inspec 4.10.4 → 4.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2be41b8620f4c1d6121a602f39c068ad59168ad95f2d15d0cd470ebba2ce249f
-  data.tar.gz: 883c88f79780d101b26925c1a67c14b8ba36f18b2514e5974bd947ce7192cf39
+  metadata.gz: 72aac2ba7eb1565ecbbd18436e96c770151f5be68b3bcc8897db7a0baee22621
+  data.tar.gz: 2466be933623846f985f9b66e3a572d617f516274ad2dc7b81d048b2ebe2d104
 SHA512:
-  metadata.gz: 61e4f19e37a19cc4492d890798a323f3f8c9127dc64e4e0469a92f7182b07dd1134d84ce87ba80d60940f40656378f215ee8a332fc1abf965585183e48b9c680
-  data.tar.gz: 298f688326827ee7871d3379ff016be74e2ce710bddebd7eccba4866292519443d0f95f8e36bcb8dc5ec65f336d70d8752c7e5f9bf5ddf7490946f8733542897
+  metadata.gz: 269ccd7e103663bec2dd23058dc0481775b840f22a93a3cd81e8f8e0e5c774def3cd6ecaae12604f2c13fe6bcfd33864040acfa9a2ff3bf49e50c1111f5d7be9
+  data.tar.gz: 9f6b41d84be75a69cb1c405302f7c076f6192f16f506d8d4b958bf76e707057961a6ba692dadb528b39997140c1682ee9d2d328efd8d06f2249f104497c79b62

data/README.md

@@ -327,13 +327,13 @@ Remote Targets
 
 In addition, runtime support is provided for:
 
-| Platform | Versions |
-| -------- | -------- |
-| Debian   | 8, 9     |
-| RHEL     | 6, 7     |
-| Ubuntu   | 12.04+   |
-| Windows  | 7+       |
-| Windows  | 2012+    |
+| Platform | Versions | Arch   |
+| -------- | -------- | ------ |
+| Debian   | 8, 9     | x86_64 |
+| RHEL     | 6, 7     | x86_64 |
+| Ubuntu   | 12.04+   | x86_64 |
+| Windows  | 7+       | x86_64 |
+| Windows  | 2012+    | x86_64 |
 
 ## Documentation
 

data/inspec.gemspec

@@ -23,10 +23,11 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = ">= 2.4"
 
-  spec.add_dependency "train", "~> 2.0" # Inspec 4 must have train 2+
+  spec.add_dependency "train", "~> 3.0" # Inspec 4 must have train 2+; 3+ if we include train-winrm
   # Train plugins we ship with InSpec
   spec.add_dependency "train-habitat", "~> 0.1"
   spec.add_dependency "train-aws", "~> 0.1"
+  spec.add_dependency "train-winrm", "~> 0.2" # Requires train 3+
 
   # Implementation dependencies
   spec.add_dependency "license-acceptance", ">= 0.2.13", "< 2.0"

data/lib/inspec/resources/command.rb

@@ -1,6 +1,8 @@
 # copyright: 2015, Vulcano Security GmbH
 
 require "inspec/resource"
+require "inspec/resources/platform"
+require "inspec/resources/os"
 
 module Inspec::Resources
   class Cmd < Inspec.resource(1)

data/lib/inspec/resources/dh_params.rb

@@ -1,81 +1,83 @@
 require "openssl"
 require "inspec/utils/file_reader"
 
