Merge pull request #120 from dev-sec/newlint

Change linting to Cookstyle

Author: schurzi

.rubocop.yml

@@ -2,35 +2,3 @@
 AllCops:
   Exclude:
   - vendor/**/*
-Documentation:
-  Enabled: false
-Layout/ParameterAlignment:
-  Enabled: true
-HashSyntax:
-  Enabled: true
-LineLength:
-  Enabled: false
-EmptyLinesAroundBlockBody:
-  Enabled: false
-Style/Encoding:
-  Enabled: false
-MethodLength:
-  Max: 40
-NumericLiterals:
-  MinDigits: 10
-Metrics/BlockLength:
-  Max: 45 # needed for 6.1.1
-Metrics/CyclomaticComplexity:
-  Max: 10
-Metrics/PerceivedComplexity:
-  Max: 10
-Metrics/AbcSize:
-  Max: 30
-# Lint/AmbiguousBlockAssociation is incompatible with RSpec
-# https://github.com/rubocop-hq/rubocop/issues/4222
-Lint/AmbiguousBlockAssociation:
-  Enabled: false
-Lint/AmbiguousRegexpLiteral:
-  Enabled: false
-Style/NumericPredicate:
-  Enabled: false

Gemfile

@@ -2,6 +2,7 @@
 
 source 'https://rubygems.org'
 
+gem 'cookstyle'
 gem 'highline'
 gem 'rack'
 gem 'rake'

Rakefile

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'cookstyle'
 require 'rake/testtask'
 require 'rubocop/rake_task'
 
@@ -9,6 +10,10 @@ task :rubocop do
   RuboCop::RakeTask.new
 end
 
+RuboCop::RakeTask.new(:cookstyle) do |task|
+  task.options << '--display-cop-names'
+end
+
 # lint the project
 desc 'Run robocop linter'
 task lint: [:rubocop]

controls/1_1_filesystem_configuration.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2017, Schuberg Philis B.V.
+# Copyright:: 2017, Schuberg Philis B.V.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -230,7 +230,6 @@
   describe mount('/var/tmp') do
     its('options') { should include 'nodev' }
   end
-
 end
 
 control 'cis-dil-benchmark-1.1.9' do
@@ -248,7 +247,6 @@
   describe mount('/var/tmp') do
     its('options') { should include 'nosuid' }
   end
-
 end
 
 control 'cis-dil-benchmark-1.1.10' do
@@ -266,7 +264,6 @@
   describe mount('/var/tmp') do
     its('options') { should include 'noexec' }
   end
-
 end
 
 control 'cis-dil-benchmark-1.1.11' do

controls/1_2_configure_software_updates.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2017, Schuberg Philis B.V.
+# Copyright:: 2017, Schuberg Philis B.V.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

controls/1_3_filesystem_integrity_checking.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2017, Schuberg Philis B.V.
+# Copyright:: 2017, Schuberg Philis B.V.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -48,13 +48,13 @@
   tag level: 1
 
   describe.one do
-    %w[/var/spool/cron/crontabs/root /var/spool/cron/root /etc/crontab].each do |f|
+    %w(/var/spool/cron/crontabs/root /var/spool/cron/root /etc/crontab).each do |f|
       describe file(f) do
         its('content') { should match(/aide (--check|-C)/) }
       end
     end
 
-    %w[cron.d cron.hourly cron.daily cron.weekly cron.monthly].each do |f|
+    %w(cron.d cron.hourly cron.daily cron.weekly cron.monthly).each do |f|
       command("find /etc/#{f} -type f").stdout.split.each do |entry|
         describe file(entry) do
           its('content') { should match(/aide (--check|-C)/) }

controls/1_4_secure_boot_settings.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2017, Schuberg Philis B.V.
+# Copyright:: 2017, Schuberg Philis B.V.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

controls/1_5_additional_process_hardening.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2017, Schuberg Philis B.V.
+# Copyright:: 2017, Schuberg Philis B.V.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

controls/1_6_mandatory_access_control.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2017, Schuberg Philis B.V.
+# Copyright:: 2017, Schuberg Philis B.V.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -30,7 +30,7 @@
   tag level: 2
 
   describe.one do
-    %w[libselinux libselinux1 apparmor].each do |p|
+    %w(libselinux libselinux1 apparmor).each do |p|
       describe package(p) do
         it { should be_installed }
       end
@@ -49,7 +49,7 @@
   tag level: 2
 
   describe.one do
-    %w[/boot/grub2/grub.cfg /boot/grub/menu.lst].each do |f|
+    %w(/boot/grub2/grub.cfg /boot/grub/menu.lst).each do |f|
       describe file(f) do
         its('content') { should_not match /selinux=0/ }
         its('content') { should_not match /enforcing=0/ }

controls/1_7_warning_banners.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2017, Schuberg Philis B.V.
+# Copyright:: 2017, Schuberg Philis B.V.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

controls/1_8_ensure_patches.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2017, Schuberg Philis B.V.
+# Copyright:: 2017, Schuberg Philis B.V.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

controls/2_1_inetd_services.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2017, Schuberg Philis B.V.
+# Copyright:: 2017, Schuberg Philis B.V.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -166,7 +166,7 @@
     file('/etc/xinetd.conf').exist? || file('/etc/inetd.conf').exist?
   end
 
-  %w[shell login exec rsh rlogin rexec].each do |s|
+  %w(shell login exec rsh rlogin rexec).each do |s|
     describe xinetd_conf.services(s) do
       it { should be_disabled }
     end
@@ -195,7 +195,7 @@
     file('/etc/xinetd.conf').exist? || file('/etc/inetd.conf').exist?
   end
 
