Merge pull request #21 from atomic111/master

changed GIS to DTAG SEC

Author: arlimus

default/serverspec/os_spec.rb

@@ -21,47 +21,47 @@
   c.filter_run_excluding skipOn: backend(Serverspec::Commands::Base).check_os[:family]
 end
 
-# GIS: Req 3.21-4
+
 describe command('find / -name \'.rhosts\' | wc -l ') do
   its(:stdout) { should match(/^0/) }
 end
 
-# GIS: Req 3.21-4
+
 describe command('find / -name \'hosts.equiv\' | wc -l ') do
   its(:stdout) { should match(/^0/) }
 end
 
-# GIS: Req 3.21-7
+
 describe file('/etc/shadow') do
   it { should be_owned_by 'root' }
 end
 
-# GIS: Req 3.21-7
+
 describe file('/etc/shadow') do
   it { should be_mode 600 }
 end
 
-# GIS: Req 3.21-8
+
 describe command('echo $PATH | grep -ci \'\.\'') do
   its(:stdout) { should match(/^0/) }
 end
 
-# GIS: Req 3.21-8
+
 describe file('/etc/login.defs') do
   its(:content) { should match(%r{^ENV_SUPATH\s+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin}) }
 end
 
-# GIS: Req 3.21-8
+
 describe file('/etc/login.defs') do
   its(:content) { should match(%r{^ENV_PATH\s+PATH=/usr/local/bin:/usr/bin:/bin}) }
 end
 
-# GIS: Req 3.21-10
+
 describe file('/etc/login.defs') do
   its(:content) { should match(/^UMASK +027/) }
 end
 
-# GIS: Req 3.21-12
+
 describe 'SUID/ SGID blacklist  check' do
   it 'found no blacklisted suid/sgid' do
     blacklist = [
@@ -97,7 +97,7 @@
   end
 end
 
-# GIS: Req 3.21-16
+
 describe 'Unique uid' do
   it 'check for unique uids' do
     actual = command('cat /etc/passwd | cut -d \':\' -f 3').stdout.split(/\r?\n/)

default/serverspec/sysctl_spec.rb

@@ -23,27 +23,27 @@
 
 describe 'IP V4 networking' do
 
-  # GIS: Req 3.21-1
+
   context linux_kernel_parameter('net.ipv4.ip_forward') do
     its(:value) { should eq 0 }
   end
 
-  # GIS: Req 3.21-1
+
   context linux_kernel_parameter('net.ipv4.conf.all.forwarding') do
     its(:value) { should eq 0 }
   end
 
-  # GIS: Req 3.21-3
+
   context linux_kernel_parameter('net.ipv4.conf.all.rp_filter') do
     its(:value) { should eq 1 }
   end
 
-  # GIS: Req 3.21-3 ; GIS: Req 3.37-10
+
   context linux_kernel_parameter('net.ipv4.conf.default.rp_filter') do
     its(:value) { should eq 1 }
   end
 
-  # GIS: Req 3.21-1
+
   context linux_kernel_parameter('net.ipv4.icmp_echo_ignore_broadcasts') do
     its(:value) { should eq 1 }
   end
@@ -52,7 +52,7 @@
     its(:value) { should eq 1 }
   end
 
-  # GIS: Req 3.01-9
+
   context linux_kernel_parameter('net.ipv4.icmp_ratelimit') do
     its(:value) { should eq 100 }
   end
@@ -65,12 +65,12 @@
     its(:value) { should eq 0 }
   end
 
-  # GIS: Req 3.21-3
+
   context linux_kernel_parameter('net.ipv4.conf.all.arp_ignore') do
     its(:value) { should eq 1 }
   end
 
-  # GIS: Req 3.21-3
+
   context linux_kernel_parameter('net.ipv4.conf.all.arp_announce') do
     its(:value) { should eq 2 }
   end
@@ -91,12 +91,12 @@
     its(:value) { should eq 1 }
   end
 
-  # GIS: Req 3.37-12
+
   context linux_kernel_parameter('net.ipv4.conf.all.accept_source_route') do
     its(:value) { should eq 0 }
   end
 
-  # GIS: Req 3.37-12
+
   context linux_kernel_parameter('net.ipv4.conf.default.accept_source_route') do
     its(:value) { should eq 0 }
   end
@@ -138,7 +138,7 @@
     its(:value) { should eq 1 }
   end
 
-  # GIS: Req 3.21-1
+
   context linux_kernel_parameter('net.ipv6.conf.all.forwarding') do
     its(:value) { should eq 0 }
   end
@@ -202,7 +202,7 @@
 
 describe 'ExecShield' do
 
-  # GIS: Req 3.21-5
+
   # check if we find the nx flag
   if command('cat /proc/cpuinfo').return_stdout?(/^flags.*?:.*? nx( .*?)?$/)
     true
@@ -217,7 +217,7 @@
     end
   end
 