-class DhParams < Inspec.resource(1)
-  name "dh_params"
-  supports platform: "unix"
-  desc '
-    Use the `dh_params` InSpec audit resource to test Diffie-Hellman (DH)
-    parameters.
-  '
-
-  example <<~EXAMPLE
-    describe dh_params('/path/to/file.dh_pem') do
-      it { should be_dh_params }
-      it { should be_valid }
-      its('generator') { should eq 2 }
-      its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' }
-      its('prime_length') { should eq 2048 }
-      its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
-      its('text') { should eq 'PKCS#3 DH Parameters: (2048 bit)...' }
+module Inspec::Resources
+  class DhParams < Inspec.resource(1)
+    name "dh_params"
+    supports platform: "unix"
+    desc '
+      Use the `dh_params` InSpec audit resource to test Diffie-Hellman (DH)
+      parameters.
+    '
+
+    example <<~EXAMPLE
+      describe dh_params('/path/to/file.dh_pem') do
+        it { should be_dh_params }
+        it { should be_valid }
+        its('generator') { should eq 2 }
+        its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' }
+        its('prime_length') { should eq 2048 }
+        its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
+        its('text') { should eq 'PKCS#3 DH Parameters: (2048 bit)...' }
+      end
+    EXAMPLE
+
+    include FileReader
+
+    def initialize(filename)
+      @dh_params_path = filename
+      @dh_params = OpenSSL::PKey::DH.new read_file_content(@dh_params_path)
     end
-  EXAMPLE
 
-  include FileReader
-
-  def initialize(filename)
-    @dh_params_path = filename
-    @dh_params = OpenSSL::PKey::DH.new read_file_content(@dh_params_path)
-  end
-
-  # it { should be_dh_params }
-  def dh_params?
-    !@dh_params.nil?
-  end
+    # it { should be_dh_params }
+    def dh_params?
+      !@dh_params.nil?
+    end
 
-  # its('generator') { should eq 2 }
-  def generator
-    return if @dh_params.nil?
+    # its('generator') { should eq 2 }
+    def generator
+      return if @dh_params.nil?
 
-    @dh_params.g.to_i
-  end
+      @dh_params.g.to_i
+    end
 
-  # its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' }
-  def modulus
-    return if @dh_params.nil?
+    # its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' }
+    def modulus
+      return if @dh_params.nil?
 
-    "00:" + @dh_params.p.to_s(16).downcase.scan(/.{2}/).join(":")
-  end
+      "00:" + @dh_params.p.to_s(16).downcase.scan(/.{2}/).join(":")
+    end
 
-  # its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
-  def pem
-    return if @dh_params.nil?
+    # its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
+    def pem
+      return if @dh_params.nil?
 
-    @dh_params.to_pem
-  end
+      @dh_params.to_pem
+    end
 
-  # its('prime_length') { should be 2048 }
-  def prime_length
-    return if @dh_params.nil?
+    # its('prime_length') { should be 2048 }
+    def prime_length
+      return if @dh_params.nil?
 
-    @dh_params.p.num_bits
-  end
+      @dh_params.p.num_bits
+    end
 
-  # its('text') { should eq 'human-readable-text' }
-  def text
-    return if @dh_params.nil?
+    # its('text') { should eq 'human-readable-text' }
+    def text
+      return if @dh_params.nil?
 
-    @dh_params.to_text
-  end
+      @dh_params.to_text
+    end
 
-  # it { should be_valid }
-  def valid?
-    return if @dh_params.nil?
+    # it { should be_valid }
+    def valid?
+      return if @dh_params.nil?
 
-    @dh_params.params_ok?
-  end
+      @dh_params.params_ok?
+    end
 
-  def to_s
-    "dh_params #{@dh_params_path}"
+    def to_s
+      "dh_params #{@dh_params_path}"
+    end
   end
 end

data/lib/inspec/resources/etc_hosts.rb

@@ -1,62 +1,64 @@
 require "inspec/utils/parser"
 require "inspec/utils/file_reader"
 
-class EtcHosts < Inspec.resource(1)
-  name "etc_hosts"
-  supports platform: "linux"
-  supports platform: "bsd"
-  supports platform: "windows"
-  desc 'Use the etc_hosts InSpec audit resource to find an
-    ip_address and its associated hosts'
-  example <<~EXAMPLE
-    describe etc_hosts.where { ip_address == '127.0.0.1' } do
-      its('ip_address') { should cmp '127.0.0.1' }
-      its('primary_name') { should cmp 'localhost' }
-      its('all_host_names') { should eq [['localhost', 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4']] }
-    end
-  EXAMPLE
+module Inspec::Resources
+  class EtcHosts < Inspec.resource(1)
+    name "etc_hosts"
+    supports platform: "linux"
+    supports platform: "bsd"
+    supports platform: "windows"
+    desc 'Use the etc_hosts InSpec audit resource to find an
+      ip_address and its associated hosts'
+    example <<~EXAMPLE
+      describe etc_hosts.where { ip_address == '127.0.0.1' } do
+        its('ip_address') { should cmp '127.0.0.1' }
+        its('primary_name') { should cmp 'localhost' }
+        its('all_host_names') { should eq [['localhost', 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4']] }
+      end
+    EXAMPLE
 
