I have to read this twice every time ... we should make this more clear
We expect to have at least one defined permission ...
"The audit rules for file #{file} must have defined permissions"
failure_message: "No permissions were defied in the audit rules for file #{file}"
I think this would be a good place to use the expect syntax so we can over ride the default fail message and pass message to make things much more understandable.
bad_users = inspec.shadow.where { password != "*" && password != "!" && password !~ /\$6\$/ }.users
describe 'Password hashes in /etc/shadow' do
it 'should only contain SHA512 hashes' do
failure_message = "Users without SHA512 hashes: #{bad_users.join(', ')}"
expect(bad_users).to be_empty, failure_message
end
end
× V-72191: All uses of the insmod command must be audited. (1 failed)
× Auditd Rules with file == "/sbin/insmod" permissions should not cmp == []
expected it not to be == []
got: []
(compared using `cmp` matcher)
✔ Auditd Rules with file == "/sbin/insmod" action should not include "never"
× V-72193: All uses of the rmmod command must be audited. (1 failed)
× Auditd Rules with file == "/sbin/rmmod" permissions should not cmp == []
expected it not to be == []
got: []
(compared using `cmp` matcher)
✔ Auditd Rules with file == "/sbin/rmmod" action should not include "never"
× V-72195: All uses of the modprobe command must be audited. (1 failed)
× Auditd Rules with file == "/sbin/modprobe" permissions should not cmp == []
expected it not to be == []
got: []
(compared using `cmp` matcher)
I have to read this twice every time ... we should make this more clear
We expect to have at least one defined permission ...
"The audit rules for file #{file} must have defined permissions"
failure_message: "No permissions were defied in the audit rules for file #{file}"
I think this would be a good place to use the expect syntax so we can over ride the default fail message and pass message to make things much more understandable.
× V-72191: All uses of the insmod command must be audited. (1 failed) × Auditd Rules with file == "/sbin/insmod" permissions should not cmp == []
× V-72193: All uses of the rmmod command must be audited. (1 failed) × Auditd Rules with file == "/sbin/rmmod" permissions should not cmp == []
× V-72195: All uses of the modprobe command must be audited. (1 failed) × Auditd Rules with file == "/sbin/modprobe" permissions should not cmp == []