Cookstyle Bot Auto Corrections with Cookstyle 7.31.1

attributes/default.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name:: os-hardening
+# Cookbook:: os-hardening
 # Attributes:: default
 #
-# Copyright 2012, Dominik Richter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2012, Dominik Richter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@
 
 default['os-hardening'].tap do |os_hardening|
   # components of this cookbook
-  %w[packages limits login_defs minimize_access pam profile securetty].each do |cp|
+  %w(packages limits login_defs minimize_access pam profile securetty).each do |cp|
     os_hardening['components'][cp] = true
   end
 
@@ -76,7 +76,7 @@
     auth['timeout'] = 60
     auth['allow_homeless'] = false
     auth['login_defs']['template_cookbook'] = 'os-hardening'
-    auth['root_ttys'] = %w[console tty1 tty2 tty3 tty4 tty5 tty6]
+    auth['root_ttys'] = %w(console tty1 tty2 tty3 tty4 tty5 tty6)
     auth['uid_min'] = 1000
     auth['uid_max'] = 60000
     auth['gid_min'] = 1000
@@ -86,8 +86,7 @@
 
     # PAM settings
     auth['pam'].tap do |pam|
-      case node['platform_family']
-      when 'rhel', 'fedora', 'amazon'
+      if platform_family?('rhel', 'fedora', 'amazon')
         if node['platform_version'].to_f < 7
           pam['passwdqc']['enable'] = true
           pam['pwquality']['enable'] = false
@@ -109,8 +108,7 @@
   end
 
   # RH has a bit different defaults on some places
-  case node['platform_family']
-  when 'rhel', 'amazon'
+  if platform_family?('rhel', 'amazon')
     os_hardening['env']['umask'] = '077'
     os_hardening['auth']['sys_uid_min'] = 201
     os_hardening['auth']['sys_gid_min'] = 201
@@ -124,7 +122,7 @@
     # may contain: change_user
     security['users']['allow'] = []
     security['kernel']['enable_module_loading'] = true
-    security['kernel']['disable_filesystems'] = %w[cramfs freevxfs jffs2 hfs hfsplus squashfs udf vfat]
+    security['kernel']['disable_filesystems'] = %w(cramfs freevxfs jffs2 hfs hfsplus squashfs udf vfat)
     security['kernel']['enable_sysrq'] = false
     security['kernel']['enable_core_dump'] = false
     security['suid_sgid']['enforce'] = true
@@ -145,13 +143,13 @@
     # remove packages with known issues
     security['packages']['clean'] = true
     # list of packages with known issues
-    security['packages']['list'] = [
-      'xinetd',
-      'inetd',
-      'ypserv',
-      'telnet-server',
-      'rsh-server'
-    ]
+    security['packages']['list'] = %w(
+      xinetd
+      inetd
+      ypserv
+      telnet-server
+      rsh-server
+    )
 
     # SELinux enforcing (enforcing, permissive, unmanaged)
     security['selinux_mode'] = 'unmanaged'

attributes/sysctl.rb

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name:: os-hardening
+# Cookbook:: os-hardening
 # Attributes:: sysctl
 #
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -92,10 +92,9 @@
 default['sysctl']['params']['net']['ipv6']['conf']['default']['accept_ra'] = 0
 
 # ExecShield protection against buffer overflows
-case node['platform_family']
-when 'rhel', 'fedora'
+if platform_family?('rhel', 'fedora')
   # on Oracle Linux with UEK it is not available; this helps address UEK on Oracle Linux 6
-  is_oracle_uek = (node['platform'] == 'oracle' && node['kernel']['release'] =~ /^4\..*uek/)
+  is_oracle_uek = (platform?('oracle') && node['kernel']['release'] =~ /^4\..*uek/)
 
   # on RHEL 7 its enabled per default and can't be disabled
   if node['platform_version'].to_f < 7 && !is_oracle_uek

libraries/apt_package_extras.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name:: os-hardening
+# Cookbook:: os-hardening
 # Library:: apt_package_extras
 #
-# Copyright 2008, Chef Software, Inc.
-# Copyright 2015, Hardening Framework Team
+# Copyright:: 2008, Chef Software, Inc.
+# Copyright:: 2015, Hardening Framework Team
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

libraries/cookbook_version.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name:: os-hardening
+# Cookbook:: os-hardening
 # Library:: cookbook_version
 #
-# Copyright 2014, Dominik Richter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Dominik Richter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

libraries/gpgcheck.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name:: os-hardening
+# Cookbook:: os-hardening
 # Library:: gpgcheck
 #
-# Copyright 2012, Dominik Richter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2012, Dominik Richter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

libraries/helpers_param.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name:: os-hardening
+# Cookbook:: os-hardening
 # Library:: gpgcheck
 #
-# Copyright 2012, Dominik Richter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2012, Dominik Richter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

libraries/suid_sgid.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name:: os-hardening
+# Cookbook:: os-hardening
 # Library:: suid_sgid
 #
-# Copyright 2012, Dominik Richter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2012, Dominik Richter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -46,9 +46,9 @@ def self.find_all_suid_sgid_files(start_at = '/')
       end
 
       def self.remove_suid_sgid_from_blacklist(blacklist)
-        blacklist.
-          select { |file| File.exist?(file) }.
-          each do |file|
+        blacklist
+          .select { |file| File.exist?(file) }
+          .each do |file|
             Chef::Log.info "suid_sgid: Blacklist SUID/SGID for '#{file}', removing bit..."
             remove_suid_sgid_from(file)
           end

