Why Gemfury? Push, build, and install  RubyGems npm packages Python packages Maven artifacts PHP packages Go Modules Debian packages RPM packages NuGet packages

j00p34 / inspec ruby

Repository URL to install this package:

Version: 
2.3.23  ▾
Details    
inspec / lib / resources / ssh_conf.rb
Size: Mime: 
# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH

require 'utils/simpleconfig'
require 'utils/file_reader'

module Inspec::Resources
  class SshConf < Inspec.resource(1)
    name 'ssh_config'
    supports platform: 'unix'
    desc 'Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms.'
    example "
      describe ssh_config do
        its('cipher') { should contain '3des' }
        its('port') { should eq '22' }
        its('hostname') { should include('example.com') }
      end
    "

    include FileReader

    def initialize(conf_path = nil, type = nil)
      @conf_path = conf_path || '/etc/ssh/ssh_config'
      typename = (@conf_path.include?('sshd') ? 'Server' : 'Client')
      @type = type || "SSH #{typename} configuration #{conf_path}"
      read_content
    end

    def content
      read_content
    end

    def params(*opts)
      opts.inject(read_params) do |res, nxt|
        res.respond_to?(:key) ? res[nxt] : nil
      end
    end

    def convert_hash(hash)
      new_hash = {}
      hash.each do |k, v|
        new_hash[k.downcase] = v
      end
      new_hash
    end

    def method_missing(name)
      param = read_params[name.to_s.downcase]
      return nil if param.nil?
      # extract first value if we have only one value in array
      return param[0] if param.length == 1
      param
    end

    def to_s
      'SSH Configuration'
    end

    private

    def read_content
      return @content if defined?(@content)

      @content = read_file_content(@conf_path)
    end

    def read_params
      return @params if defined?(@params)
      return @params = {} if read_content.nil?
      conf = SimpleConfig.new(
        read_content,
        assignment_regex: /^\s*(\S+?)\s+(.*?)\s*$/,
        multiple_values: true,
      )
      @params = convert_hash(conf.params)
    end
  end

  class SshdConf < SshConf
    name 'sshd_config'
    supports platform: 'unix'
    desc 'Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges.'
    example "
      describe sshd_config do
        its('Protocol') { should eq '2' }
      end
    "

    def initialize(path = nil)
      super(path || '/etc/ssh/sshd_config')
    end

    def to_s
      'SSHD Configuration'
    end
  end
end

Products

About

Resources

Contact Gemfury