From 4d838cc2c2b3d59cef4cee1ae69d30902fe9a00b Mon Sep 17 00:00:00 2001 From: Cookstyle Bot Date: Wed, 26 Jan 2022 13:52:06 -0800 Subject: [PATCH] Cookstyle Bot Auto Corrections with Cookstyle 7.31.1 This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.31.1). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases upgrades to newer versions of the Chef Infra Client. ### Chef/Style/CommentFormat - **/attributes/default.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/attributes/default.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/attributes/default.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/attributes/sysctl.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/attributes/sysctl.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/apt_package_extras.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/apt_package_extras.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/apt_package_extras.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/cookbook_version.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/cookbook_version.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/cookbook_version.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/gpgcheck.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/gpgcheck.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/gpgcheck.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/helpers_param.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/helpers_param.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/helpers_param.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/suid_sgid.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/suid_sgid.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/suid_sgid.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/metadata.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/apt.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/apt.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/auditd.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/auditd.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/default.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/default.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/default.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/limits.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/limits.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/login_defs.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/login_defs.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/minimize_access.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/minimize_access.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/packages.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/packages.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/pam.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/pam.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/pam.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/profile.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/profile.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/securetty.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/securetty.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/securetty.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/selinux.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/selinux.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/suid_sgid.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/suid_sgid.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/suid_sgid.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/sysctl.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/sysctl.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/sysctl.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/yum.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/yum.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/auditd_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/default_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/limits_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/login_defs_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/minimize_access_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/pam_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/profile_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/securetty_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/suid_sgid_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/sysctl_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/spec_helper.