Cookstyle Bot Auto Corrections with Cookstyle 7.31.1

Rakefile

@@ -1,6 +1,4 @@
 #!/usr/bin/env rake
-# encoding: utf-8
-
 require 'foodcritic'
 require 'rspec/core/rake_task'
 require 'rubocop/rake_task'
@@ -10,15 +8,15 @@ require 'chef/cookbook/metadata'
 
 # Rubocop before rspec so we don't lint vendored cookbooks
 desc 'Run all tests except Kitchen (default task)'
-task default: %I[lint spec]
+task default: %I(lint spec)
 
 # Lint the cookbook
 desc 'Run all linters: rubocop and foodcritic'
-task lint: %I[rubocop foodcritic]
+task lint: %I(rubocop foodcritic)
 
 # Run the whole shebang
 desc 'Run all tests'
-task test: %I[lint integration spec]
+task test: %I(lint integration spec)
 
 # RSpec
 desc 'Run chefspec tests'

attributes/default.rb

@@ -1,6 +1,4 @@
-# encoding: utf-8
-
-# Cookbook Name:: windows-hardening
+# Cookbook:: windows-hardening
 # Attributes:: default
 
 # set this value if you want to harden terminal services

metadata.rb

@@ -1,11 +1,10 @@
-name 'windows-hardening'
-maintainer 'Joe Gardiner'
-maintainer_email '[email protected]'
-license 'Apache 2.0'
-description 'Hardening cookbook for Windows 2012 R2'
-long_description 'Remediates critical issues identified by the DevSec Windows baseline'
-version '0.9.1'
-source_url 'https://github.com/dev-sec/chef-windows-hardening'
-issues_url 'https://github.com/dev-sec/chef-windows-hardening/issues'
-supports 'windows'
-depends 'windows-security-policy'
+name 'windows-hardening'
+maintainer 'Joe Gardiner'
+maintainer_email '[email protected]'
+license 'Apache-2.0'
+description 'Hardening cookbook for Windows 2012 R2'
+version '0.9.1'
+source_url 'https://github.com/dev-sec/chef-windows-hardening'
+issues_url 'https://github.com/dev-sec/chef-windows-hardening/issues'
+supports 'windows'
+depends 'windows-security-policy'

recipes/access.rb

@@ -1,18 +1,18 @@
 #
-# Cookbook Name:: windows-hardening
+# Cookbook:: windows-hardening
 # Recipe:: access
 #
-# Copyright (c) 2016 Joe Gardiner, All Rights Reserved.
+# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved.
 
-return unless node['platform_family'] == 'windows'
+return unless platform_family?('windows')
 
 # Anonymous Access to Windows Shares and Named Pipes is Disallowed
 # windows-baseline: windows-base-102
 registry_key 'HKLM\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters' do
   values [{
     name: 'RestrictNullSessAccess',
     type: :dword,
-    data: 1
+    data: 1,
   }]
   action :create_if_missing
 end
@@ -23,7 +23,7 @@
   values [{
     name: 'NullSessionShares',
     type: :multi_string,
-    data: ['']
+    data: [''],
   }]
   action :create_if_missing
 end
@@ -34,7 +34,7 @@
   values [{
     name: 'LmCompatibilityLevel',
     type: :dword,
-    data: 4
+    data: 4,
   }]
   action :create
 end
@@ -45,7 +45,7 @@
   values [{
     name: 'NtlmMinClientSec',
     type: :dword,
-    data: 537_395_200
+    data: 537_395_200,
   }]
   action :create
 end
@@ -56,7 +56,7 @@
   values [{
     name: 'NtlmMinServerSec',
     type: :dword,
-    data: 537_395_200
+    data: 537_395_200,
   }]
   action :create
 end
@@ -66,7 +66,7 @@
     values [{
       name: 'SMB1',
       type: :dword,
-      data: 0
+      data: 0,
     }]
     action :create_if_missing
   end

recipes/audit.rb

@@ -1,18 +1,18 @@
 #
-# Cookbook Name:: windows-hardening
+# Cookbook:: windows-hardening
 # Recipe:: audit-logging
 #
-# Copyright (c) 2016 Joe Gardiner, All Rights Reserved.
+# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved.
 
-return unless node['platform_family'] == 'windows'
+return unless platform_family?('windows')
 
 # Configure System Event Log (Application)
 # windows-baseline: windows-audit-100
 registry_key 'HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Application' do
   values [{
     name: 'MaxSize',
     type: :dword,
-    data: 4_194_240
+    data: 4_194_240,
   }]
   recursive true
   action :create
@@ -24,7 +24,7 @@
   values [{
     name: 'MaxSize',
     type: :dword,
-    data: 4_194_240
+    data: 4_194_240,
   }]
   recursive true
   action :create
@@ -36,7 +36,7 @@
   values [{
     name: 'MaxSize',
     type: :dword,
-    data: 4_194_240
+    data: 4_194_240,
   }]
   recursive true
   action :create
@@ -48,7 +48,7 @@
   values [{
     name: 'MaxSize',
     type: :dword,
-    data: 4_194_240
+    data: 4_194_240,
   }]
   recursive true
   action :create