-  # GIS: Req 3.21-5
+
   context linux_kernel_parameter('kernel.randomize_va_space') do
     its(:value) { should eq 2 }
   end

lockdown/serverspec/os_spec.rb

@@ -21,47 +21,47 @@
   c.filter_run_excluding skipOn: backend(Serverspec::Commands::Base).check_os[:family]
 end
 
-# GIS: Req 3.21-4
+
 describe command('find / -name \'.rhosts\' | wc -l ') do
   its(:stdout) { should match(/^0/) }
 end
 
-# GIS: Req 3.21-4
+
 describe command('find / -name \'hosts.equiv\' | wc -l ') do
   its(:stdout) { should match(/^0/) }
 end
 
-# GIS: Req 3.21-7
+
 describe file('/etc/shadow') do
   it { should be_owned_by 'root' }
 end
 
-# GIS: Req 3.21-7
+
 describe file('/etc/shadow') do
   it { should be_mode 600 }
 end
 
-# GIS: Req 3.21-8
+
 describe command('echo $PATH | grep -ci \'\.\'') do
   its(:stdout) { should match(/^0/) }
 end
 
-# GIS: Req 3.21-8
+
 describe file('/etc/login.defs') do
   its(:content) { should match(%r{^ENV_SUPATH\s+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin}) }
 end
 
-# GIS: Req 3.21-8
+
 describe file('/etc/login.defs') do
   its(:content) { should match(%r{^ENV_PATH\s+PATH=/usr/local/bin:/usr/bin:/bin}) }
 end
 
-# GIS: Req 3.21-10
+
 describe file('/etc/login.defs') do
   its(:content) { should match(/^UMASK +027/) }
 end
 
-# GIS: Req 3.21-12
+
 describe 'SUID/ SGID whitelist check' do
   it 'found only whitelist suid/sgid' do
     whitelist  = [
@@ -116,7 +116,7 @@
   end
 end
 
-# GIS: Req 3.21-16
+
 describe 'Unique uid' do
   it 'check for unique uids' do
     actual = command('cat /etc/passwd | cut -d \':\' -f 3').stdout.split(/\r?\n/)

lockdown/serverspec/sysctl_spec.rb

@@ -23,27 +23,27 @@
 
 describe 'IP V4 networking' do
 
-  # GIS: Req 3.21-1
+
   context linux_kernel_parameter('net.ipv4.ip_forward') do
     its(:value) { should eq 0 }
   end
 
-  # GIS: Req 3.21-1
+
   context linux_kernel_parameter('net.ipv4.conf.all.forwarding') do
     its(:value) { should eq 0 }
   end
 
-  # GIS: Req 3.21-3
+
   context linux_kernel_parameter('net.ipv4.conf.all.rp_filter') do
     its(:value) { should eq 1 }
   end
 
-  # GIS: Req 3.21-3 ; GIS: Req 3.37-10
+
   context linux_kernel_parameter('net.ipv4.conf.default.rp_filter') do
     its(:value) { should eq 1 }
   end
 
-  # GIS: Req 3.21-1
+
   context linux_kernel_parameter('net.ipv4.icmp_echo_ignore_broadcasts') do
     its(:value) { should eq 1 }
   end
@@ -52,7 +52,7 @@
     its(:value) { should eq 1 }
   end
 
-  # GIS: Req 3.01-9
+
   context linux_kernel_parameter('net.ipv4.icmp_ratelimit') do
     its(:value) { should eq 100 }
   end
@@ -65,12 +65,12 @@
     its(:value) { should eq 0 }
   end
 
-  # GIS: Req 3.21-3
+
   context linux_kernel_parameter('net.ipv4.conf.all.arp_ignore') do
     its(:value) { should eq 1 }
   end
 
-  # GIS: Req 3.21-3
+
   context linux_kernel_parameter('net.ipv4.conf.all.arp_announce') do
     its(:value) { should eq 2 }
   end
@@ -91,12 +91,12 @@
     its(:value) { should eq 1 }
   end
 
-  # GIS: Req 3.37-12
+
   context linux_kernel_parameter('net.ipv4.conf.all.accept_source_route') do
     its(:value) { should eq 0 }
   end
 
-  # GIS: Req 3.37-12
+
   context linux_kernel_parameter('net.ipv4.conf.default.accept_source_route') do
     its(:value) { should eq 0 }
   end
@@ -138,7 +138,7 @@
     its(:value) { should eq 1 }
   end
 
-  # GIS: Req 3.21-1
+
   context linux_kernel_parameter('net.ipv6.conf.all.forwarding') do
     its(:value) { should eq 0 }
   end
@@ -202,7 +202,7 @@
 
 describe 'ExecShield' do
 
-  # GIS: Req 3.21-5
+
   # check if we find the nx flag
   if command('cat /proc/cpuinfo').return_stdout?(/^flags.*?:.*? nx( .*?)?$/)
     true
@@ -217,7 +217,7 @@
     end
   end
 
-  # GIS: Req 3.21-5
+
   context linux_kernel_parameter('kernel.randomize_va_space') do
     its(:value) { should eq 2 }
   end