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/test/fixtures/cookbooks/test/recipes/default.rb:2**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) ### Style/PercentLiteralDelimiters - **/attributes/default.rb:26**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/attributes/default.rb:79**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/attributes/default.rb:127**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/auditd.rb:25**: `%i`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/minimize_access.rb:24**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/minimize_access.rb:75**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/yum.rb:46**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/spec/recipes/default_spec.rb:30**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/spec/recipes/sysctl_spec.rb:375**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/spec/recipes/sysctl_spec.rb:383**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/spec/recipes/sysctl_spec.rb:386**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/spec/recipes/sysctl_spec.rb:397**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) ### Chef/Style/UnnecessaryPlatformCaseStatement - **/attributes/default.rb:89**: Use the platform?() and platform_family?() helpers instead of a case statement that only includes a single when statement. (https://docs.chef.io/workstation/cookstyle/chef_style_unnecessaryplatformcasestatement) - **/attributes/default.rb:112**: Use the platform?() and platform_family?() helpers instead of a case statement that only includes a single when statement. (https://docs.chef.io/workstation/cookstyle/chef_style_unnecessaryplatformcasestatement) - **/attributes/sysctl.rb:95**: Use the platform?() and platform_family?() helpers instead of a case statement that only includes a single when statement. (https://docs.chef.io/workstation/cookstyle/chef_style_unnecessaryplatformcasestatement) - **/recipes/packages.rb:23**: Use the platform?() and platform_family?() helpers instead of a case statement that only includes a single when statement. (https://docs.chef.io/workstation/cookstyle/chef_style_unnecessaryplatformcasestatement) - **/recipes/packages.rb:29**: Use the platform?() and platform_family?() helpers instead of a case statement that only includes a single when statement. (https://docs.chef.io/workstation/cookstyle/chef_style_unnecessaryplatformcasestatement) - **/recipes/selinux.rb:24**: Use the platform?() and platform_family?() helpers instead of a case statement that only includes a single when statement. (https://docs.chef.io/workstation/cookstyle/chef_style_unnecessaryplatformcasestatement) - **/recipes/sysctl.rb:160**: Use the platform?() and platform_family?() helpers instead of a case statement that only includes a single when statement. (https://docs.chef.io/workstation/cookstyle/chef_style_unnecessaryplatformcasestatement) - **/recipes/sysctl.rb:176**: Use the platform?() and platform_family?() helpers instead of a case statement that only includes a single when statement. (https://docs.chef.io/workstation/cookstyle/chef_style_unnecessaryplatformcasestatement) ### Style/WordArray - **/attributes/default.rb:146**: Use `%w` or `%W` for an array of words. (https://rubystyle.guide#percent-w) - **/attributes/default.rb:148**: Use `%w` or `%W` for an array of words. (https://rubystyle.guide#percent-w) ### Style/TrailingCommaInArrayLiteral - **/attributes/default.rb:153**: Put a comma after the last item of a multiline array. (https://rubystyle.guide#no-trailing-array-commas) ### Chef/Style/UsePlatformHelpers - **/attributes/sysctl.rb:98**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) - **/recipes/auditd.rb:26**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) - **/recipes/auditd.rb:27**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) - **/recipes/auditd.rb:28**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) - **/recipes/default.rb:39**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) - **/recipes/default.rb:39**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) - **/recipes/minimize_access.rb:62**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) - **/test/fixtures/cookbooks/test/recipes/default.rb:8**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) ### Layout/DotPosition - **/libraries/suid_sgid.rb:49**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/libraries/suid_sgid.rb:50**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/recipes/sysctl.rb:141**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/recipes/sysctl.rb:142**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/login_defs_spec.rb:61**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/login_defs_spec.rb:62**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/login_defs_spec.rb:63**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/login_defs_spec.rb:64**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/login_defs_spec.rb:65**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/sysctl_spec.rb:376**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/sysctl_spec.rb:387**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/sysctl_spec.rb:391**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) ### Chef/RedundantCode/LongDescriptionMetadata - **/metadata.rb:24**: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata) - **/test/fixtures/cookbooks/test/metadata.rb:6**: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata) ### Chef/RedundantCode/RecipeMetadata - **/metadata.rb:41**: The recipe metadata.rb method is not used and is unnecessary in cookbooks. Recipes should be documented in the cookbook's README.md file instead. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_recipemetadata) - **/metadata.rb:42**: The recipe metadata.rb method is not used and is unnecessary in cookbooks. Recipes should be documented in the cookbook's README.md file instead. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_recipemetadata) - **/metadata.rb:43**: The recipe metadata.rb method is not used and is unnecessary in cookbooks. Recipes should be documented in the cookbook's README.md file instead. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_recipemetadata) - **/metadata.rb:44**: The recipe metadata.rb method is not used and is unnecessary in cookbooks. Recipes should be documented in the cookbook's README.md file instead. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_recipemetadata) - **/metadata.rb:45**: The recipe metadata.rb method is not used and is unnecessary in cookbooks. Recipes should be documented in the cookbook's README.md file instead. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_recipemetadata) - **/metadata.rb:46**: The recipe metadata.rb method is not used and is unnecessary in cookbooks. Recipes should be documented in the cookbook's README.md file instead. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_recipemetadata) - **/metadata.rb:47**: The recipe metadata.rb method is not used and is unnecessary in cookbooks. Recipes should be documented in the cookbook's README.md file instead. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_recipemetadata) - **/metadata.rb:48**: The recipe metadata.rb method is not used and is unnecessary in cookbooks. Recipes should be documented in the cookbook's README.md file instead. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_recipemetadata) - **/metadata.rb:49**: The recipe metadata.rb method is not used and is unnecessary in cookbooks. Recipes should be documented in the cookbook's README.md file instead. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_recipemetadata) ### Chef/RedundantCode/MultiplePlatformChecks - **/recipes/default.rb:39**: You can pass multiple values to the platform? and platform_family? helpers instead of calling the helpers multiple times. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_multipleplatformchecks) ### Chef/Style/IncludeRecipeWithParentheses - **/recipes/packages.rb:25**: There is no need to wrap the recipe in parentheses when using the include_recipe helper (https://docs.chef.io/workstation/cookstyle/#includerecipewithparentheses) - **/recipes/packages.rb:31**: There is no need to wrap the recipe in parentheses when using the include_recipe helper (https://docs.chef.io/workstation/cookstyle/#includerecipewithparentheses) ### Chef/Correctness/IncorrectLibraryInjection - **/recipes/sysctl.rb:23**: Libraries should be injected into the Chef::DSL::Recipe class and not Chef::Recipe or Chef::Provider classes directly. (https://docs.chef.io/workstation/cookstyle/chef_correctness_incorrectlibraryinjection) ### Style/TrailingCommaInHashLiteral - **/spec/recipes/login_defs_spec.rb:55**: Put a comma after the last item of a multiline hash. - **/spec/recipes/securetty_spec.rb:33**: Put a comma after the last item of a multiline hash. ### Chef/Deprecations/ChefSpecCoverageReport - **/spec/spec_helper.rb:25**: Don't use the deprecated ChefSpec coverage report functionality in your specs. