feat: add rules to ensure that all referred users and gids exist

Signed-off-by: Claudius Heine <[email protected]>
dev-sec · Nov 4, 2021 · 4c607b0 · 4c607b0
1 parent 137b573
commit 4c607b0
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/controls/os_spec.rb b/controls/os_spec.rb
@@ -370,3 +370,19 @@
     its('users') { should be_empty }
   end
 end
+
+control 'os-20' do
+  impact 1.0
+  title 'All users and gids referred in /etc/group and /etc/passwd should exist'
+  desc 'Errors in system administration can lead to a case where gids or uids referred to do not exist'
+
+  gids = etc_group.gids.map(&:to_s)
+  describe passwd do
+    its('gids') { should be_in gids }
+  end
+
+  users = passwd.users
+  describe etc_group do
+    its('users') { should be_in users }
+  end
+end