Merge pull request #269 from HubbleStack/develop

Merge to master (prep for v2016.10.1)

Author: basepi

FORMULA

@@ -1,7 +1,8 @@
+top_level_dir: hubblestack_nova
 name: hubblestack_nova
 os: RedHat, CentOS, Debian, Ubuntu
 os_family: RedHat, Debian
-version: 2016.7.1
+version: 2016.9.2
 release: 1
 summary: HubbleStack Nova
 description: HubbleStack Nova

README.rst

@@ -56,15 +56,15 @@ iterate policy changes separate from the code.
 
 .. code-block:: shell
 
-    wget http://spm.hubblestack.io/nova/hubblestack_nova-2016.9.2.spm
-    spm local install hubblestack_nova-2016.9.2.spm
+    wget https://spm.hubblestack.io/nova/hubblestack_nova-2016.9.2-1.spm
+    spm local install hubblestack_nova-2016.9.2-1.spm
 
 **Nova Profiles**
 
 .. code-block:: shell
 
-    wget http://spm.hubblestack.io/nova/hubblestack_nova_profiles-20160909-1.spm
-    spm local install hubblestack_nova_profiles-20160909-1.spm
+    wget https://spm.hubblestack.io/nova/hubblestack_nova_profiles-20160914-1.spm
+    spm local install hubblestack_nova_profiles-20160914-1.spm
 
 You should now be able to sync the new modules to your minion(s) using the
 ``sync_modules`` Salt utility:

_modules/hubble.py

@@ -35,6 +35,7 @@
 from salt.loader import LazyLoader
 
 __nova__ = {}
+__version__ = 'v2016.10.1'
 
 
 def audit(configs=None,
@@ -508,6 +509,13 @@ def load():
     return ret
 
 
+def version():
+    '''
+    Report the version of this module
+    '''
+    return __version__
+
+
 def _hubble_dir():
     '''
     Generate the local minion directories to which nova modules and profiles

hubblestack_nova/win_firewall.py

@@ -232,6 +232,7 @@ def _import_firewall():
         for val in vals:
             if val:
                 v = val.split(':')
+                if len(v) < 2: continue
                 temp_vals[v[0].strip()] = v[1].strip()
         dict_return[temp_vals['Name']] = temp_vals
     return dict_return

hubblestack_nova/win_pkg.py

@@ -13,6 +13,7 @@
 import fnmatch
 import logging
 import salt.utils
+from salt.exceptions import CommandExecutionError
 
 
 log = logging.getLogger(__name__)
@@ -30,7 +31,11 @@ def audit(data_list, tags, verbose=False, show_profile=False, debug=False):
     with the CIS yaml processed by __virtual__
     '''
     __data__ = {}
-    __pkgdata__ = __salt__['pkg.list_pkgs']()
+    try:
+        __pkgdata__ = __salt__['pkg.list_pkgs']()
+    except CommandExecutionError:
+        __salt__['pkg.refresh_db']()
+        __pkgdata__ = __salt__['pkg.list_pkgs']()
     for profile, data in data_list:
         if show_profile:
             _merge_yaml(__data__, data, profile)

hubblestack_nova/win_reg.py

@@ -82,9 +82,11 @@ def audit(data_list, tags, verbose=False, show_profile=False, debug=False):
                         if secret:
                             ret['Success'].append(tag_data)
                         else:
+                            tag_data['value_found'] = current
                             ret['Failure'].append(tag_data)
 
                     else:
+                        tag_data['value_found'] = None
                         ret['Failure'].append(tag_data)
 
 
@@ -211,7 +213,7 @@ def _get_tags(data):
                             ret[tag] = []
                         formatted_data = {'name': name,
                                           'tag': tag,
-                                          'module': 'win_auditpol',
+                                          'module': 'win_reg',
                                           'type': toplist}
                         formatted_data.update(tag_data)
                         formatted_data.update(audit_data)

hubblestack_nova_profiles/cis/amazon-201409-level-1-scored-v1-0-0.yaml

@@ -703,8 +703,8 @@ grep:
               match_output: "ClientAliveInterval 300"
           - '/etc/ssh/sshd_config':
               tag: 'CIS-6.2.12'
-              pattern: "^ClientAliveCountMatch"
-              match_output: "ClientAliveCountMatch 0"
+              pattern: "^ClientAliveCountMax"
+              match_output: "ClientAliveCountMax 0"
       description: 'Set Idle Timeout Interval for User Login (Scored)'
 
     sshd_limit_access: