Skip to content

Use inspec.input to load the attribute #168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chris-rock merged 3 commits into from
May 20, 2020
Merged

Use inspec.input to load the attribute #168

chris-rock merged 3 commits into from
May 20, 2020

Conversation

@micheelengronne
Copy link
Member

@micheelengronne micheelengronne commented May 19, 2020

No description provided.

@micheelengronne micheelengronne force-pushed the micheelengronne-patch-2 branch from f5c1c19 to 78f35b3 Compare May 19, 2020 19:44
@micheelengronne micheelengronne mentioned this pull request May 20, 2020
Closed
chris-rock
chris-rock reviewed May 20, 2020
View reviewed changes
libraries/ssh_crypto.rb Outdated
# returns the hostkeys value based on valid_algorithms
def valid_hostkeys
hostkeys = valid_algorithms.map { |alg| "#{sshd_custom_path}/ssh_host_#{alg}_key" }
hostkeys = valid_algorithms.map { |alg| "#{inspec.input('sshd_custom_path')}/ssh_host_#{alg}_key" }
Copy link
Member

@chris-rock chris-rock May 20, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since only one test is affected we should probably move that logic directly to the control:

ssh-baseline/controls/sshd_spec.rb

Lines 183 to 190 in fef3eb4

control 'sshd-14' do
impact 1.0
title 'Server: Specify SSH HostKeys'
desc 'Specify HostKey for protection against Man-In-The-Middle Attacks'
describe sshd_config(sshd_custom_path + '/sshd_config') do
its('HostKey') { should cmp ssh_crypto.valid_hostkeys }
end
end

It will also be easier for the reader of the control to understand what the control is actually doing

@micheelengronne micheelengronne force-pushed the micheelengronne-patch-2 branch from 30d0a05 to e1769c5 Compare May 20, 2020 08:20
chris-rock
chris-rock reviewed May 20, 2020
View reviewed changes
controls/sshd_spec.rb Outdated
end

sshd_valid_hostkeys = ssh_crypto.valid_algorithms.map { |alg| "#{sshd_custom_path}/ssh_host_#{alg}_key" }
sshd_valid_hostkeys = sshd_valid_hostkeys[0] if sshd_valid_hostkeys.length == 1
Copy link
Member

@chris-rock chris-rock May 20, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that code should be part of the control similar to: https://github.com/dev-sec/linux-baseline/blob/master/controls/sysctl_spec.rb#L388-L411

Copy link
Member Author

@micheelengronne micheelengronne May 20, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is normally solved in the last commit.

@micheelengronne
code in control
472f522 
Signed-off-by: Michée Lengronne <[email protected]>
chris-rock
chris-rock approved these changes May 20, 2020
View reviewed changes
Copy link
Member

@chris-rock chris-rock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great fix. Thank you for the quick turn-around @micheelengronne

@chris-rock chris-rock merged commit 3849c52 into master May 20, 2020
@chris-rock chris-rock deleted the micheelengronne-patch-2 branch May 20, 2020 08:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chris-rock chris-rock chris-rock approved these changes

@rndmh3ro rndmh3ro Awaiting requested review from rndmh3ro

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@micheelengronne @chris-rock