Merge pull request #64 from dev-sec/ap/assignment_re-update

Use assignment_regex, only_if and bump profile version

Author: chris-rock

controls/os_spec.rb

@@ -171,17 +171,16 @@
   impact 1.0
   title 'Check login.defs - RedHat specific'
   desc 'Check owner and permissions for login.defs. Also check the configured PATH variable and umask in login.defs'
-  if os.redhat?
-    describe file('/etc/login.defs') do
-      it { should_not be_writable }
-    end
-    describe login_defs do
-      its('SYS_UID_MIN') { should eq '100' }
-      its('SYS_UID_MAX') { should eq '999' }
-      its('SYS_GID_MIN') { should eq '100' }
-      its('SYS_GID_MAX') { should eq '999' }
-    end
+  describe file('/etc/login.defs') do
+    it { should_not be_writable }
+  end
+  describe login_defs do
+    its('SYS_UID_MIN') { should eq '100' }
+    its('SYS_UID_MAX') { should eq '999' }
+    its('SYS_GID_MIN') { should eq '100' }
+    its('SYS_GID_MAX') { should eq '999' }
   end
+  only_if { os.redhat? }
 end
 
 control 'os-06' do

controls/sysctl_spec.rb

@@ -354,7 +354,7 @@
   desc 'Kernel features and CPU flags provide a protection against buffer overflows. The CPU NX Flag and the kernel parameter exec-shield prevents code execution on a per memory page basis. If the CPU supports the NX-Flag then this should be used instead of the kernel parameter exec-shield.'
 
   # parse for cpu flags
-  flags = parse_config_file('/proc/cpuinfo', assignment_re: /^([^:]*?)\s+:\s+(.*?)$/).flags
+  flags = parse_config_file('/proc/cpuinfo', assignment_regex: /^([^:]*?)\s+:\s+(.*?)$/).flags
   flags ||= ''
   flags = flags.split(' ')
 

inspec.yml

@@ -5,6 +5,6 @@ copyright: DevSec Hardening Framework Team
 copyright_email: hello@dev-sec.io
 license: Apache 2 license
 summary: Test-suite for best-preactice Linux OS hardening
-version: 2.1.0
+version: 2.1.1
 supports:
   - os-family: linux