Skip to content

Commit

Permalink
Fix lint (#50)
Browse files Browse the repository at this point in the history 
* disable unneeded linting rule

Signed-off-by: Martin Schurz <[email protected]>

* update code to conform to new linting rules

Signed-off-by: Martin Schurz <[email protected]>

* consolidate redundant rule

Signed-off-by: Martin Schurz <[email protected]>
  • Loading branch information
@schurzi
schurzi authored Jan 29, 2021
1 parent 0a9b039 commit 8a46393
Show file tree
Hide file tree
Showing 9 changed files with 41 additions and 27 deletions.
6 changes: 5 additions & 1 deletion .rubocop.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,14 @@ MethodLength:
NumericLiterals:
MinDigits: 10
Metrics/BlockLength:
Max: 35
Max: 75
Metrics/CyclomaticComplexity:
Max: 10
Metrics/PerceivedComplexity:
Max: 10
Metrics/AbcSize:
Max: 30
# Lint/AmbiguousBlockAssociation is incompatible with RSpec
# https://github.com/rubocop-hq/rubocop/issues/4222
Lint/AmbiguousBlockAssociation:
Enabled: false
2 changes: 2 additions & 0 deletions Rakefile
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

require 'rake/testtask'
require 'rubocop/rake_task'

Expand Down
6 changes: 4 additions & 2 deletions controls/account_policies.rb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

title 'account policies'

control 'windows-001' do
Expand Down Expand Up @@ -43,7 +45,7 @@
its('MaximumPasswordAge') { should be <= attribute('maximum_password_age') }
end
describe security_policy do
its('MaximumPasswordAge') { should be > 0 }
its('MaximumPasswordAge') { should be.positive? }
end
end

Expand Down Expand Up @@ -176,7 +178,7 @@
its('LockoutBadCount') { should be <= 10 }
end
describe security_policy do
its('LockoutBadCount') { should be > 0 }
its('LockoutBadCount') { should be.positive? }
end
end

Expand Down
2 changes: 2 additions & 0 deletions controls/administrative_templates_computer.rb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

title 'Administrative Templates (Computer)'

control 'windows-175' do
Expand Down
38 changes: 17 additions & 21 deletions controls/administrative_templates_user.rb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

title 'Administrative Templates (User)'