-  attr_reader :params
+    attr_reader :params
 
-  include CommentParser
-  include FileReader
+    include CommentParser
+    include FileReader
 
-  DEFAULT_UNIX_PATH    = "/etc/hosts".freeze
-  DEFAULT_WINDOWS_PATH = 'C:\windows\system32\drivers\etc\hosts'.freeze
+    DEFAULT_UNIX_PATH    = "/etc/hosts".freeze
+    DEFAULT_WINDOWS_PATH = 'C:\windows\system32\drivers\etc\hosts'.freeze
 
-  def initialize(hosts_path = nil)
-    content = read_file_content(hosts_path || default_hosts_file_path)
+    def initialize(hosts_path = nil)
+      content = read_file_content(hosts_path || default_hosts_file_path)
 
-    @params = parse_conf(content.lines)
-  end
+      @params = parse_conf(content.lines)
+    end
 
-  FilterTable.create
-    .register_column(:ip_address,     field: "ip_address")
-    .register_column(:primary_name,   field: "primary_name")
-    .register_column(:all_host_names, field: "all_host_names")
-    .install_filter_methods_on_resource(self, :params)
+    FilterTable.create
+      .register_column(:ip_address,     field: "ip_address")
+      .register_column(:primary_name,   field: "primary_name")
+      .register_column(:all_host_names, field: "all_host_names")
+      .install_filter_methods_on_resource(self, :params)
 
-  private
+    private
 
-  def default_hosts_file_path
-    inspec.os.windows? ? DEFAULT_WINDOWS_PATH : DEFAULT_UNIX_PATH
-  end
+    def default_hosts_file_path
+      inspec.os.windows? ? DEFAULT_WINDOWS_PATH : DEFAULT_UNIX_PATH
+    end
 
-  def parse_conf(lines)
-    lines.reject(&:empty?).reject(&comment?).map(&parse_data).map(&format_data)
-  end
+    def parse_conf(lines)
+      lines.reject(&:empty?).reject(&comment?).map(&parse_data).map(&format_data)
+    end
 
-  def comment?
-    parse_options = { comment_char: "#", standalone_comments: false }
+    def comment?
+      parse_options = { comment_char: "#", standalone_comments: false }
 
-    ->(data) { parse_comment_line(data, parse_options).first.empty? }
-  end
+      ->(data) { parse_comment_line(data, parse_options).first.empty? }
+    end
 
-  def parse_data
-    ->(data) { [data.split[0], data.split[1], data.split[1..-1]] }
-  end
+    def parse_data
+      ->(data) { [data.split[0], data.split[1], data.split[1..-1]] }
+    end
 
-  def format_data
-    ->(data) { %w{ip_address primary_name all_host_names}.zip(data).to_h }
+    def format_data
+      ->(data) { %w{ip_address primary_name all_host_names}.zip(data).to_h }
+    end
   end
 end

