Merge pull request #215 from dev-sec/inspec6

ensure compatibility with new inspec version

Author: schurzi

controls/ssh_spec.rb

@@ -24,8 +24,8 @@
   command('ssh').exist?
 end
 
-ssh_custom_user = input('ssh_custom_user', value: 'root', description: 'The SSH user is not always root. It must be an unprivileged user in a container')
-ssh_custom_path = input('ssh_custom_path', value: '/etc/ssh', description: 'Sometimes ssh configuration files are present in another location and ssh use them with the -f flag')
+ssh_custom_user = input('ssh_custom_user', value: 'root')
+ssh_custom_path = input('ssh_custom_path', value: '/etc/ssh')
 
 control 'ssh-01' do
   impact 1.0

controls/sshd_spec.rb

@@ -20,20 +20,20 @@
 
 title 'SSH server config'
 
-sshd_valid_ciphers = input('sshd_valid_ciphers', value: ssh_crypto.valid_ciphers, description: 'Expected value for sshd_config ciphers')
-sshd_valid_kexs = input('sshd_valid_kexs', value: ssh_crypto.valid_kexs, description: 'Expected value for sshd_config kexs')
-sshd_valid_macs = input('sshd_valid_macs', value: ssh_crypto.valid_macs, description: 'Expected value for sshd_config macs')
-sshd_permittunnel = input('sshd_permittunnel', value: 'no', description: 'Expected value for sshd_config PermitTunnel')
-sshd_tcpforwarding = input('sshd_tcpforwarding', value: 'no', description: 'Expected value for sshd_config TcpForwarding')
-sshd_agentforwarding = input('sshd_agentforwarding', value: 'no', description: 'Expected value for sshd_config AgentForwarding')
-sshd_gatewayports = input('sshd_gatewayports', value: 'no', description: 'Expected value for sshd_config GatewayPorts')
-sshd_x11forwarding = input('sshd_x11forwarding', value: 'no', description: 'Expected value for sshd_config X11Forwarding')
-sshd_banner = input('sshd_banner', value: 'none', description: 'Expected value for sshd_config Banner')
-sshd_max_auth_tries = input('sshd_max_auth_tries', value: 2, description: 'Expected value for max_auth_retries')
-sshd_custom_user = input('sshd_custom_user', value: 'root', description: 'The SSH user is not always root. It must be an unprivileged user in a container')
-sshd_custom_path = input('sshd_custom_path', value: '/etc/ssh', description: 'Sometimes ssh configuration files are present in another location and ssh use them with the -f flag')
-sshd_custom_port = input('sshd_custom_port', value: '22', description: 'Sometimes the ssh port is not 22. For instance, in a container as another user, 22 is forbidden')
-sshd_custom_hostkeys_path = input('sshd_custom_hostkeys_path', value: '/etc/ssh', description: 'Sometimes ssh host keys must be in a particular path, in a clustered environment for instance')
+sshd_valid_ciphers = input('sshd_valid_ciphers', value: ssh_crypto.valid_ciphers)
+sshd_valid_kexs = input('sshd_valid_kexs', value: ssh_crypto.valid_kexs)
+sshd_valid_macs = input('sshd_valid_macs', value: ssh_crypto.valid_macs)
+sshd_permittunnel = input('sshd_permittunnel', value: 'no')
+sshd_tcpforwarding = input('sshd_tcpforwarding', value: 'no')
+sshd_agentforwarding = input('sshd_agentforwarding', value: 'no')
+sshd_gatewayports = input('sshd_gatewayports', value: 'no')
+sshd_x11forwarding = input('sshd_x11forwarding', value: 'no')
+sshd_banner = input('sshd_banner', value: 'none')
+sshd_max_auth_tries = input('sshd_max_auth_tries', value: 2)
+sshd_custom_user = input('sshd_custom_user', value: 'root')
+sshd_custom_path = input('sshd_custom_path', value: '/etc/ssh')
+sshd_custom_port = input('sshd_custom_port', value: '22')
+sshd_custom_hostkeys_path = input('sshd_custom_hostkeys_path', value: '/etc/ssh')
 
 sshd_valid_privseparation = if sshd_custom_user != 'root'
                               'no'

inspec.yml

@@ -10,3 +10,36 @@ inspec_version: '>= 4.6.3'
 version: 2.8.1
 supports:
     - os-family: unix
+inputs:
+    - name: sshd_valid_ciphers
+      description: Expected value for sshd_config ciphers
+    - name: sshd_valid_kexs
+      description: Expected value for sshd_config kexs
+    - name: sshd_valid_macs
+      description: Expected value for sshd_config macs
+    - name: sshd_permittunnel
+      description: Expected value for sshd_config PermitTunnel
+    - name: sshd_tcpforwarding
+      description: Expected value for sshd_config TcpForwarding
+    - name: sshd_agentforwarding
+      description: Expected value for sshd_config AgentForwarding
+    - name: sshd_gatewayports
+      description: Expected value for sshd_config GatewayPorts
+    - name: sshd_x11forwarding
+      description: Expected value for sshd_config X11Forwarding
+    - name: sshd_banner
+      description: Expected value for sshd_config Banner
+    - name: sshd_max_auth_tries
+      description: Expected value for max_auth_retries
+    - name: sshd_custom_user
+      description: The SSH user is not always root. It must be an unprivileged user in a container
+    - name: sshd_custom_path
+      description: Sometimes ssh configuration files are present in another location and ssh use them with the -f flag
+    - name: sshd_custom_port
+      description: Sometimes the ssh port is not 22. For instance, in a container as another user, 22 is forbidden
+    - name: sshd_custom_hostkeys_path
+      description: Sometimes ssh host keys must be in a particular path, in a clustered environment for instance
+    - name: ssh_custom_user
+      description: The SSH user is not always root. It must be an unprivileged user in a container
+    - name: ssh_custom_path
+      description: Sometimes ssh configuration files are present in another location and ssh use them with the -f flag