some more rubocop fixing

Signed-off-by: Patrick Meier <patrick.meier111@googlemail.com>

Author: Patrick Meier

lockdown/inspec/os_spec.rb

@@ -1,6 +1,6 @@
 # encoding: utf-8
 #
-# Copyright 2015, Patrick Münch
+# Copyright 2015, Patrick Muench
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,11 +16,11 @@
 #
 # author: Christoph Hartmann
 # author: Dominik Richter
-# author: Patrick Münch
+# author: Patrick Muench
 
 control '01' do
   impact 1.0
-  title "Trusted hosts login"
+  title 'Trusted hosts login'
   desc "Rhosts/hosts.equiv files are a weak implemenation of authentication. Disabling the .rhosts and hosts.equiv support helps to prevent users from subverting the system's normal access control mechanisms of the system."
   describe command('find / -name \'.rhosts\'') do
     its('stdout') { should be_empty }
@@ -32,8 +32,8 @@
 
 control '02' do
   impact 1.0
-  title "Check owner and permissions for /etc/shadow "
-  desc "Check periodically the owner and permissions for /etc/shadow"
+  title 'Check owner and permissions for /etc/shadow'
+  desc 'Check periodically the owner and permissions for /etc/shadow'
   describe file('/etc/shadow') do
     it { should exist }
     it { should be_file }
@@ -49,8 +49,8 @@
 
 control '03' do
   impact 1.0
-  title "Check owner and permissions for /etc/passwd "
-  desc "Check periodically the owner and permissions for /etc/passwd"
+  title 'Check owner and permissions for /etc/passwd'
+  desc 'Check periodically the owner and permissions for /etc/passwd'
   describe file('/etc/passwd') do
     it { should exist }
     it { should be_file }
@@ -68,8 +68,8 @@
 
 control '04' do
   impact 1.0
-  title "Dot in PATH variable"
-  desc "Do not include the current working directory in PATH variable. This makes it easier for an attacker to gain extensive rigths by executing a Trojan program"
+  title 'Dot in PATH variable'
+  desc 'Do not include the current working directory in PATH variable. This makes it easier for an attacker to gain extensive rigths by executing a Trojan program'
   describe os_env('PATH') do
     its('split') { should_not include('') }
     its('split') { should_not include('.') }
@@ -78,8 +78,8 @@
 
 control '05' do
   impact 1.0
-  title "Check login.defs"
-  desc "Check owner and permissions for login.defs. Also check the configured PATH variable and umask in login.defs"
+  title 'Check login.defs'
+  desc 'Check owner and permissions for login.defs. Also check the configured PATH variable and umask in login.defs'
   describe file('/etc/login.defs') do
     it { should exist }
     it { should be_file }
@@ -112,8 +112,8 @@
 
 control '06' do
   impact 1.0
-  title "Check for SUID/ SGID blacklist "
-  desc "Find blacklisted SUID and SGID files to ensure that no rogue SUID and SGID files have been introduced into the system"
+  title 'Check for SUID/ SGID blacklist'
+  desc 'Find blacklisted SUID and SGID files to ensure that no rogue SUID and SGID files have been introduced into the system'
 
   blacklist = [
     # blacklist as provided by NSA
@@ -141,20 +141,20 @@
     '/usr/lib/evolution/camel-lock-helper-1.2',                   # investigate current state...
     '/usr/lib/pt_chown',                                          # pseudo-tty, needed?
     '/usr/lib/eject/dmcrypt-get-device',
-    '/usr/lib/mc/cons.saver'                                     # midnight commander screensaver
+    '/usr/lib/mc/cons.saver' # midnight commander screensaver
   ]
 
   output = command('find / -perm -4000 -o -perm -2000 -type f ! -path \'/proc/*\' -print 2>/dev/null | grep -v \'^find:\'')
   diff = output.stdout.split(/\r?\n/) & blacklist
   describe diff do
-    it {should be_empty}
+    it { should be_empty }
   end
 end
 
 control '07' do
   impact 1.0
-  title "Unique uid and gid"
-  desc "Check for unique uids gids"
+  title 'Unique uid and gid'
+  desc 'Check for unique uids gids'
   describe passwd do
     its('uids') { should_not contain_duplicates }
   end

lockdown/inspec/package_spec.rb

@@ -0,0 +1,67 @@
+# encoding: utf-8
+#
+# Copyright 2015, Patrick Muench
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# author: Christoph Hartmann
+# author: Dominik Richter
+# author: Patrick Muench
+
+control '01' do
+  impact 1.0
+  title 'Do not run deprecated inetd or xinetd'
+  desc 'http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf, Chapter 3.2.1'
+  describe package('inetd') do
+    it { should_not be_installed }
+  end
+  describe package('xinetd') do
+    it { should_not be_installed }
+  end
+end
+
+control '02' do
+  impact 1.0
+  title 'Do not install Telnet server'
+  desc 'Telnet protocol uses unencrypted communication, that means the passowrd and other sensitive data are unencrypted. http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf, Chapter 3.2.2'
+  describe package('telnetd') do
+    it { should_not be_installed }
+  end
+end
+
+control '03' do
+  impact 1.0
+  title 'Do not install rsh server'
+  desc 'The r-commands suffers same problem as telnet. http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf, Chapter 3.2.3'
+  describe package('telnetd') do
+    it { should_not be_installed }
+  end
+end
+
+control '05' do
+  impact 1.0
+  title 'Do not install ypserv server (NIS)'
+  desc 'Network Information Service (NIS) has some security design weaknesses like inadequate protection of important authentication information. http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf, Chapter 3.2.4'
+  describe package('ypserv') do
+    it { should_not be_installed }
+  end
+end
+
+control '06' do
+  impact 1.0
+  title 'Do not install tftp server'
+  desc 'tftp-server provides little security http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf, Chapter 3.2.5'
+  describe package('tftp-server') do
+    it { should_not be_installed }
+  end
+end