openstack_taster 1.0.1 → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d197f40b701de60109b9171f250962922dc2f860
4
- data.tar.gz: 70c9e7da35b886369ae89a4dece5b1e50260235a
3
+ metadata.gz: 847cb5a20b108d188a612e254b26c30d553efd90
4
+ data.tar.gz: 36527d054338e59a9a6410541a3e532b1b096caa
5
5
  SHA512:
6
- metadata.gz: d2868e2dae6f66633d73f6ddb54edf80b905e3c35b6b08121128c77729ce597a5e64d7f76c08d1f26e5cb56f9140499e76de3e44ea2e8904b03693e903bbf455
7
- data.tar.gz: f391b2d1d487bd2e4fedd8ba9aaa49f7599b3769ff71d0c120fdb9f93b9a63426deb8c8da841bee5d302cb1636c9d080f13bdee7e684bf7f70bcdda343744901
6
+ metadata.gz: 94623399b8a7d779b9db8e96410dcaffb4c144c2c41d0b2ba6ecbbdd6d5da1e100ac55b67be4efe9fb959a4b1f6ca7926928715e8bd56c1f60fbedb83b68f975
7
+ data.tar.gz: ab0ae7a389592b96ae43e5a712c2ed5af1a438cd277dae8ee6126d3bd6492aaa5ade5713d1b7db3ace62aab69cb590e5ff7b22961a3366ce6f0d9c7caa361d67
@@ -9,7 +9,7 @@ require 'inspec'
9
9
 
10
10
  # @author Andrew Tolvstad, Samarendra Hedaoo, Cody Holliday
11
11
  class OpenStackTaster
12
- INSTANCE_FLAVOR_NAME = 'm1.small'
12
+ INSTANCE_FLAVOR_NAME = 'm1.tiny'
13
13
  INSTANCE_NETWORK_NAME = 'public'
14
14
  INSTANCE_NAME_PREFIX = 'taster'
15
15
  INSTANCE_VOLUME_MOUNT_POINT = '/mnt/taster_volume'
@@ -155,6 +155,7 @@ class OpenStackTaster
155
155
  'host' => instance.addresses['public'].first['addr'],
156
156
  'port' => 22,
157
157
  'user' => username,
158
+ 'sudo' => true,
158
159
  'keys_only' => true,
159
160
  'key_files' => @ssh_private_key,
160
161
  'logger' => instance.logger
@@ -4,13 +4,25 @@ control 'security-1.0' do
4
4
  title 'Openstack Image Security Test'
5
5
  desc 'Tests the security of images used for Openstack.'
6
6
 
7
- username = user.username
7
+ username = os.name
8
8
 
9
- describe sshd_config do
10
- its('PermitRootLogin') { should eq 'no' }
11
- its('PasswordAuthentication') { should eq 'no' }
12
- its('ChallengeResponseAuthentication') { should eq 'no' }
13
- its('KbdInteractiveAuthentication') { should eq 'no' }
9
+ describe 'saved sshd config' do
10
+ let(:resource) { command('sudo cat /etc/ssh/sshd_config') }
11
+
12
+ it 'should not permit root login' do
13
+ expect(resource.stdout).to cmp(/^PermitRootLogin no/i)
14
+ end
15
+
16
+ it 'should not permit password authentication' do
17
+ expect(resource.stdout).to cmp(/^PasswordAuthentication no/i)
18
+ end
19
+
20
+ it 'should not permit challenge response authentication' do
21
+ expect(resource.stdout).to cmp(/^ChallengeResponseAuthentication no/i)
22
+ end
23
+ it 'should not permit keyboard interactive authentication' do
24
+ expect(resource.stdout).to cmp(/^KbdInteractiveAuthentication no/i)
25
+ end
14
26
  end
15
27
 
16
28
  describe 'running sshd config' do
@@ -48,4 +60,14 @@ control 'security-1.0' do
48
60
  its('stdout') { should cmp(/\(ALL\) ((NO)*PASSWD)*: ALL/) }
49
61
  end
50
62
  end
63
+
64
+ # ssh should be the only thing listening
65
+ describe port.where { protocol =~ /tcp/ && port != 22 } do
66
+ it { should_not be_listening }
67
+ end
68
+
69
+ # It's OK if dhclient is listening
70
+ describe port.where { protocol =~ /udp/ && port != 68 && process != 'dhclient' } do
71
+ it { should_not be_listening }
72
+ end
51
73
  end
@@ -3,5 +3,5 @@ title: OpenPower Security Test Suite
3
3
  maintainer: OSU Open Source Lab
4
4
  copyright: Oregon State University
5
5
  license: Apache License, Version 2.0
6
- summary: Verify that an image has correctly configured security settings.
7
- version: 1.0.0
6
+ summary: Verify that an image has correctly configured security settings.
7
+ version: 1.0.2
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openstack_taster
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - OSU Open Source Lab
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-07-27 00:00:00.000000000 Z
11
+ date: 2017-12-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: inspec
@@ -115,7 +115,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
115
115
  version: '0'
116
116
  requirements: []
117
117
  rubyforge_project:
118
- rubygems_version: 2.6.10
118
+ rubygems_version: 2.5.1
119
119
  signing_key:
120
120
  specification_version: 4
121
121
  summary: Taste all of the OpenStack's basic functionality for an image