Merge pull request #100 from Logicworks/fix/regression-debian-file-perms

fix(6.1): regression expected_gid

Author: micheelengronne

controls/6_1_system_file_permissions.rb

@@ -15,7 +15,10 @@
 #
 # author: Kristian Vlaardingerbroek
 
-cis_level = attribute('cis_level')
+cis_level = input('cis_level')
+
+expected_gid = 0
+expected_gid = 42 if os.debian? || os.suse? || os.name == 'alpine'
 
 title '6.1 System File Permissions'
 
@@ -129,13 +132,10 @@
   shadow_files = ['/etc/shadow']
   shadow_files << '/usr/share/baselayout/shadow' if file('/etc/nsswitch.conf').content =~ /^shadow:\s+(\S+\s+)*usrfiles/
 
-  expected_gid = 0
-  expected_gid = 42 if os.debian?
-
   shadow_files.each do |f|
     describe file(f) do
       it { should exist }
-      it { should_not be_more_permissive_than('0644') }
+      it { should_not be_more_permissive_than('0640') }
       its('uid') { should cmp 0 }
       its('gid') { should cmp expected_gid }
     end
@@ -191,9 +191,6 @@
   gshadow_files = ['/etc/gshadow']
   gshadow_files << '/usr/share/baselayout/gshadow' if file('/etc/nsswitch.conf').content =~ /^gshadow:\s+(\S+\s+)*usrfiles/
 
-  expected_gid = 0
-  expected_gid = 42 if os.debian?
-
   gshadow_files.each do |f|
     describe file(f) do
       it { should exist }
@@ -248,7 +245,7 @@
     it { should_not be_more_permissive_than('0640') }
 
     its('uid') { should cmp 0 }
-    its('gid') { should cmp 0 }
+    its('gid') { should cmp expected_gid }
   end
 end
 
@@ -297,7 +294,7 @@
     it { should exist }
     it { should_not be_more_permissive_than('0640') }
     its('uid') { should cmp 0 }
-    its('gid') { should cmp 0 }
+    its('gid') { should cmp expected_gid }
   end
 end