data/lib/inspec/resources/groups.rb

@@ -164,22 +164,40 @@ module Inspec::Resources
   # OSX uses opendirectory for groups, so `/etc/group` may not be fully accurate
   # This uses `dscacheutil` to get the group info instead of `etc_group`
   class DarwinGroup < GroupInfo
+    def runmap(cmd, &blk)
+      hashmap(inspec.command(cmd).stdout.lines, &blk)
+    end
+
+    def hashmap(enum, &blk)
+      enum.map(&blk).to_h
+    end
+
     def groups
-      group_info = inspec.command("dscacheutil -q group").stdout.split("\n\n")
+      group_by_id = runmap("dscl . -list /Groups PrimaryGroupID")  { |l| name, id = l.split; [id.to_i, name] }
+      userss      = runmap("dscl . -list /Users  PrimaryGroupID")  { |l| name, id = l.split; [name, id.to_i] }
+      membership  = runmap("dscl . -list /Groups GroupMembership") { |l| key, *vs = l.split; [key, vs] }
+      membership.default_proc = ->(h, k) { h[k] = [] }
+
+      users_by_group = hashmap(userss.keys.group_by { |k| userss[k] }) { |k, vs| [group_by_id[k], vs] }
+      users_by_group.each do |name, users|
+        membership[name].concat users
+      end
+
+      group_info = inspec.command("dscacheutil -q group").stdout.split("\n\n").uniq
 
-      groups = []
       regex = /^([^:]*?)\s*:\s(.*?)\s*$/
-      group_info.each do |data|
-        groups << inspec.parse_config(data, assignment_regex: regex).params
+      groups = group_info.map do |data|
+        inspec.parse_config(data, assignment_regex: regex).params
       end
 
       # Convert the `dscacheutil` groups to match `inspec.etc_group.entries`
       groups.each { |g| g["gid"] = g["gid"].to_i }
       groups.each do |g|
-        next if g["users"].nil?
-
-        g["members"] = g.delete("users")
-        g["members"].tr!(" ", ",")
+        users = g.delete("users") || ""
+        users = users.split
+        users += Array(users_by_group[g["name"]])
+        g["members"] = users
+        g["members"].sort.join ","
       end
     end
   end

data/lib/inspec/resources/grub_conf.rb

@@ -1,228 +1,230 @@
 require "inspec/utils/simpleconfig"
 require "inspec/utils/file_reader"
 
-class GrubConfig < Inspec.resource(1)
-  name "grub_conf"
-  supports platform: "unix"
-  desc "Use the grub_conf InSpec audit resource to test the boot config of Linux systems that use Grub."
-  example <<~EXAMPLE
-    describe grub_conf('/etc/grub.conf',  'default') do
-      its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
-      its('initrd') { should include '/initramfs-2.6.32-573.el6.x86_64.img=1' }
-      its('default') { should_not eq '1' }
-      its('timeout') { should eq '5' }
-    end
+module Inspec::Resources
+  class GrubConfig < Inspec.resource(1)
+    name "grub_conf"
+    supports platform: "unix"
+    desc "Use the grub_conf InSpec audit resource to test the boot config of Linux systems that use Grub."
+    example <<~EXAMPLE
+      describe grub_conf('/etc/grub.conf',  'default') do
+        its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
+        its('initrd') { should include '/initramfs-2.6.32-573.el6.x86_64.img=1' }
+        its('default') { should_not eq '1' }
+        its('timeout') { should eq '5' }
+      end
 
-    also check specific kernels
-    describe grub_conf('/etc/grub.conf',  'CentOS (2.6.32-573.12.1.el6.x86_64)') do
-      its('kernel') { should include 'audit=1' }
-    end
-  EXAMPLE
+      also check specific kernels
+      describe grub_conf('/etc/grub.conf',  'CentOS (2.6.32-573.12.1.el6.x86_64)') do
+        its('kernel') { should include 'audit=1' }
+      end
+    EXAMPLE
 
-  include FileReader
+    include FileReader
 
-  class UnknownGrubConfig < StandardError; end
+    class UnknownGrubConfig < StandardError; end
 
-  def initialize(path = nil, kernel = nil)
-    config_for_platform(path)
-    @content = read_file(@conf_path)
-    @kernel = kernel || "default"
-  rescue UnknownGrubConfig
-    skip_resource "The `grub_config` resource is not supported on your OS yet."
-  end
+    def initialize(path = nil, kernel = nil)
+      config_for_platform(path)
+      @content = read_file(@conf_path)
+      @kernel = kernel || "default"
+    rescue UnknownGrubConfig
+      skip_resource "The `grub_config` resource is not supported on your OS yet."
+    end
 
