From 3849c52ed8f6fe17d82c097c2428d0af04282bb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mich=C3=A9e=20lengronne?= Date: Wed, 20 May 2020 10:26:11 +0200 Subject: [PATCH] Use inspec.input to load the attribute (#168) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Use inspec.input to load the attribute Signed-off-by: Michée Lengronne * valid hostkeys directly in the sshd_spec.rb Signed-off-by: Michée Lengronne * code in control Signed-off-by: Michée Lengronne --- controls/sshd_spec.rb | 6 +++++- libraries/ssh_crypto.rb | 11 ----------- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/controls/sshd_spec.rb b/controls/sshd_spec.rb index 3e3ea0a..abd0ea8 100644 --- a/controls/sshd_spec.rb +++ b/controls/sshd_spec.rb @@ -184,8 +184,12 @@ impact 1.0 title 'Server: Specify SSH HostKeys' desc 'Specify HostKey for protection against Man-In-The-Middle Attacks' + + sshd_valid_hostkeys = ssh_crypto.valid_algorithms.map { |alg| "#{sshd_custom_path}/ssh_host_#{alg}_key" } + sshd_valid_hostkeys = sshd_valid_hostkeys[0] if sshd_valid_hostkeys.length == 1 + describe sshd_config(sshd_custom_path + '/sshd_config') do - its('HostKey') { should cmp ssh_crypto.valid_hostkeys } + its('HostKey') { should cmp sshd_valid_hostkeys } end end diff --git a/libraries/ssh_crypto.rb b/libraries/ssh_crypto.rb index 2acb89e..0eda6ff 100644 --- a/libraries/ssh_crypto.rb +++ b/libraries/ssh_crypto.rb @@ -253,15 +253,4 @@ def valid_algorithms # rubocop:disable Metrics/CyclomaticComplexity alg end - - # returns the hostkeys value based on valid_algorithms - def valid_hostkeys - hostkeys = valid_algorithms.map { |alg| "#{sshd_custom_path}/ssh_host_#{alg}_key" } - # its('HostKey') provides a string for a single-element value. - # we have to return a string if we have a single-element - # https://github.com/chef/inspec/issues/1434 - return hostkeys[0] if hostkeys.length == 1 - - hostkeys - end end