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_chefspeccoveragereport) ### Layout/EmptyLines - **/spec/spec_helper.rb:26**: Extra blank line detected. (https://rubystyle.guide#two-or-more-empty-lines) Signed-off-by: Cookstyle --- attributes/default.rb | 32 +++++++++---------- attributes/sysctl.rb | 9 +++--- libraries/apt_package_extras.rb | 6 ++-- libraries/cookbook_version.rb | 6 ++-- libraries/gpgcheck.rb | 6 ++-- libraries/helpers_param.rb | 6 ++-- libraries/suid_sgid.rb | 12 +++---- metadata.rb | 13 +------- recipes/apt.rb | 4 +-- recipes/auditd.rb | 12 +++---- recipes/default.rb | 8 ++--- recipes/limits.rb | 4 +-- recipes/login_defs.rb | 4 +-- recipes/minimize_access.rb | 10 +++--- recipes/packages.rb | 14 +++----- recipes/pam.rb | 6 ++-- recipes/profile.rb | 4 +-- recipes/securetty.rb | 6 ++-- recipes/selinux.rb | 7 ++-- recipes/suid_sgid.rb | 6 ++-- recipes/sysctl.rb | 20 ++++++------ recipes/yum.rb | 6 ++-- spec/recipes/auditd_spec.rb | 2 +- spec/recipes/default_spec.rb | 6 ++-- spec/recipes/limits_spec.rb | 2 +- spec/recipes/login_defs_spec.rb | 16 +++++----- spec/recipes/minimize_access_spec.rb | 2 +- spec/recipes/pam_spec.rb | 2 +- spec/recipes/profile_spec.rb | 2 +- spec/recipes/securetty_spec.rb | 4 +-- spec/recipes/suid_sgid_spec.rb | 2 +- spec/recipes/sysctl_spec.rb | 22 ++++++------- spec/spec_helper.rb | 3 +- test/fixtures/cookbooks/test/metadata.rb | 1 - .../cookbooks/test/recipes/default.rb | 4 +-- 35 files changed, 122 insertions(+), 147 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index 68071a2d..059a9323 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true # -# Cookbook Name:: os-hardening +# Cookbook:: os-hardening # Attributes:: default # -# Copyright 2012, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +23,7 @@ default['os-hardening'].tap do |os_hardening| # components of this cookbook - %w[packages limits login_defs minimize_access pam profile securetty].each do |cp| + %w(packages limits login_defs minimize_access pam profile securetty).each do |cp| os_hardening['components'][cp] = true end @@ -76,7 +76,7 @@ auth['timeout'] = 60 auth['allow_homeless'] = false auth['login_defs']['template_cookbook'] = 'os-hardening' - auth['root_ttys'] = %w[console tty1 tty2 tty3 tty4 tty5 tty6] + auth['root_ttys'] = %w(console tty1 tty2 tty3 tty4 tty5 tty6) auth['uid_min'] = 1000 auth['uid_max'] = 60000 auth['gid_min'] = 1000 @@ -86,8 +86,7 @@ # PAM settings auth['pam'].tap do |pam| - case node['platform_family'] - when 'rhel', 'fedora', 'amazon' + if platform_family?('rhel', 'fedora', 'amazon') if node['platform_version'].to_f < 7 pam['passwdqc']['enable'] = true pam['pwquality']['enable'] = false @@ -109,8 +108,7 @@ end # RH has a bit different defaults on some places - case node['platform_family'] - when 'rhel', 'amazon' + if platform_family?('rhel', 'amazon') os_hardening['env']['umask'] = '077' os_hardening['auth']['sys_uid_min'] = 201 os_hardening['auth']['sys_gid_min'] = 201 @@ -124,7 +122,7 @@ # may contain: change_user security['users']['allow'] = [] security['kernel']['enable_module_loading'] = true - security['kernel']['disable_filesystems'] = %w[cramfs freevxfs jffs2 hfs hfsplus squashfs udf vfat] + security['kernel']['disable_filesystems'] = %w(cramfs freevxfs jffs2 hfs hfsplus squashfs udf vfat) security['kernel']['enable_sysrq'] = false security['kernel']['enable_core_dump'] = false security['suid_sgid']['enforce'] = true @@ -145,13 +143,13 @@ # remove packages with known issues security['packages']['clean'] = true # list of packages with known issues - security['packages']['list'] = [ - 'xinetd', - 'inetd', - 'ypserv', - 'telnet-server', - 'rsh-server' - ] + security['packages']['list'] = %w( + xinetd + inetd + ypserv + telnet-server + rsh-server + ) # SELinux enforcing (enforcing, permissive, unmanaged) security['selinux_mode'] = 'unmanaged' diff --git a/attributes/sysctl.rb b/attributes/sysctl.rb index abc71aa6..1e1bf6d3 100644 --- a/attributes/sysctl.rb +++ b/attributes/sysctl.rb @@ -1,10 +1,10 @@ # frozen_string_literal: true # -# Cookbook Name:: os-hardening +# Cookbook:: os-hardening # Attributes:: sysctl # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -92,10 +92,9 @@ default['sysctl']['params']['net']['ipv6']['conf']['default']['accept_ra'] = 0 # ExecShield protection against buffer overflows -case node['platform_family'] -when 'rhel', 'fedora' +if platform_family?('rhel', 'fedora') # on Oracle Linux with UEK it is not available; this helps address UEK on Oracle Linux 6 - is_oracle_uek = (node['platform'] == 'oracle' && node['kernel']['release'] =~ /^4\..*uek/) + is_oracle_uek = (platform?('oracle') && node['kernel']['release'] =~ /^4\..