabled: true
Style/Encoding:
EnforcedStyle: always
Enabled: true
Style/ExtraSpacing:
Layout/ExtraSpacing:
Exclude:
- attributes/default.rb
Style/HashSyntax:
@@ -30,6 +31,11 @@ Style/NumericLiterals:
MinDigits: 10
Style/RegexpLiteral:
AllowInnerSlashes: true
Style/SpaceAroundOperators:
Layout/SpaceAroundOperators:
Exclude:
- attributes/default.rb
Metrics/BlockLength:
Exclude:
- 'spec/**/*'
Style/FrozenStringLiteralComment:
Enabled: false
View
@@ -5,7 +5,7 @@ bundler_args: "--without development"
dist: trusty
cache: bundler
rvm: 2.3.3
rvm: 2.4.1
before_install:
- gem update --system # see https://github.com/bundler/bundler/issues/5357
View
14 Gemfile
@@ -2,21 +2,21 @@
source 'https://rubygems.org'
gem 'berkshelf', '~> 5.3'
gem 'chef', '~> 12.5'
gem 'berkshelf', '~> 6.1'
gem 'chef', '~> 12.5' # chefspec builds get stucked with 13.1
group :test do
gem 'chefspec', '~> 5.3.0'
gem 'chefspec', '~> 7.1.0'
gem 'coveralls', require: false
gem 'foodcritic', '~> 6.0'
gem 'foodcritic', '~> 11.1'
gem 'rake'
gem 'rubocop', '~> 0.46.0'
gem 'rubocop', '~> 0.49.0'
gem 'simplecov', '~> 0.10'
end
group :development do
gem 'guard'
gem 'guard-foodcritic', '~>2.1'
gem 'guard-foodcritic', '~> 3.0'
gem 'guard-rspec'
gem 'guard-rubocop'
end
@@ -29,5 +29,5 @@ group :integration do
end
group :tools do
gem 'github_changelog_generator', '~> 1.12.0'
gem 'github_changelog_generator', '~> 1.14'
end
View
@@ -1,6 +1,7 @@
#!/usr/bin/env rake
# encoding: utf-8
# rubocop:disable Style/SymbolArray
require 'foodcritic'
require 'rspec/core/rake_task'
require 'rubocop/rake_task'
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name:: os-hardening
# Attributes:: default
@@ -76,7 +77,7 @@
default['os-hardening']['auth']['pam']['passwdqc']['options'] = 'min=disabled,disabled,16,12,8'
default['os-hardening']['auth']['pam']['cracklib']['options'] = 'try_first_pass retry=3 type='
default['os-hardening']['auth']['pam']['pwquality']['options'] = 'try_first_pass retry=3 type='
default['os-hardening']['auth']['root_ttys'] = %w(console tty1 tty2 tty3 tty4 tty5 tty6)
default['os-hardening']['auth']['root_ttys'] = %w[console tty1 tty2 tty3 tty4 tty5 tty6]
default['os-hardening']['auth']['uid_min'] = 1000
default['os-hardening']['auth']['gid_min'] = 1000
default['os-hardening']['auth']['sys_uid_min'] = 100
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name:: os-hardening
# Attributes:: sysctl
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name:: os-hardening
# Library:: apt_package_extras
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name:: os-hardening
# Library:: cookbook_version
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name:: os-hardening
# Library:: gpgcheck
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name:: os-hardening
# Library:: suid_sgid
@@ -54,10 +55,10 @@ def self.remove_suid_sgid_from_blacklist(blacklist)
end
def self.remove_suid_sgid_from_unknown(whitelist = [], root = '/', dry_run = false)
all_suid_sgid_files = find_all_suid_sgid_files(root).select do |file|
all_suid_sgid_files = find_all_suid_sgid_files(root).reject do |file|
in_whitelist = whitelist.include?(file)
Chef::Log.info "suid_sgid: Whitelisted file '#{file}', not altering SUID/SGID bit" if in_whitelist && !dry_run
!in_whitelist
in_whitelist
end
all_suid_sgid_files.each do |file|
View
@@ -1,4 +1,5 @@
# encoding: utf-8 # ~FC061
#
# Copyright 2014, Deutsche Telekom AG
#
@@ -18,11 +19,13 @@
name 'os-hardening'
maintainer 'Dominik Richter'
maintainer_email 'dominik.richter@googlemail.com'
license 'Apache 2.0'
license 'Apache-2.0'
description 'Installs and configures operating system hardening'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '2.0.1'
chef_version '>= 12.5' if respond_to?(:chef_version)
supports 'ubuntu', '>= 12.04'
supports 'debian', '>= 6.0'
supports 'centos', '>= 5.0'
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: apt.rb
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: auditd.rb
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: default
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: limits.rb
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: login_defs.rb
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: minimize_access
@@ -20,7 +21,7 @@
# remove write permissions from path folders ($PATH) for all regular users
# this prevents changing any system-wide command from normal users
paths = %w(/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin) + node['os-hardening']['env']['extra_user_paths']
paths = %w[/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin] + node['os-hardening']['env']['extra_user_paths']
paths.each do |folder|
execute "remove write permission from #{folder}" do
command "chmod go-w -R #{folder}"
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: packages.rb
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: pam.rb
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: profile.rb
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: securetty
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: suid_sgid
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: sysctl
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Cookbook Name: os-hardening
# Recipe: pack_yum.rb
@@ -42,7 +43,7 @@
if node['os-hardening']['security']['packages']['clean']
# remove unused repos
%w(CentOS-Debuginfo CentOS-Media CentOS-Vault).each do |repo|
%w[CentOS-Debuginfo CentOS-Media CentOS-Vault].each do |repo|
yum_repository repo do
action :remove
end
@@ -1,4 +1,5 @@
# encoding: UTF-8
#
# Copyright 2017, Artem Sidorenko
#
@@ -1,4 +1,5 @@
# encoding: UTF-8
#
# Copyright 2014, Deutsche Telekom AG
#
@@ -26,9 +27,9 @@
node.normal['cpu']['0']['vendor_id'] = 'GenuineIntel'
node.normal['env']['extra_user_paths'] = []
paths = %w(
paths = %w[
/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin
) + node['env']['extra_user_paths']
] + node['env']['extra_user_paths']
paths.each do |folder|
stub_command(
"find #{folder} -perm -go+w -type f | wc -l | egrep '^0$'"
@@ -1,4 +1,5 @@
# encoding: UTF-8
#
# Copyright 2014, Deutsche Telekom AG
#
@@ -1,4 +1,5 @@
# encoding: UTF-8
#
# Copyright 2014, Deutsche Telekom AG
#
@@ -1,4 +1,5 @@
# encoding: UTF-8
#
# Copyright 2014, Deutsche Telekom AG
#
View
@@ -1,4 +1,5 @@
# encoding: UTF-8
#
# Copyright 2014, Deutsche Telekom AG
#
@@ -1,4 +1,5 @@
# encoding: UTF-8
#
# Copyright 2014, Deutsche Telekom AG
#
@@ -1,4 +1,5 @@
# encoding: UTF-8
#
# Copyright 2014, Deutsche Telekom AG
#
@@ -1,4 +1,5 @@
# encoding: UTF-8
#
# Copyright 2014, Deutsche Telekom AG
#
@@ -1,4 +1,5 @@
# encoding: UTF-8
#
# Copyright 2014, Deutsche Telekom AG
#
View
@@ -1,4 +1,5 @@
# encoding: utf-8
#
# Copyright 2014, Deutsche Telekom AG
#
ProTip! Use n and p to navigate between commits in a pull request.