[pull] master from dev-sec:master

.github/version-drafter.yml

@@ -0,0 +1 @@
+---

CHANGELOG.md

@@ -1,6 +1,6 @@
 # Changelog
 
-## [2.9.0](https://github.com/dev-sec/linux-baseline/tree/2.9.0) (2023-05-02)
+## [2.9.0](https://github.com/dev-sec/linux-baseline/tree/2.9.0) (2024-08-21)
 
 [Full Changelog](https://github.com/dev-sec/linux-baseline/compare/2.8.3...2.9.0)
 
@@ -15,6 +15,7 @@
 
 **Merged pull requests:**
 
+- ensure compatibility with new inspec version [\#184](https://github.com/dev-sec/linux-baseline/pull/184) ([schurzi](https://github.com/schurzi))
 - add spellchecking with codespell [\#183](https://github.com/dev-sec/linux-baseline/pull/183) ([schurzi](https://github.com/schurzi))
 - Configure Renovate [\#182](https://github.com/dev-sec/linux-baseline/pull/182) ([renovate[bot]](https://github.com/apps/renovate))
 

Gemfile

@@ -13,7 +13,7 @@ group :tools do
   gem 'pry-coolline'
 end
 
-source 'https://packagecloud.io/cinc-project/stable' do
+source 'https://rubygems.cinc.sh' do
   gem 'chef-config'
   gem 'cinc-auditor-bin'
 end

controls/os_spec.rb

@@ -19,11 +19,11 @@
 # author: Dominik Richter
 # author: Patrick Muench
 
-login_defs_umask = input('login_defs_umask', value: os.redhat? ? '077' : '027', description: 'Default umask to set in login.defs')
+login_defs_umask = input('login_defs_umask', value: os.redhat? ? '077' : '027')
 
-login_defs_passmaxdays = input('login_defs_passmaxdays', value: '60', description: 'Default password maxdays to set in login.defs')
-login_defs_passmindays = input('login_defs_passmindays', value: '7', description: 'Default password mindays to set in login.defs')
-login_defs_passwarnage = input('login_defs_passwarnage', value: '7', description: 'Default password warnage (days) to set in login.defs')
+login_defs_passmaxdays = input('login_defs_passmaxdays', value: '60')
+login_defs_passmindays = input('login_defs_passmindays', value: '7')
+login_defs_passwarnage = input('login_defs_passwarnage', value: '7')
 
 shadow_group = 'root'
 shadow_group = 'shadow' if os.debian? || os.suse? || os.name == 'alpine'
@@ -35,8 +35,7 @@
 
 blacklist = input(
   'blacklist',
-  value: suid_blacklist.default,
-  description: 'blacklist of suid/sgid program on system'
+  value: suid_blacklist.default
 )
 
 cpuvulndir = '/sys/devices/system/cpu/vulnerabilities/'
@@ -59,20 +58,17 @@
 
 mount_exec_blocklist = input(
   'mount_exec_blocklist',
-  value: ['/boot', '/dev', '/dev/shm', '/tmp', '/var/log', '/var/log/audit', '/var/tmp'],
-  description: 'List of mountpoints where \'noexec\' mount option should be set'
+  value: ['/boot', '/dev', '/dev/shm', '/tmp', '/var/log', '/var/log/audit', '/var/tmp']
 )
 
 mount_suid_blocklist = input(
   'mount_suid_blocklist',
-  value: ['/boot', '/dev', '/dev/shm', '/home', '/run', '/tmp', '/var', '/var/log', '/var/log/audit', '/var/tmp'],
-  description: 'List of mountpoints where \'nosuid\' mount option should be set'
+  value: ['/boot', '/dev', '/dev/shm', '/home', '/run', '/tmp', '/var', '/var/log', '/var/log/audit', '/var/tmp']
 )
 
 mount_dev_blocklist = input(
   'mount_dev_blocklist',
-  value: ['/boot', '/dev/shm', '/home', '/run', '/tmp', '/var', '/var/log', '/var/log/audit', '/var/tmp'],
-  description: 'List of mountpoints where \'nodev\' mount option should be set'
+  value: ['/boot', '/dev/shm', '/home', '/run', '/tmp', '/var', '/var/log', '/var/log/audit', '/var/tmp']
 )
 
 control 'os-01' do

controls/sysctl_spec.rb

@@ -19,8 +19,8 @@
 # author: Dominik Richter
 # author: Patrick Muench
 
-sysctl_forwarding = input('sysctl_forwarding', value: false, description: 'Is network forwarding needed?')
-kernel_modules_disabled = input('kernel_modules_disabled', value: 0, description: 'Should loading of kernel modules be disabled?')
+sysctl_forwarding = input('sysctl_forwarding', value: false)
+kernel_modules_disabled = input('kernel_modules_disabled', value: 0)
 container_execution = begin
   virtualization.role == 'guest' && virtualization.system =~ /^(lxc|docker)$/
                       rescue NoMethodError

inspec.yml

@@ -10,3 +10,24 @@ inspec_version: '>= 4.6.3'
 version: 2.9.0
 supports:
     - os-family: linux
+inputs:
+    - name: login_defs_umask
+      description: Default umask to set in login.defs
+    - name: login_defs_passmaxdays
+      description: Default password maxdays to set in login.defs
+    - name: login_defs_passmindays
+      description: Default password mindays to set in login.defs
+    - name: login_defs_passwarnage
+      description: Default password warnage (days) to set in login.defs
+    - name: blacklist
+      description: blacklist of suid/sgid program on system
+    - name: mount_exec_blocklist
+      description: List of mountpoints where 'noexec' mount option should be set
+    - name: mount_suid_blocklist
+      description: List of mountpoints where 'nosuid' mount option should be set
+    - name: mount_dev_blocklist
+      description: List of mountpoints where 'nodev' mount option should be set
+    - name: sysctl_forwarding
+      description: Is network forwarding needed?
+    - name: kernel_modules_disabled
+      description: Should loading of kernel modules be disabled?