From a3090e0a623c99bc01233eeaf9c8b931912322db Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Fri, 29 Apr 2016 01:27:50 +0200 Subject: [PATCH 1/2] bugfix: use new inspec load mechanism --- controls/ssh_spec.rb | 7 +++---- controls/sshd_spec.rb | 7 +++---- libraries/ssh_crypto.rb | 37 +++++++++++++++++-------------------- 3 files changed, 23 insertions(+), 28 deletions(-) diff --git a/controls/ssh_spec.rb b/controls/ssh_spec.rb index 4d00d2a..f33506d 100644 --- a/controls/ssh_spec.rb +++ b/controls/ssh_spec.rb @@ -20,10 +20,9 @@ title 'SSH client config' -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'libraries')) -require 'ssh_crypto' - -ssh_crypto = SshCrypto.new(os) +only_if do + command('ssh').exist? +end control 'ssh-01' do impact 1.0 diff --git a/controls/sshd_spec.rb b/controls/sshd_spec.rb index fff9449..bbd1e2b 100644 --- a/controls/sshd_spec.rb +++ b/controls/sshd_spec.rb @@ -20,10 +20,9 @@ title 'SSH server config' -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'libraries')) -require 'ssh_crypto' - -ssh_crypto = SshCrypto.new(os) +only_if do + command('sshd').exist? +end control 'sshd-01' do impact 1.0 diff --git a/libraries/ssh_crypto.rb b/libraries/ssh_crypto.rb index f52b312..5e8833b 100644 --- a/libraries/ssh_crypto.rb +++ b/libraries/ssh_crypto.rb @@ -18,11 +18,8 @@ # author: Dominik Richter # author: Patrick Muench -class SshCrypto # rubocop:disable Metrics/ClassLength - attr_reader :os - def initialize(os) - @os = os - end +class SshCrypto < Inspec.resource(1) # rubocop:disable Metrics/ClassLength + name 'ssh_crypto' def valid_ciphers # define a set of default ciphers @@ -31,23 +28,23 @@ def valid_ciphers ciphers = ciphers53 # adjust ciphers based on OS + release - case os[:family] + case inspec.os[:family] when 'ubuntu' - case os[:release] + case inspec.os[:release] when '12.04' ciphers = ciphers53 when '14.04' ciphers = ciphers66 end when 'debian' - case os[:release] + case inspec.os[:release] when /6\./, /7\./ ciphers = ciphers53 when /8\./ ciphers = ciphers66 end when 'redhat' - case os[:release] + case inspec.os[:release] when '6.4', '6.5' ciphers = ciphers53 end @@ -63,16 +60,16 @@ def valid_kexs kex = kex59 # adjust KEXs based on OS + release - case os[:family] + case inspec.os[:family] when 'ubuntu' - case os[:release] + case inspec.os[:release] when '12.04' kex = kex59 when '14.04' kex = kex66 end when 'debian' - case os[:release] + case inspec.os[:release] when /6\./ kex = nil when /7\./ @@ -81,7 +78,7 @@ def valid_kexs kex = kex66 end when 'redhat', 'centos' - case os[:release] + case inspec.os[:release] when '6.4', '6.5', /7\./ kex = nil end @@ -98,16 +95,16 @@ def valid_macs macs = macs59 # adjust MACs based on OS + release - case os[:family] + case inspec.os[:family] when 'ubuntu' - case os[:release] + case inspec.os[:release] when '12.04' macs = macs59 when '14.04' macs = macs66 end when 'debian' - case os[:release] + case inspec.os[:release] when /6\./ macs = macs53 when /7\./ @@ -116,7 +113,7 @@ def valid_macs macs = macs66 end when 'redhat', 'centos' - case os[:release] + case inspec.os[:release] when '6.4', '6.5', /7\./ macs = macs53 end @@ -134,14 +131,14 @@ def valid_privseparation # debian 7.x and newer has ssh 5.9+ # ubuntu 12.04 and newer has ssh 5.9+ - case os[:family] + case inspec.os[:family] when 'debian' - case os[:release] + case inspec.os[:release] when /6\./ ps = ps53 end when 'redhat', 'centos' - case os[:release] + case inspec.os[:release] # redhat/centos/oracle 6.x has ssh 5.3 when /6\./, /7\./ ps = ps53 From f689f174f4555a6ebf57ffe351d96e6969003b72 Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Fri, 29 Apr 2016 01:37:17 +0200 Subject: [PATCH 2/2] remove ansible symlinks --- ansible_1.9 | 1 - ansible_latest | 1 - 2 files changed, 2 deletions(-) delete mode 120000 ansible_1.9 delete mode 120000 ansible_latest diff --git a/ansible_1.9 b/ansible_1.9 deleted file mode 120000 index 331d858..0000000 --- a/ansible_1.9 +++ /dev/null @@ -1 +0,0 @@ -default \ No newline at end of file diff --git a/ansible_latest b/ansible_latest deleted file mode 120000 index 331d858..0000000 --- a/ansible_latest +++ /dev/null @@ -1 +0,0 @@ -default \ No newline at end of file