File tree Expand file tree Collapse file tree 1 file changed +7
-10
lines changed Expand file tree Collapse file tree 1 file changed +7
-10
lines changed Original file line number Diff line number Diff line change 15
15
#
16
16
# author: Kristian Vlaardingerbroek
17
17
18
- cis_level = attribute ( 'cis_level' )
18
+ cis_level = input ( 'cis_level' )
19
+
20
+ expected_gid = 0
21
+ expected_gid = 42 if os . debian? || os . suse? || os . name == 'alpine'
19
22
20
23
title '6.1 System File Permissions'
21
24
129
132
shadow_files = [ '/etc/shadow' ]
130
133
shadow_files << '/usr/share/baselayout/shadow' if file ( '/etc/nsswitch.conf' ) . content =~ /^shadow:\s +(\S +\s +)*usrfiles/
131
134
132
- expected_gid = 0
133
- expected_gid = 42 if os . debian?
134
-
135
135
shadow_files . each do |f |
136
136
describe file ( f ) do
137
137
it { should exist }
138
- it { should_not be_more_permissive_than ( '0644 ' ) }
138
+ it { should_not be_more_permissive_than ( '0640 ' ) }
139
139
its ( 'uid' ) { should cmp 0 }
140
140
its ( 'gid' ) { should cmp expected_gid }
141
141
end
191
191
gshadow_files = [ '/etc/gshadow' ]
192
192
gshadow_files << '/usr/share/baselayout/gshadow' if file ( '/etc/nsswitch.conf' ) . content =~ /^gshadow:\s +(\S +\s +)*usrfiles/
193
193
194
- expected_gid = 0
195
- expected_gid = 42 if os . debian?
196
-
197
194
gshadow_files . each do |f |
198
195
describe file ( f ) do
199
196
it { should exist }
248
245
it { should_not be_more_permissive_than ( '0640' ) }
249
246
250
247
its ( 'uid' ) { should cmp 0 }
251
- its ( 'gid' ) { should cmp 0 }
248
+ its ( 'gid' ) { should cmp expected_gid }
252
249
end
253
250
end
254
251
297
294
it { should exist }
298
295
it { should_not be_more_permissive_than ( '0640' ) }
299
296
its ( 'uid' ) { should cmp 0 }
300
- its ( 'gid' ) { should cmp 0 }
297
+ its ( 'gid' ) { should cmp expected_gid }
301
298
end
302
299
end
303
300
You can’t perform that action at this time.
0 commit comments