-  def config_for_platform(path)
-    os = inspec.os
-    if os.redhat? || os[:name] == "fedora"
-      config_for_redhatish(path)
-    elsif os.debian?
-      @conf_path = path || "/boot/grub/grub.cfg"
-      @defaults_path = "/etc/default/grub"
-      @grubenv_path = "/boot/grub2/grubenv"
-      @version = "grub2"
-    elsif os[:name] == "amazon"
-      @conf_path = path || "/etc/grub.conf"
-      @version = "legacy"
-    else
-      raise UnknownGrubConfig
+    def config_for_platform(path)
+      os = inspec.os
+      if os.redhat? || os[:name] == "fedora"
+        config_for_redhatish(path)
+      elsif os.debian?
+        @conf_path = path || "/boot/grub/grub.cfg"
+        @defaults_path = "/etc/default/grub"
+        @grubenv_path = "/boot/grub2/grubenv"
+        @version = "grub2"
+      elsif os[:name] == "amazon"
+        @conf_path = path || "/etc/grub.conf"
+        @version = "legacy"
+      else
+        raise UnknownGrubConfig
+      end
     end
-  end
 
-  def config_for_redhatish(path)
-    if inspec.os[:release].to_f < 7
-      @conf_path = path || "/etc/grub.conf"
-      @version = "legacy"
-    else
-      @conf_path = path || "/boot/grub2/grub.cfg"
-      @defaults_path = "/etc/default/grub"
-      @grubenv_path = "/boot/grub2/grubenv"
-      @version = "grub2"
+    def config_for_redhatish(path)
+      if inspec.os[:release].to_f < 7
+        @conf_path = path || "/etc/grub.conf"
+        @version = "legacy"
+      else
+        @conf_path = path || "/boot/grub2/grub.cfg"
+        @defaults_path = "/etc/default/grub"
+        @grubenv_path = "/boot/grub2/grubenv"
+        @version = "grub2"
+      end
     end
-  end
 
-  def method_missing(name)
-    read_params[name.to_s]
-  end
+    def method_missing(name)
+      read_params[name.to_s]
+    end
 
-  def to_s
-    "Grub Config"
-  end
+    def to_s
+      "Grub Config"
+    end
 
-  private
+    private
 
-  ######################################################################
-  # Grub2 This is used by all supported versions of Ubuntu and Rhel 7+ #
-  ######################################################################
+    ######################################################################
+    # Grub2 This is used by all supported versions of Ubuntu and Rhel 7+ #
+    ######################################################################
 
-  def grub2_parse_kernel_lines(content, conf)
-    menu_entries = extract_menu_entries(content)
+    def grub2_parse_kernel_lines(content, conf)
+      menu_entries = extract_menu_entries(content)
 
-    if @kernel == "default"
-      default_menu_entry(menu_entries, conf["GRUB_DEFAULT"])
-    else
-      menu_entries.find { |entry| entry["name"] == @kernel }
+      if @kernel == "default"
+        default_menu_entry(menu_entries, conf["GRUB_DEFAULT"])
+      else
+        menu_entries.find { |entry| entry["name"] == @kernel }
+      end
     end
-  end
 
-  def extract_menu_entries(content)
-    menu_entries = []
+    def extract_menu_entries(content)
+      menu_entries = []
 
-    lines = content.split("\n")
-    lines.each_with_index do |line, index|
-      next unless line =~ /^menuentry\s+.*/
+      lines = content.split("\n")
+      lines.each_with_index do |line, index|
+        next unless line =~ /^menuentry\s+.*/
 
-      entry = {}
-      entry["insmod"] = []
+        entry = {}
+        entry["insmod"] = []
 
-      # Extract name from menuentry line
-      capture_data = line.match(/(?:^|\s+).*menuentry\s*['|"](.*)['|"]\s*--/)
-      if capture_data.nil? || capture_data.captures[0].nil?
-        raise Inspec::Exceptions::ResourceFailed "Failed to extract menuentry name from #{line}"
-      end
+        # Extract name from menuentry line
+        capture_data = line.match(/(?:^|\s+).*menuentry\s*['|"](.*)['|"]\s*--/)
+        if capture_data.nil? || capture_data.captures[0].nil?
+          raise Inspec::Exceptions::ResourceFailed "Failed to extract menuentry name from #{line}"
+        end
 