control 'windows-360' do
Expand All @@ -15,7 +17,7 @@
ref 'IT-Grundschutz-Kompendium', url: 'https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKompendium/itgrundschutzKompendium_node.html'
ref 'Umsetzungshinweise zum Baustein SYS.1.2.2: Windows Server 2012', url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-Grundschutz-Modernisierung/UH_Windows_Server_2012.html'
ref 'Center for Internet Security', url: 'https://www.cisecurity.org/'
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'ScreenSaveActive' }
Expand All @@ -39,7 +41,7 @@
ref 'IT-Grundschutz-Kompendium', url: 'https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKompendium/itgrundschutzKompendium_node.html'
ref 'Umsetzungshinweise zum Baustein SYS.1.2.2: Windows Server 2012', url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-Grundschutz-Modernisierung/UH_Windows_Server_2012.html'
ref 'Center for Internet Security', url: 'https://www.cisecurity.org/'
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'SCRNSAVE.EXE' }
Expand All @@ -63,7 +65,7 @@
ref 'IT-Grundschutz-Kompendium', url: 'https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKompendium/itgrundschutzKompendium_node.html'
ref 'Umsetzungshinweise zum Baustein SYS.1.2.2: Windows Server 2012', url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-Grundschutz-Modernisierung/UH_Windows_Server_2012.html'
ref 'Center for Internet Security', url: 'https://www.cisecurity.org/'
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'ScreenSaverIsSecure' }
Expand All @@ -87,17 +89,11 @@
ref 'IT-Grundschutz-Kompendium', url: 'https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKompendium/itgrundschutzKompendium_node.html'
ref 'Umsetzungshinweise zum Baustein SYS.1.2.2: Windows Server 2012', url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-Grundschutz-Modernisierung/UH_Windows_Server_2012.html'
ref 'Center for Internet Security', url: 'https://www.cisecurity.org/'
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'ScreenSaveTimeOut' }
its('ScreenSaveTimeOut') { should cmp <= 900 }
end
end
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop' }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'ScreenSaveTimeOut' }
its('ScreenSaveTimeOut') { should_not eq 0 }
end
end
Expand All @@ -118,7 +114,7 @@
ref 'IT-Grundschutz-Kompendium', url: 'https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKompendium/itgrundschutzKompendium_node.html'
ref 'Umsetzungshinweise zum Baustein SYS.1.2.2: Windows Server 2012', url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-Grundschutz-Modernisierung/UH_Windows_Server_2012.html'
ref 'Center for Internet Security', url: 'https://www.cisecurity.org/'
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'NoToastApplicationNotificationOnLockScreen' }
Expand All @@ -145,7 +141,7 @@
only_if('This Control only executes if attribute(\'level_1_or_2\') is set to 2') do
attribute('level_1_or_2') == 2
end
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\Assistance\\Client\\1.0' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Policies\\Microsoft\\Assistance\\Client\\1.0" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'NoImplicitFeedback' }
Expand All @@ -169,7 +165,7 @@
ref 'IT-Grundschutz-Kompendium', url: 'https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKompendium/itgrundschutzKompendium_node.html'
ref 'Umsetzungshinweise zum Baustein SYS.1.2.2: Windows Server 2012', url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-Grundschutz-Modernisierung/UH_Windows_Server_2012.html'
ref 'Center for Internet Security', url: 'https://www.cisecurity.org/'
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'SaveZoneInformation' }
Expand All @@ -193,7 +189,7 @@
ref 'IT-Grundschutz-Kompendium', url: 'https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKompendium/itgrundschutzKompendium_node.html'
ref 'Umsetzungshinweise zum Baustein SYS.1.2.2: Windows Server 2012', url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-Grundschutz-Modernisierung/UH_Windows_Server_2012.html'
ref 'Center for Internet Security', url: 'https://www.cisecurity.org/'
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'ScanWithAntiVirus' }
Expand All @@ -219,7 +215,7 @@
only_if('Only for Windows Server 2016, 2019 and if attribute(\'level_1_or_2\') is set to 2') do
(((os[:name].include? '2016') || (os[:name].include? '2019')) && attribute('level_1_or_2') == 2)
end
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\Windows\\CloudContent' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Policies\\Microsoft\\Windows\\CloudContent" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'ConfigureWindowsSpotlight' }
Expand All @@ -245,7 +241,7 @@
only_if('Only for Windows Server 2016, 2019') do
((os[:name].include? '2016') || (os[:name].include? '2019'))
end
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\Windows\\CloudContent' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Policies\\Microsoft\\Windows\\CloudContent" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'DisableThirdPartySuggestions' }
Expand All @@ -271,7 +267,7 @@
only_if('Only for Windows Server 2016, 2019 and if attribute(\'level_1_or_2\') is set to 2') do
(((os[:name].include? '2016') || (os[:name].include? '2019')) && attribute('level_1_or_2') == 2)
end
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\Windows\\CloudContent' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Policies\\Microsoft\\Windows\\CloudContent" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'DisableWindowsSpotlightFeatures' }
Expand All @@ -297,7 +293,7 @@
only_if('Only for Windows Server 2016, 2019 and if attribute(\'level_1_or_2\') is set to 2') do
(((os[:name].include? '2016') || (os[:name].include? '2019')) && attribute('level_1_or_2') == 2)
end
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\Windows\\CloudContent' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Policies\\Microsoft\\Windows\\CloudContent" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'DisableWindowsSpotlightFeatures' }
Expand All @@ -321,7 +317,7 @@
ref 'IT-Grundschutz-Kompendium', url: 'https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKompendium/itgrundschutzKompendium_node.html'
ref 'Umsetzungshinweise zum Baustein SYS.1.2.2: Windows Server 2012', url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-Grundschutz-Modernisierung/UH_Windows_Server_2012.html'
ref 'Center for Internet Security', url: 'https://www.cisecurity.org/'
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'NoInplaceSharing' }
Expand Down Expand Up @@ -349,7 +345,7 @@
ref 'IT-Grundschutz-Kompendium', url: 'https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKompendium/itgrundschutzKompendium_node.html'
ref 'Umsetzungshinweise zum Baustein SYS.1.2.2: Windows Server 2012', url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-Grundschutz-Modernisierung/UH_Windows_Server_2012.html'
ref 'Center for Internet Security', url: 'https://www.cisecurity.org/'
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\Windows\\Installer' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Policies\\Microsoft\\Windows\\Installer" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'AlwaysInstallElevated' }
Expand All @@ -376,7 +372,7 @@
only_if('This Control only executes if attribute(\'level_1_or_2\') is set to 2') do
attribute('level_1_or_2') == 2
end
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| x.to_s + '\\Software\\Policies\\Microsoft\\WindowsMediaPlayer' }.each do |entry|
registry_key(hive: 'HKEY_USERS').children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}$/).map { |x| "#{x}\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" }.each do |entry|
describe registry_key(entry) do
it { should exist }
it { should have_property 'PreventCodecDownload' }
Expand Down
2 changes: 2 additions & 0 deletions controls/advanced_audit_policy_configuration.rb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

title 'Advanced Audit Policy Configuration'

control 'windows-146' do
Expand Down
2 changes: 2 additions & 0 deletions controls/advanced_windows_security_from_best_practices.rb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

title 'advanced windows security from best practices'

# control 'windows-base-100' do
Expand Down
8 changes: 5 additions & 3 deletions controls/local_policies.rb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

title 'local policies'

control 'windows-010' do
Expand Down Expand Up @@ -911,7 +913,7 @@
only_if('This Control only executes if attribute(\'ms_or_dc\') is set to MS') do
attribute('ms_or_dc') == 'MS'
end
describe(users.where { uid =~ /S\-1\-5\-21\-\d+\-\d+\-\d+\-500/ }) do
describe(users.where { uid =~ /S-1-5-21-\d+-\d+-\d+-500/ }) do
it { should exist }
it { should be_disabled }
end
Expand Down Expand Up @@ -959,7 +961,7 @@
only_if('This Control only executes if attribute(\'ms_or_dc\') is set to MS') do
attribute('ms_or_dc') == 'MS'
end
describe(users.where { uid =~ /S\-1\-5\-21\-\d+\-\d+\-\d+\-501/ }) do
describe(users.where { uid =~ /S-1-5-21-\d+-\d+-\d+-501/ }) do
it { should exist }
it { should be_disabled }
end
Expand Down Expand Up @@ -1306,7 +1308,7 @@
describe registry_key('HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters') do
it { should exist }
it { should have_property 'MaximumPasswordAge' }
its('MaximumPasswordAge') { should cmp > 0 }
its('MaximumPasswordAge') { should cmp.positive? }
end
describe registry_key('HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters') do
it { should exist }
Expand Down
2 changes: 2 additions & 0 deletions controls/windows_firewall_with_advanced_security.rb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

title 'windows firewall with advanced policy'

control 'windows-120' do
Expand Down

0 comments on commit 8a46393

Please sign in to comment.