*uek/) # on RHEL 7 its enabled per default and can't be disabled if node['platform_version'].to_f < 7 && !is_oracle_uek diff --git a/libraries/apt_package_extras.rb b/libraries/apt_package_extras.rb index 5c208fd3..29e38edb 100644 --- a/libraries/apt_package_extras.rb +++ b/libraries/apt_package_extras.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true # -# Cookbook Name:: os-hardening +# Cookbook:: os-hardening # Library:: apt_package_extras # -# Copyright 2008, Chef Software, Inc. -# Copyright 2015, Hardening Framework Team +# Copyright:: 2008, Chef Software, Inc. +# Copyright:: 2015, Hardening Framework Team # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/cookbook_version.rb b/libraries/cookbook_version.rb index 20faa6e6..a3d31b22 100644 --- a/libraries/cookbook_version.rb +++ b/libraries/cookbook_version.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true # -# Cookbook Name:: os-hardening +# Cookbook:: os-hardening # Library:: cookbook_version # -# Copyright 2014, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/gpgcheck.rb b/libraries/gpgcheck.rb index 633b64fa..b1b80810 100644 --- a/libraries/gpgcheck.rb +++ b/libraries/gpgcheck.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true # -# Cookbook Name:: os-hardening +# Cookbook:: os-hardening # Library:: gpgcheck # -# Copyright 2012, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/helpers_param.rb b/libraries/helpers_param.rb index b75bfd18..2a48af6c 100644 --- a/libraries/helpers_param.rb +++ b/libraries/helpers_param.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true # -# Cookbook Name:: os-hardening +# Cookbook:: os-hardening # Library:: gpgcheck # -# Copyright 2012, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/suid_sgid.rb b/libraries/suid_sgid.rb index 07ce36aa..f7fd119b 100644 --- a/libraries/suid_sgid.rb +++ b/libraries/suid_sgid.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true # -# Cookbook Name:: os-hardening +# Cookbook:: os-hardening # Library:: suid_sgid # -# Copyright 2012, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -46,9 +46,9 @@ def self.find_all_suid_sgid_files(start_at = '/') end def self.remove_suid_sgid_from_blacklist(blacklist) - blacklist. - select { |file| File.exist?(file) }. - each do |file| + blacklist + .select { |file| File.exist?(file) } + .each do |file| Chef::Log.info "suid_sgid: Blacklist SUID/SGID for '#{file}', removing bit..." remove_suid_sgid_from(file) end diff --git a/metadata.rb b/metadata.rb index b8094cdf..e5971cac 100644 --- a/metadata.rb +++ b/metadata.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ maintainer_email 'artem@posteo.de' license 'Apache-2.0' description 'Installs and configures operating system hardening' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '4.0.0' source_url 'https://github.com/dev-sec/chef-os-hardening' issues_url 'https://github.com/dev-sec/chef-os-hardening/issues' @@ -37,13 +36,3 @@ supports 'fedora', '>= 28.0' supports 'suse' supports 'opensuseleap', '>= 42.1' - -recipe 'os-hardening::default', 'harden the operating system (all recipes)' -recipe 'os-hardening::limits', 'prevent core dumps' -recipe 'os-hardening::login_defs', 'harden /etc/login.defs' -recipe 'os-hardening::minimize_access', 'enforce minimal file permissions' -recipe 'os-hardening::pam', 'configure sane values for PAM' -recipe 'os-hardening::profile', 'harden settings in /etc/profile.d' -recipe 'os-hardening::securetty', 'limit the allowed TTYs for root login' -recipe 'os-hardening::suid_sgid', 'reduce SUID and SGID bits in the filesystem' -recipe 'os-hardening::sysctl', 'set sane sysctl values' diff --git a/recipes/apt.rb b/recipes/apt.rb index 4b208c2d..e1c66b66 100644 --- a/recipes/apt.rb +++ b/recipes/apt.rb @@ -1,10 +1,10 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: apt.rb # -# Copyright 2015, Hardening Framework Team +# Copyright:: 2015, Hardening Framework Team # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/recipes/auditd.rb b/recipes/auditd.rb index 4dc332e0..6013f478 100644 --- a/recipes/auditd.rb +++ b/recipes/auditd.rb @@ -1,10 +1,10 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: auditd.rb # -# Copyright 2017, Artem Sidorenko +# Copyright:: 2017, Artem Sidorenko # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,10 +22,10 @@ package node['os-hardening']['packages']['auditd'] service 'auditd' do - supports %i[start stop restart reload status] - if (node['platform_family'] == 'rhel' && node['platform_version'].to_f >= 7) || - (node['platform_family'] == 'fedora' && node['platform_version'].to_f >= 27) || - (node['platform_family'] == 'amazon' && node['platform_version'].to_f >= 2) + supports %i(start stop restart reload status) + if (platform_family?