metadata.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,7 +21,6 @@
 maintainer_email '[email protected]'
 license 'Apache-2.0'
 description 'Installs and configures operating system hardening'
-long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 version '4.0.0'
 source_url 'https://github.com/dev-sec/chef-os-hardening'
 issues_url 'https://github.com/dev-sec/chef-os-hardening/issues'
@@ -37,13 +36,3 @@
 supports 'fedora', '>= 28.0'
 supports 'suse'
 supports 'opensuseleap', '>= 42.1'
-
-recipe 'os-hardening::default', 'harden the operating system (all recipes)'
-recipe 'os-hardening::limits', 'prevent core dumps'
-recipe 'os-hardening::login_defs', 'harden /etc/login.defs'
-recipe 'os-hardening::minimize_access', 'enforce minimal file permissions'
-recipe 'os-hardening::pam', 'configure sane values for PAM'
-recipe 'os-hardening::profile', 'harden settings in /etc/profile.d'
-recipe 'os-hardening::securetty', 'limit the allowed TTYs for root login'
-recipe 'os-hardening::suid_sgid', 'reduce SUID and SGID bits in the filesystem'
-recipe 'os-hardening::sysctl', 'set sane sysctl values'

recipes/apt.rb

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name: os-hardening
+# Cookbook:: Name: os-hardening
 # Recipe: apt.rb
 #
-# Copyright 2015, Hardening Framework Team
+# Copyright:: 2015, Hardening Framework Team
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

recipes/auditd.rb

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name: os-hardening
+# Cookbook:: Name: os-hardening
 # Recipe: auditd.rb
 #
-# Copyright 2017, Artem Sidorenko
+# Copyright:: 2017, Artem Sidorenko
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -22,10 +22,10 @@
 package node['os-hardening']['packages']['auditd']
 
 service 'auditd' do
-  supports %i[start stop restart reload status]
-  if (node['platform_family'] == 'rhel' && node['platform_version'].to_f >= 7) ||
-     (node['platform_family'] == 'fedora' && node['platform_version'].to_f >= 27) ||
-     (node['platform_family'] == 'amazon' && node['platform_version'].to_f >= 2)
+  supports %i(start stop restart reload status)
+  if (platform_family?('rhel') && node['platform_version'].to_f >= 7) ||
+     (platform_family?('fedora') && node['platform_version'].to_f >= 27) ||
+     (platform_family?('amazon') && node['platform_version'].to_f >= 2)
     restart_command 'service auditd restart'
   end
   action [:enable]

recipes/default.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name: os-hardening
+# Cookbook:: Name: os-hardening
 # Recipe: default
 #
-# Copyright 2012, Dominik Richter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2012, Dominik Richter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@
 
   # selinux should be included only on RH based systems
   node.default['os-hardening']['components']['selinux'] =
-    node['platform_family'] == 'rhel' || node['platform_family'] == 'fedora'
+    platform_family?('rhel', 'fedora')
 end
 
 # include all required components

recipes/limits.rb

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name: os-hardening
+# Cookbook:: Name: os-hardening
 # Recipe: limits.rb
 #
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

recipes/login_defs.rb

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name: os-hardening
+# Cookbook:: Name: os-hardening
 # Recipe: login_defs.rb
 #
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

recipes/minimize_access.rb

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name: os-hardening
+# Cookbook:: Name: os-hardening
 # Recipe: minimize_access
 #
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,7 +21,7 @@
 
 # remove write permissions from path folders ($PATH) for all regular users
 # this prevents changing any system-wide command from normal users
-paths = %w[/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin] + node['os-hardening']['env']['extra_user_paths']
+paths = %w(/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin) + node['os-hardening']['env']['extra_user_paths']
 paths.each do |folder|
   execute "remove write permission from #{folder}" do
     command "chmod go-w -R #{folder}"
@@ -59,7 +59,7 @@
 directory '/var/log' do
   owner 'root'
   # ubuntu with containers does not have rsyslog installed and syslog group does not exist
-  if node['platform'] == 'ubuntu' && node['packages']['rsyslog']
+  if platform?('ubuntu') && node['packages']['rsyslog']
     group 'syslog'
   else
     group 'root'
@@ -72,7 +72,7 @@
   only_if { ::File.exist?('/etc/crontab') }
 end
 
-cron_directories = %w[/etc/cron.hourly /etc/cron.daily /etc/cron.weekly /etc/cron.monthly /etc/cron.d]
+cron_directories = %w(/etc/cron.hourly /etc/cron.daily /etc/cron.weekly /etc/cron.monthly /etc/cron.d)
 cron_directories.each do |cron_path|
   next unless ::Dir.exist?(cron_path)
 

recipes/packages.rb

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
 #
-# Cookbook Name: os-hardening
+# Cookbook:: Name: os-hardening
 # Recipe: packages.rb
 #
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,13 +20,7 @@
 #
 
 # do package config for ubuntu
-case node['platform_family']
-when 'debian'
-  include_recipe('os-hardening::apt')
-end
+include_recipe 'os-hardening::apt' if platform_family?('debian')
 
 # do package config for rhel-family
-case node['platform_family']
-when 'rhel', 'fedora', 'amazon'
-  include_recipe('os-hardening::yum')
-end
+include_recipe 'os-hardening::yum' if platform_family?('rhel', 'fedora', 'amazon')