Commit b0c623e

authored

Merge pull request #215 from dev-sec/inspec6

ensure compatibility with new inspec version

2 parents aac02aa + 67e292e commit b0c623eCopy full SHA for b0c623e

File tree

3 files changed

+49

-16

lines changed

controls
- ssh_spec.rb
- sshd_spec.rb
inspec.yml

3 files changed

+49

-16

lines changed

`‎controls/ssh_spec.rb‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,8 +24,8 @@`
`24`	`24`	`command('ssh').exist?`
`25`	`25`	`end`
`26`	`26`
`27`		`-ssh_custom_user = input('ssh_custom_user', value: 'root',description: 'The SSH user is not always root. It must be an unprivileged user in a container')`
`28`		`-ssh_custom_path = input('ssh_custom_path', value: '/etc/ssh',description: 'Sometimes ssh configuration files are present in another location and ssh use them with the -f flag')`
	`27`	`+ssh_custom_user = input('ssh_custom_user', value: 'root')`
	`28`	`+ssh_custom_path = input('ssh_custom_path', value: '/etc/ssh')`
`29`	`29`
`30`	`30`	`control 'ssh-01' do`
`31`	`31`	`impact 1.0`

`‎controls/sshd_spec.rb‎`

Lines changed: 14 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,20 +20,20 @@`
`20`	`20`
`21`	`21`	`title 'SSH server config'`
`22`	`22`
`23`		`-sshd_valid_ciphers = input('sshd_valid_ciphers', value: ssh_crypto.valid_ciphers,description: 'Expected value for sshd_config ciphers')`
`24`		`-sshd_valid_kexs = input('sshd_valid_kexs', value: ssh_crypto.valid_kexs,description: 'Expected value for sshd_config kexs')`
`25`		`-sshd_valid_macs = input('sshd_valid_macs', value: ssh_crypto.valid_macs,description: 'Expected value for sshd_config macs')`
`26`		`-sshd_permittunnel = input('sshd_permittunnel', value: 'no',description: 'Expected value for sshd_config PermitTunnel')`
`27`		`-sshd_tcpforwarding = input('sshd_tcpforwarding', value: 'no',description: 'Expected value for sshd_config TcpForwarding')`
`28`		`-sshd_agentforwarding = input('sshd_agentforwarding', value: 'no',description: 'Expected value for sshd_config AgentForwarding')`
`29`		`-sshd_gatewayports = input('sshd_gatewayports', value: 'no',description: 'Expected value for sshd_config GatewayPorts')`
`30`		`-sshd_x11forwarding = input('sshd_x11forwarding', value: 'no',description: 'Expected value for sshd_config X11Forwarding')`
`31`		`-sshd_banner = input('sshd_banner', value: 'none',description: 'Expected value for sshd_config Banner')`
`32`		`-sshd_max_auth_tries = input('sshd_max_auth_tries', value: 2,description: 'Expected value for max_auth_retries')`
`33`		`-sshd_custom_user = input('sshd_custom_user', value: 'root',description: 'The SSH user is not always root. It must be an unprivileged user in a container')`
`34`		`-sshd_custom_path = input('sshd_custom_path', value: '/etc/ssh',description: 'Sometimes ssh configuration files are present in another location and ssh use them with the -f flag')`
`35`		`-sshd_custom_port = input('sshd_custom_port', value: '22',description: 'Sometimes the ssh port is not 22. For instance, in a container as another user, 22 is forbidden')`
`36`		`-sshd_custom_hostkeys_path = input('sshd_custom_hostkeys_path', value: '/etc/ssh',description: 'Sometimes ssh host keys must be in a particular path, in a clustered environment for instance')`
	`23`	`+sshd_valid_ciphers = input('sshd_valid_ciphers', value: ssh_crypto.valid_ciphers)`
	`24`	`+sshd_valid_kexs = input('sshd_valid_kexs', value: ssh_crypto.valid_kexs)`
	`25`	`+sshd_valid_macs = input('sshd_valid_macs', value: ssh_crypto.valid_macs)`
	`26`	`+sshd_permittunnel = input('sshd_permittunnel', value: 'no')`
	`27`	`+sshd_tcpforwarding = input('sshd_tcpforwarding', value: 'no')`
	`28`	`+sshd_agentforwarding = input('sshd_agentforwarding', value: 'no')`
	`29`	`+sshd_gatewayports = input('sshd_gatewayports', value: 'no')`
	`30`	`+sshd_x11forwarding = input('sshd_x11forwarding', value: 'no')`
	`31`	`+sshd_banner = input('sshd_banner', value: 'none')`
	`32`	`+sshd_max_auth_tries = input('sshd_max_auth_tries', value: 2)`
	`33`	`+sshd_custom_user = input('sshd_custom_user', value: 'root')`
	`34`	`+sshd_custom_path = input('sshd_custom_path', value: '/etc/ssh')`
	`35`	`+sshd_custom_port = input('sshd_custom_port', value: '22')`
	`36`	`+sshd_custom_hostkeys_path = input('sshd_custom_hostkeys_path', value: '/etc/ssh')`
`37`	`37`
`38`	`38`	`sshd_valid_privseparation = if sshd_custom_user != 'root'`
`39`	`39`	`'no'`

