Difference between revisions of "Inspec exec linux-baseline --controls os-05"

inspec exec linux-baseline --controls os-05

• https://github.com/dev-sec/linux-baseline/blob/master/controls/os_spec.rb#L125

Profile: DevSec Linux Security Baseline (linux-baseline)
Version: 2.8.0
Target:  local://

  ×  os-05: Check login.defs (3 failed)
     ✔  File /etc/login.defs is expected to exist
     ✔  File /etc/login.defs is expected to be file
     ✔  File /etc/login.defs is expected to be owned by "root"
     ✔  File /etc/login.defs is expected not to be executable
     ✔  File /etc/login.defs is expected to be readable by owner
     ✔  File /etc/login.defs is expected to be readable by group
     ✔  File /etc/login.defs is expected to be readable by other
     ✔  File /etc/login.defs group is expected to eq "root"
     ✔  login.defs ENV_SUPATH is expected to include "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
     ✔  login.defs ENV_PATH is expected to include "/usr/local/bin:/usr/bin:/bin"
     ×  login.defs UMASK is expected to include "027"
     expected "022" to include "027"
     ×  login.defs PASS_MAX_DAYS is expected to eq "60"

     expected: "60"
          got: "99999"

     (compared using ==)

     ×  login.defs PASS_MIN_DAYS is expected to eq "7"

     expected: "7"
          got: "0"

     (compared using ==)

     ✔  login.defs PASS_WARN_AGE is expected to eq "7"
     ✔  login.defs LOGIN_RETRIES is expected to eq "5"
     ✔  login.defs LOGIN_TIMEOUT is expected to eq "60"
     ✔  login.defs UID_MIN is expected to eq "1000"
     ✔  login.defs GID_MIN is expected to eq "1000"


Profile Summary: 0 successful controls, 1 control failure, 0 controls skipped
Test Summary: 15 successful, 3 failures, 0 skipped

See also[edit]

• inspec, inspec --help, inspec exec, inspec exec --help, inspec detect, inspec shell
• Chef, knife, chef-apply, Chef InSpec, knife vault, Chef Habitat, chef-solo,Chef apply --help, chef generate, Chef: Editing a file