('rhel') && node['platform_version'].to_f >= 7) || + (platform_family?('fedora') && node['platform_version'].to_f >= 27) || + (platform_family?('amazon') && node['platform_version'].to_f >= 2) restart_command 'service auditd restart' end action [:enable] diff --git a/recipes/default.rb b/recipes/default.rb index ee1a8601..6584d974 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: default # -# Copyright 2012, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -36,7 +36,7 @@ # selinux should be included only on RH based systems node.default['os-hardening']['components']['selinux'] = - node['platform_family'] == 'rhel' || node['platform_family'] == 'fedora' + platform_family?('rhel', 'fedora') end # include all required components diff --git a/recipes/limits.rb b/recipes/limits.rb index 1962f6d4..cd5eadf5 100644 --- a/recipes/limits.rb +++ b/recipes/limits.rb @@ -1,10 +1,10 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: limits.rb # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/recipes/login_defs.rb b/recipes/login_defs.rb index 471368b9..0437f87e 100644 --- a/recipes/login_defs.rb +++ b/recipes/login_defs.rb @@ -1,10 +1,10 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: login_defs.rb # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/recipes/minimize_access.rb b/recipes/minimize_access.rb index 428196e3..57c02c88 100644 --- a/recipes/minimize_access.rb +++ b/recipes/minimize_access.rb @@ -1,10 +1,10 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: minimize_access # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ # remove write permissions from path folders ($PATH) for all regular users # this prevents changing any system-wide command from normal users -paths = %w[/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin] + node['os-hardening']['env']['extra_user_paths'] +paths = %w(/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin) + node['os-hardening']['env']['extra_user_paths'] paths.each do |folder| execute "remove write permission from #{folder}" do command "chmod go-w -R #{folder}" @@ -59,7 +59,7 @@ directory '/var/log' do owner 'root' # ubuntu with containers does not have rsyslog installed and syslog group does not exist - if node['platform'] == 'ubuntu' && node['packages']['rsyslog'] + if platform?('ubuntu') && node['packages']['rsyslog'] group 'syslog' else group 'root' @@ -72,7 +72,7 @@ only_if { ::File.exist?('/etc/crontab') } end -cron_directories = %w[/etc/cron.hourly /etc/cron.daily /etc/cron.weekly /etc/cron.monthly /etc/cron.d] +cron_directories = %w(/etc/cron.hourly /etc/cron.daily /etc/cron.weekly /etc/cron.monthly /etc/cron.d) cron_directories.each do |cron_path| next unless ::Dir.exist?(cron_path) diff --git a/recipes/packages.rb b/recipes/packages.rb index 8393f583..16a809dd 100644 --- a/recipes/packages.rb +++ b/recipes/packages.rb @@ -1,10 +1,10 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: packages.rb # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,13 +20,7 @@ # # do package config for ubuntu -case node['platform_family'] -when 'debian' - include_recipe('os-hardening::apt') -end +include_recipe 'os-hardening::apt' if platform_family?('debian') # do package config for rhel-family -case node['platform_family'] -when 'rhel', 'fedora', 'amazon' - include_recipe('os-hardening::yum') -end +include_recipe 'os-hardening::yum' if platform_family?('rhel', 'fedora', 'amazon') diff --git a/recipes/pam.rb b/recipes/pam.rb index a0e8696d..a9593d79 100644 --- a/recipes/pam.rb +++ b/recipes/pam.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: pam.rb # -# Copyright 2012, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/recipes/profile.rb b/recipes/profile.rb index 35ad041b..a22c3f92 100644 --- a/recipes/profile.rb +++ b/recipes/profile.rb @@ -1,10 +1,10 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: profile.rb # -# Copyright 2013, Deutsche Telekom AG +# Copyright:: 2013, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/recipes/securetty.rb b/recipes/securetty.rb index 47ccd2a6..df0b60df 100644 --- a/recipes/securetty.rb +++ b/recipes/securetty.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: securetty # -# Copyright 2012, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/recipes/selinux.rb b/recipes/selinux.rb index 5d31d040..670942b7 100644 --- a/recipes/selinux.rb +++ b/recipes/selinux.rb @@ -1,10 +1,10 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: selinux.rv # -# Copyright 2017, Deutsche Telekom AG +# Copyright:: 2017, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,8 +21,7 @@ # SELinux enforcing support -case node['platform_family'] -when 'rhel', 'fedora', 'amazon' +if platform_family?