`‎inspec.yml‎`

Lines changed: 33 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,3 +10,36 @@ inspec_version: '>= 4.6.3'`
`10`	`10`	`version: 2.8.1`
`11`	`11`	`supports:`
`12`	`12`	`- os-family: unix`
	`13`	`+inputs:`
	`14`	`+ - name: sshd_valid_ciphers`
	`15`	`+ description: Expected value for sshd_config ciphers`
	`16`	`+ - name: sshd_valid_kexs`
	`17`	`+ description: Expected value for sshd_config kexs`
	`18`	`+ - name: sshd_valid_macs`
	`19`	`+ description: Expected value for sshd_config macs`
	`20`	`+ - name: sshd_permittunnel`
	`21`	`+ description: Expected value for sshd_config PermitTunnel`
	`22`	`+ - name: sshd_tcpforwarding`
	`23`	`+ description: Expected value for sshd_config TcpForwarding`
	`24`	`+ - name: sshd_agentforwarding`
	`25`	`+ description: Expected value for sshd_config AgentForwarding`
	`26`	`+ - name: sshd_gatewayports`
	`27`	`+ description: Expected value for sshd_config GatewayPorts`
	`28`	`+ - name: sshd_x11forwarding`
	`29`	`+ description: Expected value for sshd_config X11Forwarding`
	`30`	`+ - name: sshd_banner`
	`31`	`+ description: Expected value for sshd_config Banner`
	`32`	`+ - name: sshd_max_auth_tries`
	`33`	`+ description: Expected value for max_auth_retries`
	`34`	`+ - name: sshd_custom_user`
	`35`	`+ description: The SSH user is not always root. It must be an unprivileged user in a container`
	`36`	`+ - name: sshd_custom_path`
	`37`	`+ description: Sometimes ssh configuration files are present in another location and ssh use them with the -f flag`
	`38`	`+ - name: sshd_custom_port`
	`39`	`+ description: Sometimes the ssh port is not 22. For instance, in a container as another user, 22 is forbidden`
	`40`	`+ - name: sshd_custom_hostkeys_path`
	`41`	`+ description: Sometimes ssh host keys must be in a particular path, in a clustered environment for instance`
	`42`	`+ - name: ssh_custom_user`
	`43`	`+ description: The SSH user is not always root. It must be an unprivileged user in a container`
	`44`	`+ - name: ssh_custom_path`
	`45`	`+ description: Sometimes ssh configuration files are present in another location and ssh use them with the -f flag`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit b0c623e

File tree

3 files changed

3 files changed

`‎controls/ssh_spec.rb‎`

`‎controls/sshd_spec.rb‎`

`‎inspec.yml‎`

0 commit comments