From 3ecb4161fad68144954defd11840a8bf2a032c04 Mon Sep 17 00:00:00 2001 From: Cookstyle Bot Date: Wed, 26 Jan 2022 13:52:42 -0800 Subject: [PATCH] Cookstyle Bot Auto Corrections with Cookstyle 7.31.1 This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.31.1). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases upgrades to newer versions of the Chef Infra Client. ### Style/Encoding - **/Rakefile:2**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/attributes/default.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/recipes/user_rights.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) Signed-off-by: Cookstyle --- Rakefile | 8 +++---- attributes/default.rb | 4 +--- metadata.rb | 21 ++++++++-------- recipes/access.rb | 18 +++++++------- recipes/audit.rb | 14 +++++------ recipes/default.rb | 34 +++++++++++++------------- recipes/enable_winrm_access.rb | 24 +++++++++---------- recipes/ie.rb | 10 ++++---- recipes/password_policy.rb | 6 ++--- recipes/powershell.rb | 6 ++--- recipes/privacy.rb | 4 ++-- recipes/rdp.rb | 10 ++++---- recipes/security_policy.rb | 6 ++--- recipes/user_rights.rb | 2 +- resources/password_policy.rb | 1 + spec/unit/recipes/default_spec.rb | 40 +++++++++++++++---------------- 16 files changed, 102 insertions(+), 106 deletions(-) diff --git a/Rakefile b/Rakefile index 7701e46..a860201 100755 --- a/Rakefile +++ b/Rakefile @@ -1,6 +1,4 @@ #!/usr/bin/env rake -# encoding: utf-8 - require 'foodcritic' require 'rspec/core/rake_task' require 'rubocop/rake_task' @@ -10,15 +8,15 @@ require 'chef/cookbook/metadata' # Rubocop before rspec so we don't lint vendored cookbooks desc 'Run all tests except Kitchen (default task)' -task default: %I[lint spec] +task default: %I(lint spec) # Lint the cookbook desc 'Run all linters: rubocop and foodcritic' -task lint: %I[rubocop foodcritic] +task lint: %I(rubocop foodcritic) # Run the whole shebang desc 'Run all tests' -task test: %I[lint integration spec] +task test: %I(lint integration spec) # RSpec desc 'Run chefspec tests' diff --git a/attributes/default.rb b/attributes/default.rb index dc808a2..404396c 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -1,6 +1,4 @@ -# encoding: utf-8 - -# Cookbook Name:: windows-hardening +# Cookbook:: windows-hardening # Attributes:: default # set this value if you want to harden terminal services diff --git a/metadata.rb b/metadata.rb index b11d473..b3f79da 100644 --- a/metadata.rb +++ b/metadata.rb @@ -1,11 +1,10 @@ -name 'windows-hardening' -maintainer 'Joe Gardiner' -maintainer_email 'joe@chef.io' -license 'Apache 2.0' -description 'Hardening cookbook for Windows 2012 R2' -long_description 'Remediates critical issues identified by the DevSec Windows baseline' -version '0.9.1' -source_url 'https://github.com/dev-sec/chef-windows-hardening' -issues_url 'https://github.com/dev-sec/chef-windows-hardening/issues' -supports 'windows' -depends 'windows-security-policy' +name 'windows-hardening' +maintainer 'Joe Gardiner' +maintainer_email 'joe@chef.io' +license 'Apache-2.0' +description 'Hardening cookbook for Windows 2012 R2' +version '0.9.1' +source_url 'https://github.com/dev-sec/chef-windows-hardening' +issues_url 'https://github.com/dev-sec/chef-windows-hardening/issues' +supports 'windows' +depends 'windows-security-policy' diff --git a/recipes/access.rb b/recipes/access.rb index 957b2d0..3567f9f 100644 --- a/recipes/access.rb +++ b/recipes/access.rb @@ -1,10 +1,10 @@ # -# Cookbook Name:: windows-hardening +# Cookbook:: windows-hardening # Recipe:: access # -# Copyright (c) 2016 Joe Gardiner, All Rights Reserved. +# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved. -return unless node['platform_family'] == 'windows' +return unless platform_family?('windows') # Anonymous Access to Windows Shares and Named Pipes is Disallowed # windows-baseline: windows-base-102 @@ -12,7 +12,7 @@ values [{ name: 'RestrictNullSessAccess', type: :dword, - data: 1 + data: 1, }] action :create_if_missing end @@ -23,7 +23,7 @@ values [{ name: 'NullSessionShares', type: :multi_string, - data: [''] + data: [''], }] action :create_if_missing end @@ -34,7 +34,7 @@ values [{ name: 'LmCompatibilityLevel', type: :dword, - data: 4 + data: 4, }] action :create end @@ -45,7 +45,7 @@ values [{ name: 'NtlmMinClientSec', type: :dword, - data: 537_395_200 + data: 537_395_200, }] action :create end @@ -56,7 +56,7 @@ values [{ name: 'NtlmMinServerSec', type: :dword, - data: 537_395_200 + data: 537_395_200, }] action :create end @@ -66,7 +66,7 @@ values [{ name: 'SMB1', type: :dword, - data: 0 + data: 0, }] action :create_if_missing end diff --git a/recipes/audit.rb b/recipes/audit.rb index 17d459b..c075843 100644 --- a/recipes/audit.rb +++ b/recipes/audit.rb @@ -1,10 +1,10 @@ # -# Cookbook Name:: windows-hardening +# Cookbook:: windows-hardening # Recipe:: audit-logging # -# Copyright (c) 2016 Joe Gardiner, All Rights Reserved. +# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved. -return unless node['platform_family'] == 'windows' +return unless platform_family?