-  %w[talk ntalk].each do |s|
+  %w(talk ntalk).each do |s|
     describe xinetd_conf.services(s) do
       it { should be_disabled }
     end

controls/2_2_special_purpose_services.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2017, Schuberg Philis B.V.
+# Copyright:: 2017, Schuberg Philis B.V.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -108,7 +108,7 @@
   end
 
   describe.one do
-    %w[/etc/chrony/chrony.conf /etc/chrony.conf].each do |f|
+    %w(/etc/chrony/chrony.conf /etc/chrony.conf).each do |f|
       describe file(f) do
         its('content') { should match(/^(pool|server)\s+\S+/) }
       end
@@ -192,7 +192,7 @@
   tag cis: 'distribution-independent-linux:2.2.5'
   tag level: 1
 
-  %w[isc-dhcp-server isc-dhcp-server6 dhcpd].each do |s|
+  %w(isc-dhcp-server isc-dhcp-server6 dhcpd).each do |s|
     describe service(s) do
       it { should_not be_enabled }
       it { should_not be_running }
@@ -222,7 +222,7 @@
   tag cis: 'distribution-independent-linux:2.2.7'
   tag level: 1
 
-  %w[nfs-kernel-server nfs rpcbind].each do |s|
+  %w(nfs-kernel-server nfs rpcbind).each do |s|
     describe service(s) do
       it { should_not be_enabled }
       it { should_not be_running }
@@ -238,7 +238,7 @@
   tag cis: 'distribution-independent-linux:2.2.8'
   tag level: 1
 
-  %w[named bind bind9].each do |s|
+  %w(named bind bind9).each do |s|
     describe service(s) do
       it { should_not be_enabled }
       it { should_not be_running }
@@ -268,7 +268,7 @@
   tag cis: 'distribution-independent-linux:2.2.10'
   tag level: 1
 
-  %w[apache apache2 httpd lighttpd nginx].each do |s|
+  %w(apache apache2 httpd lighttpd nginx).each do |s|
     describe service(s) do
       it { should_not be_enabled }
       it { should_not be_running }
@@ -284,7 +284,7 @@
   tag cis: 'distribution-independent-linux:2.2.11'
   tag level: 1
 
-  %w[dovecot courier-imap cyrus-imap].each do |s|
+  %w(dovecot courier-imap cyrus-imap).each do |s|
     describe service(s) do
       it { should_not be_enabled }
       it { should_not be_running }
@@ -300,7 +300,7 @@
   tag cis: 'distribution-independent-linux:2.2.12'
   tag level: 1
 
-  %w[samba smb smbd].each do |s|
+  %w(samba smb smbd).each do |s|
     describe service(s) do
       it { should_not be_enabled }
       it { should_not be_running }
@@ -316,7 +316,7 @@
   tag cis: 'distribution-independent-linux:2.2.13'
   tag level: 1
 
-  %w[squid squid3].each do |s|
+  %w(squid squid3).each do |s|
     describe service(s) do
       it { should_not be_enabled }
       it { should_not be_running }
@@ -359,7 +359,7 @@
   tag cis: 'distribution-independent-linux:2.2.16'
   tag level: 1
 
-  %w[rsync rsyncd].each do |s|
+  %w(rsync rsyncd).each do |s|
     describe service(s) do
       it { should_not be_enabled }
       it { should_not be_running }
@@ -375,7 +375,7 @@
   tag cis: 'distribution-independent-linux:2.2.17'
   tag level: 1
 
-  %w[nis ypserv].each do |s|
+  %w(nis ypserv).each do |s|
     describe service(s) do
       it { should_not be_enabled }
       it { should_not be_running }

controls/2_3_service_clients.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2017, Schuberg Philis B.V.
+# Copyright:: 2017, Schuberg Philis B.V.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -27,7 +27,7 @@
   tag cis: 'distribution-independent-linux:2.3.1'
   tag level: 1
 
-  %w[nis ypbind].each do |p|
+  %w(nis ypbind).each do |p|
     describe package(p) do
       it { should_not be_installed }
     end
@@ -42,7 +42,7 @@
   tag cis: 'distribution-independent-linux:2.3.2'
   tag level: 1
 
-  %w[rsh-client rsh-redone-client rsh].each do |p|
+  %w(rsh-client rsh-redone-client rsh).each do |p|
     describe package(p) do
       it { should_not be_installed }
     end
@@ -83,7 +83,7 @@
   tag cis: 'distribution-independent-linux:2.3.5'
   tag level: 1
 
-  %w[ldap-utils openldap-clients openldap2-client].each do |p|
+  %w(ldap-utils openldap-clients openldap2-client).each do |p|
     describe package(p) do
       it { should_not be_installed }
     end

controls/3_1_network_parameters_host_only.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2017, Schuberg Philis B.V.
+# Copyright:: 2017, Schuberg Philis B.V.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -27,10 +27,10 @@
   tag cis: 'distribution-independent-linux:3.1.1'
   tag level: 1
 
-  %w[
+  %w(
     net.ipv4.ip_forward
     net.ipv6.conf.all.forwarding
-  ].each do |kp|
+  ).each do |kp|
     describe kernel_parameter(kp) do
       its('value') { should_not be_nil }
       its('value') { should cmp 0 }
@@ -46,10 +46,10 @@
   tag cis: 'distribution-independent-linux:3.1.2'
   tag level: 1
 
-  %w[
+  %w(
     net.ipv4.conf.all.send_redirects
     net.ipv4.conf.default.send_redirects
-  ].each do |kp|
+  ).each do |kp|
     describe kernel_parameter(kp) do
       its('value') { should_not be_nil }
       its('value') { should cmp 0 }