('rhel', 'fedora', 'amazon') unless node['os-hardening']['security']['selinux_mode'] == 'unmanaged' semode = case node['os-hardening']['security']['selinux_mode'] when 'enforcing' diff --git a/recipes/suid_sgid.rb b/recipes/suid_sgid.rb index bf933cbf..29aa0941 100644 --- a/recipes/suid_sgid.rb +++ b/recipes/suid_sgid.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: suid_sgid # -# Copyright 2012, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/recipes/sysctl.rb b/recipes/sysctl.rb index c4974a13..d4b7fd7e 100644 --- a/recipes/sysctl.rb +++ b/recipes/sysctl.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: sysctl # -# Copyright 2012, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +20,7 @@ # limitations under the License. # -::Chef::Recipe.send(:include, SysctlCookbook::SysctlHelpers::Param) +::Chef::DSL::Recipe.send(:include, SysctlCookbook::SysctlHelpers::Param) # cleanup of old sysctl related configurations. This can be removed at some point in the future # https://github.com/dev-sec/chef-os-hardening/issues/166#issuecomment-322433264 @@ -138,9 +138,9 @@ # try to determine the real cpu vendor begin - cpu_vendor = node['cpu']['0']['vendor_id']. - sub(/^.*GenuineIntel.*$/, 'intel'). - sub(/^.*AuthenticAMD.*$/, 'amd') + cpu_vendor = node['cpu']['0']['vendor_id'] + .sub(/^.*GenuineIntel.*$/, 'intel') + .sub(/^.*AuthenticAMD.*$/, 'amd') node.default['os-hardening']['security']['cpu_vendor'] = cpu_vendor rescue # rubocop:disable Style/RescueStandardError log 'WARNING: Could not properly determine the cpu vendor. Fallback to intel cpu.' do @@ -157,8 +157,7 @@ # NSA 2.2.4.1 Set Daemon umask # do config for rhel-family -case node['platform_family'] -when 'rhel', 'fedora', 'amazon' +if platform_family?('rhel', 'fedora', 'amazon') template '/etc/sysconfig/init' do source 'rhel_sysconfig_init.erb' mode '0544' @@ -173,8 +172,7 @@ end # do initramfs config for ubuntu and debian -case node['platform_family'] -when 'debian' +if platform_family?('debian') # rebuild initramfs with starting pack of modules, # if module loading at runtime is disabled diff --git a/recipes/yum.rb b/recipes/yum.rb index 4677833a..0cba02f1 100644 --- a/recipes/yum.rb +++ b/recipes/yum.rb @@ -1,10 +1,10 @@ # frozen_string_literal: true # -# Cookbook Name: os-hardening +# Cookbook:: Name: os-hardening # Recipe: pack_yum.rb # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -43,7 +43,7 @@ if node['os-hardening']['security']['packages']['clean'] # remove unused repos - %w[CentOS-Debuginfo CentOS-Media CentOS-Vault].each do |repo| + %w(CentOS-Debuginfo CentOS-Media CentOS-Vault).each do |repo| yum_repository repo do action :remove end diff --git a/spec/recipes/auditd_spec.rb b/spec/recipes/auditd_spec.rb index f9d24c26..502354c6 100644 --- a/spec/recipes/auditd_spec.rb +++ b/spec/recipes/auditd_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # -# Copyright 2017, Artem Sidorenko +# Copyright:: 2017, Artem Sidorenko # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/spec/recipes/default_spec.rb b/spec/recipes/default_spec.rb index c4586cd3..047e63b6 100644 --- a/spec/recipes/default_spec.rb +++ b/spec/recipes/default_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,9 +27,9 @@ node.normal['cpu']['0']['vendor_id'] = 'GenuineIntel' node.normal['env']['extra_user_paths'] = [] - paths = %w[ + paths = %w( /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin - ] + node['env']['extra_user_paths'] + ) + node['env']['extra_user_paths'] paths.each do |folder| stub_command( "find #{folder} -perm -go+w -type f | wc -l | egrep '^0$'" diff --git a/spec/recipes/limits_spec.rb b/spec/recipes/limits_spec.rb index 44b892e1..3d42f270 100644 --- a/spec/recipes/limits_spec.rb +++ b/spec/recipes/limits_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/spec/recipes/login_defs_spec.rb b/spec/recipes/login_defs_spec.rb index 0bd48f32..7b5801a4 100644 --- a/spec/recipes/login_defs_spec.rb +++ b/spec/recipes/login_defs_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -52,17 +52,17 @@ sys_uid_max: 999, sys_gid_min: 100, sys_gid_max: 999, - mail_dir: '/var/mail' + mail_dir: '/var/mail', } ) end it 'uses uid_min and gid_min in /etc/login.defs' do - is_expected.to