('windows') # Configure System Event Log (Application) # windows-baseline: windows-audit-100 @@ -12,7 +12,7 @@ values [{ name: 'MaxSize', type: :dword, - data: 4_194_240 + data: 4_194_240, }] recursive true action :create @@ -24,7 +24,7 @@ values [{ name: 'MaxSize', type: :dword, - data: 4_194_240 + data: 4_194_240, }] recursive true action :create @@ -36,7 +36,7 @@ values [{ name: 'MaxSize', type: :dword, - data: 4_194_240 + data: 4_194_240, }] recursive true action :create @@ -48,7 +48,7 @@ values [{ name: 'MaxSize', type: :dword, - data: 4_194_240 + data: 4_194_240, }] recursive true action :create diff --git a/recipes/default.rb b/recipes/default.rb index d9ae29b..ab89c8a 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -1,17 +1,17 @@ -# -# Cookbook Name:: windows-hardening -# Recipe:: default -# -# Copyright (c) 2016 Joe Gardiner, All Rights Reserved. - -return unless node['platform_family'] == 'windows' - -include_recipe 'windows-hardening::password_policy' -include_recipe 'windows-hardening::security_policy' -include_recipe 'windows-hardening::user_rights' -include_recipe 'windows-hardening::audit' -include_recipe 'windows-hardening::ie' -include_recipe 'windows-hardening::rdp' -include_recipe 'windows-hardening::access' -include_recipe 'windows-hardening::privacy' -include_recipe 'windows-hardening::powershell' +# +# Cookbook:: windows-hardening +# Recipe:: default +# +# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved. + +return unless platform_family?('windows') + +include_recipe 'windows-hardening::password_policy' +include_recipe 'windows-hardening::security_policy' +include_recipe 'windows-hardening::user_rights' +include_recipe 'windows-hardening::audit' +include_recipe 'windows-hardening::ie' +include_recipe 'windows-hardening::rdp' +include_recipe 'windows-hardening::access' +include_recipe 'windows-hardening::privacy' +include_recipe 'windows-hardening::powershell' diff --git a/recipes/enable_winrm_access.rb b/recipes/enable_winrm_access.rb index 187cdc6..006463e 100644 --- a/recipes/enable_winrm_access.rb +++ b/recipes/enable_winrm_access.rb @@ -1,12 +1,12 @@ -# -# Cookbook Name:: windows-hardening -# Recipe:: enable_winrm_access -# -# Copyright (c) 2016 Joe Gardiner, All Rights Reserved. - -return unless node['platform_family'] == 'windows' - -# Winrm access is required for agentless verification. Add this recipe as required. -powershell_script 'Remote Management' do - code 'Set-NetFirewallRule WINRM-HTTP-In-TCP-PUBLIC -RemoteAddress "any"' -end +# +# Cookbook:: windows-hardening +# Recipe:: enable_winrm_access +# +# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved. + +return unless platform_family?('windows') + +# Winrm access is required for agentless verification. Add this recipe as required. +powershell_script 'Remote Management' do + code 'Set-NetFirewallRule WINRM-HTTP-In-TCP-PUBLIC -RemoteAddress "any"' +end diff --git a/recipes/ie.rb b/recipes/ie.rb index e1af866..f978158 100644 --- a/recipes/ie.rb +++ b/recipes/ie.rb @@ -1,10 +1,10 @@ # -# Cookbook Name:: windows-hardening +# Cookbook:: windows-hardening # Recipe:: ie # -# Copyright (c) 2016 Joe Gardiner, All Rights Reserved. +# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved. -return unless node['platform_family'] == 'windows' +return unless platform_family?('windows') # IE 64-bit tab # windows-baseline: windows-ie-101 @@ -12,7 +12,7 @@ values [{ name: 'Isolation64Bit', type: :dword, - data: 1 + data: 1, }] recursive true action :create @@ -24,7 +24,7 @@ values [{ name: '270C', type: :dword, - data: 0 + data: 0, }] recursive true action :create diff --git a/recipes/password_policy.rb b/recipes/password_policy.rb index 82cac26..65eedef 100644 --- a/recipes/password_policy.rb +++ b/recipes/password_policy.rb @@ -1,10 +1,10 @@ # -# Cookbook Name:: windows-hardening +# Cookbook:: windows-hardening # Recipe:: password_policy # -# Copyright (c) 2018 The Authors, All Rights Reserved. +# Copyright:: (c) 2018 The Authors, All Rights Reserved. -return unless node['platform_family'] == 'windows' +return unless platform_family?