-      entry["name"] = capture_data.captures[0]
-
-      # Begin processing from index forward until a `}` line is met
-      lines.drop(index + 1).each do |mline|
-        break if mline =~ /^\s*}\s*$/
-
-        case mline
-        when /(?:^|\s*)initrd.*/
-          entry["initrd"] = mline.split(" ")[1]
-        when /(?:^|\s*)linux.*/
-          entry["kernel"] = mline.split
-        when /(?:^|\s*)set root=.*/
-          entry["root"] = mline.split("=")[1].tr("'", "")
-        when /(?:^|\s*)insmod.*/
-          entry["insmod"] << mline.split(" ")[1]
+        entry["name"] = capture_data.captures[0]
+
+        # Begin processing from index forward until a `}` line is met
+        lines.drop(index + 1).each do |mline|
+          break if mline =~ /^\s*}\s*$/
+
+          case mline
+          when /(?:^|\s*)initrd.*/
+            entry["initrd"] = mline.split(" ")[1]
+          when /(?:^|\s*)linux.*/
+            entry["kernel"] = mline.split
+          when /(?:^|\s*)set root=.*/
+            entry["root"] = mline.split("=")[1].tr("'", "")
+          when /(?:^|\s*)insmod.*/
+            entry["insmod"] << mline.split(" ")[1]
+          end
         end
+
+        menu_entries << entry
       end
 
-      menu_entries << entry
+      menu_entries
     end
 
-    menu_entries
-  end
-
-  def default_menu_entry(menu_entries, default)
-    # If the default entry isn't `saved` then a number is used as an index.
-    # By default this is `0`, which would be the first item in the list.
-    return menu_entries[default.to_i] unless default == "saved"
+    def default_menu_entry(menu_entries, default)
+      # If the default entry isn't `saved` then a number is used as an index.
+      # By default this is `0`, which would be the first item in the list.
+      return menu_entries[default.to_i] unless default == "saved"
 
-    grubenv_contents = inspec.file(@grubenv_path).content
+      grubenv_contents = inspec.file(@grubenv_path).content
 
-    # The location of the grubenv file is not guaranteed. In the case that
-    # the file does not exist this will return the 0th entry. This will also
-    # return the 0th entry if InSpec lacks permission to read the file. Both
-    # of these reflect the default Grub2 behavior.
-    return menu_entries[0] if grubenv_contents.nil?
+      # The location of the grubenv file is not guaranteed. In the case that
+      # the file does not exist this will return the 0th entry. This will also
+      # return the 0th entry if InSpec lacks permission to read the file. Both
+      # of these reflect the default Grub2 behavior.
+      return menu_entries[0] if grubenv_contents.nil?
 
-    default_name = SimpleConfig.new(grubenv_contents).params["saved_entry"]
-    default_entry = menu_entries.select { |k| k["name"] == default_name }[0]
-    return default_entry unless default_entry.nil?
+      default_name = SimpleConfig.new(grubenv_contents).params["saved_entry"]
+      default_entry = menu_entries.select { |k| k["name"] == default_name }[0]
+      return default_entry unless default_entry.nil?
 
-    # It is possible for the saved entry to not be valid . For example, grubenv
-    # not being up to date. If so, the 0th entry is the default.
-    menu_entries[0]
-  end
+      # It is possible for the saved entry to not be valid . For example, grubenv
+      # not being up to date. If so, the 0th entry is the default.
+      menu_entries[0]
+    end
 