render_file('/etc/login.defs'). - with_content(/^PASS_WARN_AGE\s+7$/). - with_content(/^UID_MIN\s+5000$/). - with_content(/^UID_MAX\s+6000$/). - with_content(/^GID_MIN\s+5000$/). - with_content(/^GID_MAX\s+6000$/) + is_expected.to render_file('/etc/login.defs') + .with_content(/^PASS_WARN_AGE\s+7$/) + .with_content(/^UID_MIN\s+5000$/) + .with_content(/^UID_MAX\s+6000$/) + .with_content(/^GID_MIN\s+5000$/) + .with_content(/^GID_MAX\s+6000$/) end end diff --git a/spec/recipes/minimize_access_spec.rb b/spec/recipes/minimize_access_spec.rb index 43d97236..f6882614 100644 --- a/spec/recipes/minimize_access_spec.rb +++ b/spec/recipes/minimize_access_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/spec/recipes/pam_spec.rb b/spec/recipes/pam_spec.rb index 28ff39ab..fe5402c5 100644 --- a/spec/recipes/pam_spec.rb +++ b/spec/recipes/pam_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/spec/recipes/profile_spec.rb b/spec/recipes/profile_spec.rb index ea57bd24..cf989e2f 100644 --- a/spec/recipes/profile_spec.rb +++ b/spec/recipes/profile_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/spec/recipes/securetty_spec.rb b/spec/recipes/securetty_spec.rb index bd94163b..c89cb5a6 100644 --- a/spec/recipes/securetty_spec.rb +++ b/spec/recipes/securetty_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,7 +30,7 @@ group: 'root', mode: '0400', variables: { - ttys: "console\ntty1\ntty2\ntty3\ntty4\ntty5\ntty6" + ttys: "console\ntty1\ntty2\ntty3\ntty4\ntty5\ntty6", } ) end diff --git a/spec/recipes/suid_sgid_spec.rb b/spec/recipes/suid_sgid_spec.rb index 914926fb..ffc3244e 100644 --- a/spec/recipes/suid_sgid_spec.rb +++ b/spec/recipes/suid_sgid_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/spec/recipes/sysctl_spec.rb b/spec/recipes/sysctl_spec.rb index 5f918442..e54eec0e 100644 --- a/spec/recipes/sysctl_spec.rb +++ b/spec/recipes/sysctl_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -372,29 +372,29 @@ describe 'when unused filesystems are disabled with default values' do it 'should render the proper modprobe file' do - %w[cramfs freevxfs jffs2 hfs hfsplus squashfs udf vfat].each do |fs| - expect(chef_run).to render_file('/etc/modprobe.d/dev-sec.conf'). - with_content("install #{fs} /bin/true") + %w(cramfs freevxfs jffs2 hfs hfsplus squashfs udf vfat).each do |fs| + expect(chef_run).to render_file('/etc/modprobe.d/dev-sec.conf') + .with_content("install #{fs} /bin/true") end end end describe 'when only some filesystems are disabled' do - let(:disable_filesystems) { %w[vfat udf] } + let(:disable_filesystems) { %w(vfat udf) } it 'should render the proper modprobe file' do - %w[udf vfat].each do |fs| - expect(chef_run).to render_file('/etc/modprobe.d/dev-sec.conf'). - with_content("install #{fs} /bin/true") + %w(udf vfat).each do |fs| + expect(chef_run).to render_file('/etc/modprobe.d/dev-sec.conf') + .with_content("install #{fs} /bin/true") end - expect(chef_run).not_to render_file('/etc/modprobe.d/dev-sec.conf'). - with_content('install cramfs /bin/true') + expect(chef_run).not_to render_file('/etc/modprobe.d/dev-sec.conf') + .with_content('install cramfs /bin/true') end end describe 'when unused filesystems are not disabled' do - let(:disable_filesystems) { %w[] } + let(:disable_filesystems) { %w() } it 'should delete the modprobe file' do expect(chef_run).to delete_file('/etc/modprobe.d/dev-sec.conf') diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 0e6b3dfd..5a1b8a72 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ # coverage report Coveralls.wear! -at_exit { ChefSpec::Coverage.report! } RSpec.configure do |config| # OS and version for mocking of ohai data, needed by chefspec diff --git a/test/fixtures/cookbooks/test/metadata.rb b/test/fixtures/cookbooks/test/metadata.rb index ac1e5647..a1f860b8 100644 --- a/test/fixtures/cookbooks/test/metadata.rb +++ b/test/fixtures/cookbooks/test/metadata.rb @@ -3,5 +3,4 @@ maintainer_email 'artem@posteo.de' license 'Apache-2.0' description 'Test preparation cookbook' -long_description 'Test preparation cookbook' version '0.1.0' diff --git a/test/fixtures/cookbooks/test/recipes/default.rb b/test/fixtures/cookbooks/test/recipes/default.rb index 7856de62..eb632ad1 100644 --- a/test/fixtures/cookbooks/test/recipes/default.rb +++ b/test/fixtures/cookbooks/test/recipes/default.rb @@ -1,11 +1,11 @@ # -# Cookbook Name:: test +# Cookbook:: test # Recipe:: default # # We use this test cookbook to initialize the test environment -if node['platform_family'] == 'debian' +if platform_family?('debian') # Run apt-get update if we are on debian, some images/boxes do not have full package lists execute 'apt update' do command 'apt-get update'