('windows') # Set Enforce password history to 24 or more passwords # cis: enforce-password-history 1.1.1 diff --git a/recipes/powershell.rb b/recipes/powershell.rb index 6a049c8..83b1ec4 100644 --- a/recipes/powershell.rb +++ b/recipes/powershell.rb @@ -1,5 +1,5 @@ # -# Cookbook Name:: windows-hardening +# Cookbook:: windows-hardening # Recipe:: powershell # @@ -9,7 +9,7 @@ values [{ name: 'EnableScriptBlockLogging', type: :dword, - data: 0 + data: 0, }] action :create recursive true @@ -21,7 +21,7 @@ values [{ name: 'EnableTranscripting', type: :dword, - data: 0 + data: 0, }] action :create recursive true diff --git a/recipes/privacy.rb b/recipes/privacy.rb index dc2e204..cc251bd 100644 --- a/recipes/privacy.rb +++ b/recipes/privacy.rb @@ -3,7 +3,7 @@ values [{ name: 'value', type: :dword, - data: 0 + data: 0, }] recursive true action :create @@ -22,7 +22,7 @@ values [{ name: 'AllowIndexingEncryptedStoresOrItems', type: :dword, - data: 0 + data: 0, }] action :create recursive true diff --git a/recipes/rdp.rb b/recipes/rdp.rb index 6def518..807cb60 100644 --- a/recipes/rdp.rb +++ b/recipes/rdp.rb @@ -1,10 +1,10 @@ # -# Cookbook Name:: windows-hardening +# Cookbook:: windows-hardening # Recipe:: rdp # -# Copyright (c) 2016 Joe Gardiner, All Rights Reserved. +# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved. -return unless node['platform_family'] == 'windows' +return unless platform_family?('windows') if node['windows_hardening']['rdp']['harden'] == true # Windows Remote Desktop Configured to Always Prompt for Password @@ -13,7 +13,7 @@ values [{ name: 'fPromptForPassword', type: :dword, - data: 1 + data: 1, }] recursive true action :create @@ -25,7 +25,7 @@ values [{ name: 'MinEncryptionLevel', type: :dword, - data: 3 + data: 3, }] recursive true action :create diff --git a/recipes/security_policy.rb b/recipes/security_policy.rb index 1cd8b67..95441cb 100644 --- a/recipes/security_policy.rb +++ b/recipes/security_policy.rb @@ -1,10 +1,10 @@ # -# Cookbook Name:: windows-hardening +# Cookbook:: windows-hardening # Recipe:: account-lockout # -# Copyright (c) 2016 Joe Gardiner, All Rights Reserved. +# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved. -return unless node['platform_family'] == 'windows' +return unless platform_family?('windows') # cis: account-lockout-duration 1.2.1, # cis: reset-account-lockout 1.2.3 diff --git a/recipes/user_rights.rb b/recipes/user_rights.rb index 24c0dff..db96475 100644 --- a/recipes/user_rights.rb +++ b/recipes/user_rights.rb @@ -1 +1 @@ -# Encoding: UTF-8 +# Encoding: UTF-8 diff --git a/resources/password_policy.rb b/resources/password_policy.rb index 56e63d3..01278a7 100644 --- a/resources/password_policy.rb +++ b/resources/password_policy.rb @@ -1,5 +1,6 @@ resource_name :password_policy provides :password_policy +unified_mode true property :policy_name, String, name_property: true property :policy_command, String, required: true diff --git a/spec/unit/recipes/default_spec.rb b/spec/unit/recipes/default_spec.rb index 883deec..2912937 100644 --- a/spec/unit/recipes/default_spec.rb +++ b/spec/unit/recipes/default_spec.rb @@ -1,20 +1,20 @@ -# -# Cookbook Name:: base-win2012-hardening -# Spec:: default -# -# Copyright (c) 2016 The Authors, All Rights Reserved. - -require 'spec_helper' - -describe 'base-win2012-hardening::default' do - context 'When all attributes are default, on an unspecified platform' do - let(:chef_run) do - runner = ChefSpec::ServerRunner.new - runner.converge(described_recipe) - end - - it 'converges successfully' do - expect { chef_run }.to_not raise_error - end - end -end +# +# Cookbook:: base-win2012-hardening +# Spec:: default +# +# Copyright:: (c) 2016 The Authors, All Rights Reserved. + +require 'spec_helper' + +describe 'base-win2012-hardening::default' do + context 'When all attributes are default, on an unspecified platform' do + let(:chef_run) do + runner = ChefSpec::ServerRunner.new + runner.converge(described_recipe) + end + + it 'converges successfully' do + expect { chef_run }.to_not raise_error + end + end +end