Skip to content

Use native severspec functions to check uid and gid of files #134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
schurzi merged 6 commits into from
Nov 14, 2022
Merged

Use native severspec functions to check uid and gid of files #134

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3089a46
Fix gid
spencer-cdw Nov 2, 2022
d2c3fc9
Refactor UID
spencer-cdw Nov 3, 2022
4f62bd3
chown back to root
spencer-cdw Nov 3, 2022
1651362
revert should include gid
spencer-cdw Nov 3, 2022
5dccdd9
Merge branch 'master' into fix_gid
spencer-cdw Nov 8, 2022
2354cdd
undo failure for 42
spencer-cdw Nov 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions controls/1_4_secure_boot_settings.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@
it { should_not be_readable.by 'other' }
it { should_not be_writable.by 'other' }
it { should_not be_executable.by 'other' }
its(:gid) { should cmp 0 }
its(:uid) { should cmp 0 }
it { should be_grouped_into 'root' }
it { should be_owned_by 'root' }
end
end
end
Expand Down
28 changes: 14 additions & 14 deletions controls/5_1_configure_cron.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,8 @@
it { should_not be_readable.by 'other' }
it { should_not be_writable.by 'other' }
it { should_not be_executable.by 'other' }
its('uid') { should cmp 0 }
its('gid') { should cmp 0 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end

Expand Down Expand Up @@ -102,8 +102,8 @@
it { should_not be_readable.by 'other' }
it { should_not be_writable.by 'other' }
it { should_not be_executable.by 'other' }
its('uid') { should cmp 0 }
its('gid') { should cmp 0 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end

Expand Down Expand Up @@ -134,8 +134,8 @@
it { should_not be_readable.by 'other' }
it { should_not be_writable.by 'other' }
it { should_not be_executable.by 'other' }
its('uid') { should cmp 0 }
its('gid') { should cmp 0 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end

Expand Down Expand Up @@ -166,8 +166,8 @@
it { should_not be_readable.by 'other' }
it { should_not be_writable.by 'other' }
it { should_not be_executable.by 'other' }
its('uid') { should cmp 0 }
its('gid') { should cmp 0 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end

Expand Down Expand Up @@ -198,8 +198,8 @@
it { should_not be_readable.by 'other' }
it { should_not be_writable.by 'other' }
it { should_not be_executable.by 'other' }
its('uid') { should cmp 0 }
its('gid') { should cmp 0 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end

Expand Down Expand Up @@ -231,8 +231,8 @@
it { should_not be_readable.by 'other' }
it { should_not be_writable.by 'other' }
it { should_not be_executable.by 'other' }
its('uid') { should cmp 0 }
its('gid') { should cmp 0 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end

Expand Down Expand Up @@ -272,8 +272,8 @@
it { should_not be_readable.by 'other' }
it { should_not be_writable.by 'other' }
it { should_not be_executable.by 'other' }
its('uid') { should cmp 0 }
its('gid') { should cmp 0 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end
end
12 changes: 6 additions & 6 deletions controls/5_2_ssh_server_configuration.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@
it { should_not be_readable.by 'other' }
it { should_not be_writable.by 'other' }
it { should_not be_executable.by 'other' }
its('uid') { should cmp 0 }
its('gid') { should cmp 0 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end

Expand All @@ -69,8 +69,8 @@
it { should_not be_readable.by 'other' }
it { should_not be_writable.by 'other' }
it { should_not be_executable.by 'other' }
its('gid') { should cmp 0 }
its('uid') { should cmp 0 }
it { should be_grouped_into 'root' }
it { should be_owned_by 'root' }
end
end
end
Expand All @@ -96,8 +96,8 @@
it { should be_readable.by 'other' }
it { should_not be_writable.by 'other' }
it { should_not be_executable.by 'other' }
its('gid') { should cmp 0 }
its('uid') { should cmp 0 }
it { should be_grouped_into 'root' }
it { should be_owned_by 'root' }
end
end
end
Expand Down
32 changes: 16 additions & 16 deletions controls/6_1_system_file_permissions.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,8 +107,8 @@
describe file(f) do
it { should exist }
its('mode') { should cmp '0644' }
its('uid') { should cmp 0 }
its('gid') { should cmp 0 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its('sticky') { should equal false }
its('suid') { should equal false }
its('sgid') { should equal false }
Expand Down Expand Up @@ -138,8 +138,8 @@
describe file(f) do
it { should exist }
it { should_not be_more_permissive_than('0640') }
its('uid') { should cmp 0 }
its('gid') { should cmp expected_gid }
it { should be_owned_by 'root' }
it { should be_grouped_into expected_gid }
end
end
end
Expand Down Expand Up @@ -167,8 +167,8 @@
describe file(f) do
it { should exist }
its('mode') { should cmp '0644' }
its('uid') { should cmp 0 }
its('gid') { should cmp 0 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end
end
Expand Down Expand Up @@ -197,8 +197,8 @@
describe file(f) do
it { should exist }
it { should_not be_more_permissive_than('0640') }
its('uid') { should cmp 0 }
its('gid') { should cmp expected_gid }
it { should be_owned_by 'root' }
it { should be_grouped_into expected_gid }
end
end
end
Expand All @@ -222,8 +222,8 @@
describe file('/etc/passwd-') do
it { should exist }
it { should_not be_more_permissive_than('0600') }
its('uid') { should cmp 0 }
its('gid') { should cmp 0 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end

Expand All @@ -246,8 +246,8 @@
it { should exist }
it { should_not be_more_permissive_than('0640') }

its('uid') { should cmp 0 }
its('gid') { should cmp expected_gid }
it { should be_owned_by 'root' }
it { should be_grouped_into expected_gid }
end
end

Expand All @@ -270,8 +270,8 @@
describe file('/etc/group-') do
it { should exist }
it { should_not be_more_permissive_than('0644') }
its('uid') { should cmp 0 }
its('gid') { should cmp 0 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end

Expand All @@ -295,8 +295,8 @@
describe file('/etc/gshadow-') do
it { should exist }
it { should_not be_more_permissive_than('0640') }
its('uid') { should cmp 0 }
its('gid') { should cmp expected_gid }
it { should be_owned_by 'root' }
it { should be_grouped_into expected_gid }
end
end

Expand Down
4 changes: 2 additions & 2 deletions controls/6_2_user_and_group_settings.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@
it { should be_directory }
it { should_not be_writable.by 'group' }
it { should_not be_writable.by 'other' }
its('uid') { should cmp 0 }
it { should be_owned_by 'root' }
end
end
end
Expand Down Expand Up @@ -384,7 +384,7 @@
describe.one do
group_files.each do |gf|
describe etc_group(gf) do
its(:gids) { should include gid }
it { should be_grouped_into gid }
Comment thread
spencer-cdw marked this conversation as resolved.
Outdated
end
end
end
Expand Down