Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Send and Accept locale environment variables #167

Merged
merged 1 commit into from Feb 2, 2017

Conversation

@mikemoate
Copy link
Member

commented Jan 31, 2017

Fixes #160

@mikemoate mikemoate requested a review from artem-sidorenko Jan 31, 2017
@coveralls

This comment has been minimized.

Copy link

commented Jan 31, 2017

Coverage Status

Coverage remained the same at 100.0% when pulling 0632a9a on mikemoate:issue_160_locale into b882cdd on dev-sec:master.

@mikemoate

This comment has been minimized.

Copy link
Member Author

commented Jan 31, 2017

@artem-sidorenko tests seem to fail on Oracle only, I'm not sure why, and I can't see how to view the specific failures in Travis?

@artem-sidorenko

This comment has been minimized.

Copy link
Member

commented Jan 31, 2017

@mikemoate you just click the failed job and can see the log: https://travis-ci.org/dev-sec/chef-ssh-hardening/jobs/196915943

I looks totally unrelated to your changes and actually looks like master should be also broken. I will have a look

@artem-sidorenko

This comment has been minimized.

Copy link
Member

commented Jan 31, 2017

it looks like this is related to the fix within train: inspec/train@6b5d582

We have to add oracle platform to the ssh-baseline, I'll create a PR

@mikemoate

This comment has been minimized.

Copy link
Member Author

commented Jan 31, 2017

OK thanks. I could see the Travis logs but not the details of the failing test cases.

Now I realise they are just very un-obvious (compared to the test passed lines which are highlighted red), maybe I'll give TravisCI some feedback :-)

@artem-sidorenko

This comment has been minimized.

Copy link
Member

commented Jan 31, 2017

@mikemoate I guess this color problem is related somehow to the bash-color done by inspec. Usually it looks properly

@artem-sidorenko

This comment has been minimized.

Copy link
Member

commented Jan 31, 2017

@mikemoate the dev-sec/ssh-baseline#80 should fix the tests

@@ -112,3 +112,6 @@ Compression yes

# http://undeadly.org/cgi?action=article&sid=20160114142733
UseRoaming <%= @node['ssh-hardening']['ssh']['client']['roaming'] ? 'yes' : 'no' %>

#Send locale environment variables
SendEnv LANG LC_* LANGUAGE

This comment has been minimized.

Copy link
@artem-sidorenko

artem-sidorenko Jan 31, 2017

Member

Could we have it configurable? Some attribute like ['ssh-hardening']['ssh']['client']['send_env'] as with ['LANG', 'LC_*', 'LANGUAGE'] as default in the attributes/default.rb

@@ -193,6 +193,9 @@ UseDNS <%= ((@node['ssh-hardening']['ssh']['server']['use_dns']) ? 'yes' : 'no'
#ChrootDirectory none
#ChrootDirectory /home/%u

#Accept locale environment variables
AcceptEnv LANG LC_* LANGUAGE

This comment has been minimized.

Copy link
@artem-sidorenko

artem-sidorenko Jan 31, 2017

Member

Could we have it configurable too? Attribute like ['ssh-hardening']['ssh']['server']['accept_env'] with ['LANG', 'LC_*', 'LANGUAGE'] as default in the attributes/default.rb would be cool

@@ -64,6 +64,11 @@
)
end

it 'accepts locale environment variables' do
expect(chef_run).to render_file('/etc/ssh/sshd_config').
with_content('AcceptEnv LANG LC_* LANGUAGE')

This comment has been minimized.

Copy link
@artem-sidorenko

artem-sidorenko Jan 31, 2017

Member

If you implement it as attribute, could you please add the second test: to verify the attribute change? Good example is here for allow_root_with_key attribute

@artem-sidorenko

This comment has been minimized.

Copy link
Member

commented Jan 31, 2017

Thank you for this PR! I've added some comments:)

@coveralls

This comment has been minimized.

Copy link

commented Feb 1, 2017

Coverage Status

Coverage remained the same at 100.0% when pulling a9adb7d on mikemoate:issue_160_locale into b882cdd on dev-sec:master.

@mikemoate

This comment has been minimized.

Copy link
Member Author

commented Feb 1, 2017

@artem-sidorenko I think this covers everything you asked for now.

@artem-sidorenko

This comment has been minimized.

Copy link
Member

commented Feb 2, 2017

@mikemoate looks good to me, could you please also cleanup the commit history by squashing the commits?

Use attributes to set the environment variables that ssh client should send and that ssh daemon should accept.
The primary use case here is for locale, and the default attribute value reflects this (as discussed in #160).

Chefspec tests cover the default, custom/overriden and empty cases for the attributes.
@mikemoate mikemoate force-pushed the mikemoate:issue_160_locale branch from a9adb7d to d5d7ea6 Feb 2, 2017
@coveralls

This comment has been minimized.

Copy link

commented Feb 2, 2017

Coverage Status

Coverage remained the same at 100.0% when pulling d5d7ea6 on mikemoate:issue_160_locale into b882cdd on dev-sec:master.

@mikemoate

This comment has been minimized.

Copy link
Member Author

commented Feb 2, 2017

@artem-sidorenko squashed as requested.

@artem-sidorenko artem-sidorenko merged commit 41d98b3 into dev-sec:master Feb 2, 2017
2 checks passed
2 checks passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage remained the same at 100.0%
Details
@artem-sidorenko

This comment has been minimized.

Copy link
Member

commented Feb 2, 2017

@mikemoate thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.