Merge pull request dev-sec#80 from aried3r/ar/use_dns

Make UseDNS configurable

attributes/default.rb

@@ -65,5 +65,6 @@
 default['ssh']['allow_groups']            = []      # sshd
 default['ssh']['print_motd']              = false   # sshd
 default['ssh']['print_last_log']          = false   # sshd
+default['ssh']['use_dns']                 = true    # sshd
 # set this to nil to let us detect the attribute based on the node platform
 default['ssh']['use_privilege_separation'] = nil

spec/recipes/server_spec.rb

@@ -471,4 +471,24 @@
         .with_content(/DenyUsers [^#]*\bsomeuser otheruser\b/)
     end
   end
+
+  context 'without attribute use_dns' do
+    it 'sets UseDNS to the default' do
+      expect(chef_run).to render_file('/etc/ssh/sshd_config')
+        .with_content(/UseDNS yes/)
+    end
+  end
+
+  context 'with attribute use_dns' do
+    cached(:chef_run) do
+      ChefSpec::ServerRunner.new do |node|
+        node.set['ssh']['use_dns'] = false
+      end.converge(described_recipe)
+    end
+
+    it 'sets UseDNS correctly' do
+      expect(chef_run).to render_file('/etc/ssh/sshd_config')
+        .with_content(/UseDNS no/)
+    end
+  end
 end

templates/default/opensshd.conf.erb

@@ -185,7 +185,7 @@ X11UseLocalhost yes
 PrintMotd <%= ((@node['ssh']['print_motd']) ? 'yes' : 'no' ) %>
 PrintLastLog <%= ((@node['ssh']['print_last_log']) ? 'yes' : 'no' ) %>
 #Banner /etc/ssh/banner.txt
-#UseDNS yes
+UseDNS <%= ((@node['ssh']['use_dns']) ? 'yes' : 'no' ) %>
 #PidFile /var/run/sshd.pid
 #MaxStartups 10
 #ChrootDirectory none
@@ -205,5 +205,3 @@ PrintLastLog <%= ((@node['ssh']['print_last_log']) ? 'yes' : 'no' ) %>
 #PasswordAuthentication no
 #PermitRootLogin no
 #X11Forwarding no
-
-