diff --git a/.rubocop.yml b/.rubocop.yml index 27c17f3..f9fe7db 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -2,9 +2,6 @@ AllCops: Exclude: - vendor/**/* - - "*/puppet/Puppetfile" - - "*/puppet/.tmp/**/*" - TargetRubyVersion: 1.9 Documentation: Enabled: false AlignParameters: diff --git a/CHANGELOG.md b/CHANGELOG.md index 8bbce91..c25b32c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ **Merged pull requests:** +- 2.4.0 [\#124](https://github.com/dev-sec/ssh-baseline/pull/124) ([chris-rock](https://github.com/chris-rock)) - Allow prohibit-password as PermitRootLogin value [\#123](https://github.com/dev-sec/ssh-baseline/pull/123) ([jeremy-clerc](https://github.com/jeremy-clerc)) - UseRoaming is deprecated, only check on older versions [\#122](https://github.com/dev-sec/ssh-baseline/pull/122) ([rndmh3ro](https://github.com/rndmh3ro)) - Fix os detection [\#120](https://github.com/dev-sec/ssh-baseline/pull/120) ([IceBear2k](https://github.com/IceBear2k)) diff --git a/Gemfile b/Gemfile index 7db5f33..3eb1aa7 100644 --- a/Gemfile +++ b/Gemfile @@ -1,11 +1,14 @@ +# frozen_string_literal: true + source 'https://rubygems.org' -gem 'highline', '~> 1.6.0' -gem 'inspec', '~> 1' -gem 'rack', '1.6.4' -gem 'rake' -gem 'rubocop', '~> 0.49.0' +gem 'highline', '~> 2.0.2' +gem 'inspec', '~> 3' +gem 'rack', '~> 2.0.7' +gem 'rake', '~> 12.3.2' +gem 'rubocop', '~> 0.68.1' group :tools do - gem 'github_changelog_generator', '~> 1.12.0' + gem 'github_changelog_generator', '~> 1.14.3' + gem 'pry-coolline', '~> 0.2.5' end diff --git a/Rakefile b/Rakefile old mode 100644 new mode 100755 index cb51c7e..0e3cf3b --- a/Rakefile +++ b/Rakefile @@ -1,4 +1,4 @@ -# encoding: utf-8 +#!/usr/bin/env rake require 'rake/testtask' require 'rubocop/rake_task' @@ -19,23 +19,30 @@ task default: [:lint, 'test:check'] namespace :test do # run inspec check to verify that the profile is properly configured task :check do - dir = File.join(File.dirname(__FILE__)) - sh("bundle exec inspec check #{dir}") + require 'inspec' + puts "Checking profile with InSpec Version: #{Inspec::VERSION}" + profile = Inspec::Profile.for_target('.', backend: Inspec::Backend.create(Inspec::Config.mock)) + pp profile.check end end -# Automatically generate a changelog for this project. Only loaded if -# the necessary gem is installed. By default its picking up the version from -# inspec.yml. You can override that behavior with `rake changelog to=1.2.0` -begin - require 'yaml' - metadata = YAML.load_file('inspec.yml') - v = ENV['to'] || metadata['version'] - puts "Generate changelog for version #{v}" - require 'github_changelog_generator/task' - GitHubChangelogGenerator::RakeTask.new :changelog do |config| - config.future_release = v +task :changelog do + # Automatically generate a changelog for this project. Only loaded if + # the necessary gem is installed. By default its picking up the version from + # inspec.yml. You can override that behavior with `rake changelog to=1.2.0` + begin + require 'yaml' + metadata = YAML.load_file('inspec.yml') + v = ENV['to'] || metadata['version'] + puts " * Generating changelog for version #{v}" + require 'github_changelog_generator/task' + GitHubChangelogGenerator::RakeTask.new :changelog do |config| + config.future_release = v + config.user = 'dev-sec' + config.project = 'ssh-baseline' + end + Rake::Task[:changelog].execute + rescue LoadError + puts '>>>>> GitHub Changelog Generator not loaded, omitting tasks' end -rescue LoadError - puts '>>>>> GitHub Changelog Generator not loaded, omitting tasks' end diff --git a/inspec.yml b/inspec.yml index 88611df..d394174 100644 --- a/inspec.yml +++ b/inspec.yml @@ -5,6 +5,6 @@ copyright: DevSec Hardening Framework Team copyright_email: hello@dev-sec.io license: Apache-2.0 summary: Test-suite for best-practice SSH hardening -version: 2.4.0 +version: 2.4.1 supports: - os-family: unix diff --git a/libraries/ssh_crypto.rb b/libraries/ssh_crypto.rb index 38bfb60..ba148f7 100644 --- a/libraries/ssh_crypto.rb +++ b/libraries/ssh_crypto.rb @@ -271,6 +271,7 @@ def valid_hostkeys # we have to return a string if we have a single-element # https://github.com/chef/inspec/issues/1434 return hostkeys[0] if hostkeys.length == 1 + hostkeys end end