recipes/default.rb

@@ -1,17 +1,17 @@
-#
-# Cookbook Name:: windows-hardening
-# Recipe:: default
-#
-# Copyright (c) 2016 Joe Gardiner, All Rights Reserved.
-
-return unless node['platform_family'] == 'windows'
-
-include_recipe 'windows-hardening::password_policy'
-include_recipe 'windows-hardening::security_policy'
-include_recipe 'windows-hardening::user_rights'
-include_recipe 'windows-hardening::audit'
-include_recipe 'windows-hardening::ie'
-include_recipe 'windows-hardening::rdp'
-include_recipe 'windows-hardening::access'
-include_recipe 'windows-hardening::privacy'
-include_recipe 'windows-hardening::powershell'
+#
+# Cookbook:: windows-hardening
+# Recipe:: default
+#
+# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved.
+
+return unless platform_family?('windows')
+
+include_recipe 'windows-hardening::password_policy'
+include_recipe 'windows-hardening::security_policy'
+include_recipe 'windows-hardening::user_rights'
+include_recipe 'windows-hardening::audit'
+include_recipe 'windows-hardening::ie'
+include_recipe 'windows-hardening::rdp'
+include_recipe 'windows-hardening::access'
+include_recipe 'windows-hardening::privacy'
+include_recipe 'windows-hardening::powershell'

recipes/enable_winrm_access.rb

@@ -1,12 +1,12 @@
-#
-# Cookbook Name:: windows-hardening
-# Recipe:: enable_winrm_access
-#
-# Copyright (c) 2016 Joe Gardiner, All Rights Reserved.
-
-return unless node['platform_family'] == 'windows'
-
-# Winrm access is required for agentless verification. Add this recipe as required.
-powershell_script 'Remote Management' do
-  code 'Set-NetFirewallRule WINRM-HTTP-In-TCP-PUBLIC -RemoteAddress "any"'
-end
+#
+# Cookbook:: windows-hardening
+# Recipe:: enable_winrm_access
+#
+# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved.
+
+return unless platform_family?('windows')
+
+# Winrm access is required for agentless verification. Add this recipe as required.
+powershell_script 'Remote Management' do
+  code 'Set-NetFirewallRule WINRM-HTTP-In-TCP-PUBLIC -RemoteAddress "any"'
+end

recipes/ie.rb

@@ -1,18 +1,18 @@
 #
-# Cookbook Name:: windows-hardening
+# Cookbook:: windows-hardening
 # Recipe:: ie
 #
-# Copyright (c) 2016 Joe Gardiner, All Rights Reserved.
+# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved.
 
-return unless node['platform_family'] == 'windows'
+return unless platform_family?('windows')
 
 # IE 64-bit tab
 # windows-baseline: windows-ie-101
 registry_key 'HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main' do
   values [{
     name: 'Isolation64Bit',
     type: :dword,
-    data: 1
+    data: 1,
   }]
   recursive true
   action :create
@@ -24,7 +24,7 @@
   values [{
     name: '270C',
     type: :dword,
-    data: 0
+    data: 0,
   }]
   recursive true
   action :create

recipes/password_policy.rb

@@ -1,10 +1,10 @@
 #
-# Cookbook Name:: windows-hardening
+# Cookbook:: windows-hardening
 # Recipe:: password_policy
 #
-# Copyright (c) 2018 The Authors, All Rights Reserved.
+# Copyright:: (c) 2018 The Authors, All Rights Reserved.
 
-return unless node['platform_family'] == 'windows'
+return unless platform_family?('windows')
 
 # Set Enforce password history to 24 or more passwords
 # cis: enforce-password-history 1.1.1

recipes/powershell.rb

@@ -1,5 +1,5 @@
 #
-# Cookbook Name:: windows-hardening
+# Cookbook:: windows-hardening
 # Recipe:: powershell
 #
 
@@ -9,7 +9,7 @@
   values [{
     name: 'EnableScriptBlockLogging',
     type: :dword,
-    data: 0
+    data: 0,
   }]
   action :create
   recursive true
@@ -21,7 +21,7 @@
   values [{
     name: 'EnableTranscripting',
     type: :dword,
-    data: 0
+    data: 0,
   }]
   action :create
   recursive true

recipes/privacy.rb

@@ -3,7 +3,7 @@
   values [{
     name: 'value',
     type: :dword,
-    data: 0
+    data: 0,
   }]
   recursive true
   action :create
@@ -22,7 +22,7 @@
   values [{
     name: 'AllowIndexingEncryptedStoresOrItems',
     type: :dword,
-    data: 0
+    data: 0,
   }]
   action :create
   recursive true

recipes/rdp.rb

@@ -1,10 +1,10 @@
 #
-# Cookbook Name:: windows-hardening
+# Cookbook:: windows-hardening
 # Recipe:: rdp
 #
-# Copyright (c) 2016 Joe Gardiner, All Rights Reserved.
+# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved.
 
-return unless node['platform_family'] == 'windows'
+return unless platform_family?('windows')
 
 if node['windows_hardening']['rdp']['harden'] == true
   # Windows Remote Desktop Configured to Always Prompt for Password
@@ -13,7 +13,7 @@
     values [{
       name: 'fPromptForPassword',
       type: :dword,
-      data: 1
+      data: 1,
     }]
     recursive true
     action :create
@@ -25,7 +25,7 @@
     values [{
       name: 'MinEncryptionLevel',
       type: :dword,
-      data: 3
+      data: 3,
     }]
     recursive true
     action :create

recipes/security_policy.rb

@@ -1,10 +1,10 @@
 #
-# Cookbook Name:: windows-hardening
+# Cookbook:: windows-hardening
 # Recipe:: account-lockout
 #
-# Copyright (c) 2016 Joe Gardiner, All Rights Reserved.
+# Copyright:: (c) 2016 Joe Gardiner, All Rights Reserved.
 
-return unless node['platform_family'] == 'windows'
+return unless platform_family?('windows')
 
 # cis: account-lockout-duration 1.2.1,
 # cis: reset-account-lockout 1.2.3

recipes/user_rights.rb

@@ -1 +1 @@
-# Encoding: UTF-8
+# Encoding: UTF-8

resources/password_policy.rb

@@ -1,5 +1,6 @@
 resource_name :password_policy
 provides :password_policy
+unified_mode true
 
 property :policy_name, String, name_property: true
 property :policy_command, String, required: true