search

simp / inspec-profile-disa_stig-el7

InSpec Profile for the EL7 DISA STIG
Apache License 2.0
22 stars 46 forks source link

V-72257: invalid use `be_executable.by('user')` #82

Closed rx294 closed 5 years ago

rx294 commented 5 years ago

https://github.com/simp/inspec-profile-disa_stig-el7/blob/534232d06ab22c572b8b01bfa0b7096f2ceca879/controls/V-72257.rb#L42

The usage should_not be_executable.by('user') is invalid correct usage is should_not be_executable.by_user('ec2-user')

inspec> key_files.each do |keyfile| inspec> describe file(keyfile) do inspec> it { should_not be_executable.by('user') } inspec> end inspec> end

Error trace:

Profile: inspec-shell
Version: (not specified)

  File /etc/ssh/ssh_host_rsa_key
     ×  should not be executable by user
     Invalid usergroup/owner provided
  File /etc/ssh/ssh_host_ecdsa_key
     ×  should not be executable by user
     Invalid usergroup/owner provided
  File /etc/ssh/ssh_host_ed25519_key
     ×  should not be executable by user
     Invalid usergroup/owner provided

Solution:

replace: it { should_not be_executable.by('user') } with: it { should_not be_executable.by('all') }

aaronlippold commented 5 years ago

Please submit a PR and close the issue