-  ###################################################################
-  # Grub1 aka legacy-grub config. Primarily used by Centos/Rhel 6.x #
-  ###################################################################
-
-  def parse_kernel_lines(content, conf)
-    # Find all "title" lines and then parse them into arrays
-    menu_entry = 0
-    lines = content.split("\n")
-    kernel_opts = {}
-    lines.each_with_index do |file_line, index|
-      next unless file_line =~ /^title.*/
-
-      current_kernel = file_line.split(" ", 2)[1]
-      lines.drop(index + 1).each do |kernel_line|
-        if kernel_line =~ /^\s.*/
-          option_type = kernel_line.split(" ")[0]
-          line_options = kernel_line.split(" ").drop(1)
-          if (menu_entry == conf["default"].to_i && @kernel == "default") || current_kernel == @kernel
-            if option_type == "kernel"
-              kernel_opts["kernel"] = line_options
-            else
-              kernel_opts[option_type] = line_options[0]
+    ###################################################################
+    # Grub1 aka legacy-grub config. Primarily used by Centos/Rhel 6.x #
+    ###################################################################
+
+    def parse_kernel_lines(content, conf)
+      # Find all "title" lines and then parse them into arrays
+      menu_entry = 0
+      lines = content.split("\n")
+      kernel_opts = {}
+      lines.each_with_index do |file_line, index|
+        next unless file_line =~ /^title.*/
+
+        current_kernel = file_line.split(" ", 2)[1]
+        lines.drop(index + 1).each do |kernel_line|
+          if kernel_line =~ /^\s.*/
+            option_type = kernel_line.split(" ")[0]
+            line_options = kernel_line.split(" ").drop(1)
+            if (menu_entry == conf["default"].to_i && @kernel == "default") || current_kernel == @kernel
+              if option_type == "kernel"
+                kernel_opts["kernel"] = line_options
+              else
+                kernel_opts[option_type] = line_options[0]
+              end
             end
+          else
+            menu_entry += 1
+            break
           end
-        else
-          menu_entry += 1
-          break
         end
       end
+      kernel_opts
     end
-    kernel_opts
-  end
 
-  def read_file(config_file)
-    read_file_content(config_file)
-  end
+    def read_file(config_file)
+      read_file_content(config_file)
+    end
 
-  def read_params
-    return @params if defined?(@params)
-
-    content = read_file(@conf_path)
-
-    if @version == "legacy"
-      # parse the file
-      conf = SimpleConfig.new(
-        content,
-        multiple_values: true
-      ).params
-      # convert single entry arrays into strings
-      conf.each do |key, value|
-        if value.size == 1
-          conf[key] = conf[key][0].to_s
+    def read_params
+      return @params if defined?(@params)
+
+      content = read_file(@conf_path)
+
+      if @version == "legacy"
+        # parse the file
+        conf = SimpleConfig.new(
+          content,
+          multiple_values: true
+        ).params
+        # convert single entry arrays into strings
+        conf.each do |key, value|
+          if value.size == 1
+            conf[key] = conf[key][0].to_s
+          end
         end
+        kernel_opts = parse_kernel_lines(content, conf)
+        @params = conf.merge(kernel_opts)
       end
-      kernel_opts = parse_kernel_lines(content, conf)
-      @params = conf.merge(kernel_opts)
-    end
 
-    if @version == "grub2"
-      # read defaults
-      defaults = read_file(@defaults_path)
+      if @version == "grub2"
+        # read defaults
+        defaults = read_file(@defaults_path)
 
-      conf = SimpleConfig.new(
-        defaults,
-        multiple_values: true
-      ).params
+        conf = SimpleConfig.new(
+          defaults,
+          multiple_values: true
+        ).params
 
-      # convert single entry arrays into strings
-      conf.each do |key, value|
-        if value.size == 1
-          conf[key] = conf[key][0].to_s
+        # convert single entry arrays into strings
+        conf.each do |key, value|
+          if value.size == 1
+            conf[key] = conf[key][0].to_s
+          end
         end
-      end
 
-      kernel_opts = grub2_parse_kernel_lines(content, conf)
-      @params = conf.merge(kernel_opts)
+        kernel_opts = grub2_parse_kernel_lines(content, conf)
+        @params = conf.merge(kernel_opts)
+      end
+      @params
     end
-    @params
   end
 end