Fixed bulk of rubocop issues

.rubocop.yml

@@ -0,0 +1 @@
+inherit_from: .rubocop_todo.yml

.rubocop_todo.yml

@@ -0,0 +1,73 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2018-11-23 11:05:12 -0500 using RuboCop version 0.60.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 15
+Lint/AmbiguousRegexpLiteral:
+  Exclude:
+    - 'controls/V-38444.rb'
+    - 'controls/V-38513.rb'
+    - 'controls/V-38520.rb'
+    - 'controls/V-38521.rb'
+    - 'controls/V-38574.rb'
+    - 'controls/V-38617.rb'
+    - 'controls/V-38624.rb'
+    - 'controls/V-38685.rb'
+    - 'controls/V-38686.rb'
+    - 'controls/V-38690.rb'
+    - 'controls/V-38693.rb'
+
+# Offense count: 10
+Lint/ParenthesesAsGroupedExpression:
+  Exclude:
+    - 'controls/V-38520.rb'
+    - 'controls/V-38521.rb'
+    - 'controls/V-38611.rb'
+    - 'controls/V-38612.rb'
+    - 'controls/V-38614.rb'
+    - 'controls/V-38657.rb'
+
+# Offense count: 3
+Lint/UselessAssignment:
+  Exclude:
+    - 'controls/V-38518.rb'
+    - 'controls/V-38519.rb'
+    - 'controls/V-38623.rb'
+
+# Offense count: 264
+# Configuration parameters: CountComments, ExcludedMethods.
+# ExcludedMethods: refine
+Metrics/BlockLength:
+  Max: 101
+
+# Offense count: 264
+# Configuration parameters: ExpectMatchingDefinition, Regex, IgnoreExecutableScripts, AllowedAcronyms.
+# AllowedAcronyms: CLI, DSL, ACL, API, ASCII, CPU, CSS, DNS, EOF, GUID, HTML, HTTP, HTTPS, ID, IP, JSON, LHS, QPS, RAM, RHS, RPC, SLA, SMTP, SQL, SSH, TCP, TLS, TTL, UDP, UI, UID, UUID, URI, URL, UTF8, VM, XML, XMPP, XSRF, XSS
+Naming/FileName:
+  Enabled: false
+
+# Offense count: 4
+Style/MultilineBlockChain:
+  Exclude:
+    - 'controls/V-38518.rb'
+    - 'controls/V-38519.rb'
+    - 'controls/V-38623.rb'
+    - 'controls/V-51391.rb'
+
+# Offense count: 93
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, AllowInnerSlashes.
+# SupportedStyles: slashes, percent_r, mixed
+Style/RegexpLiteral:
+  EnforcedStyle: mixed
+  Enabled: true
+
+# Offense count: 262
+# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
+# URISchemes: http, https
+Metrics/LineLength:
+  Max: 240

LICENSE.md

@@ -1,11 +1,16 @@
 
-Licensed under the Apache 2.0 license.  
+Licensed under the Apache 2.0 license.
 
-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
 
-* Redistributions of source code must retain the above copyright/ digital rights legend, this list of conditions and the following Notice.
+* Redistributions of source code must retain the above copyright/ digital rights
+ legend, this list of conditions and the following Notice.
 
-* Redistributions in binary form must reproduce the above copyright copyright/ digital rights legend, this list of conditions and the following Notice in the documentation and/or other materials provided with the distribution.
+* Redistributions in binary form must reproduce the above copyright copyright/
+ digital rights legend, this list of conditions and the following Notice in the
+ documentation and/or other materials provided with the distribution.
 
-* Neither the name of The MITRE Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
-
+* Neither the name of The MITRE Corporation nor the names of its contributors may
+ be used to endorse or promote products derived from this software without
+ specific prior written permission.

README.md

@@ -1,34 +1,42 @@
-# disa_stig_rhel6_baseline  
+# disa_stig_rhel6_baseline
 
 An InSpec profile of the DISA RHEL6 STIG baseline
 
 ## Versioning and State of Development
-This project uses the [Semantic Versioning Policy](https://semver.org/). 
+
+This project uses the [Semantic Versioning Policy](https://semver.org/).
 
 ### Branches
-The master branch contains the latest version of the software leading up to a new release. 
 
-Other branches contain feature-specific updates. 
+The master branch contains the latest version of the software leading up to a new release.
+
+Other branches contain feature-specific updates.
 
 ### Tags
+
 Tags indicate official releases of the project.
 
-Please note 0.x releases are works in progress (WIP) and may change at any time.   
+Please note 0.x releases are works in progress (WIP) and may change at any time.
 
-## NOTICE   
+### NOTICE
 
-© 2018 The MITRE Corporation.  
+© 2018 The MITRE Corporation.
 
-Approved for Public Release; Distribution Unlimited. Case Number 18-3678.  
+Approved for Public Release; Distribution Unlimited. Case Number 18-3678.
 
-## NOTICE  
+### NOTICE
 
-This software was produced for the U. S. Government under Contract Number HHSM-500-2012-00008I, and is subject to Federal Acquisition Regulation Clause 52.227-14, Rights in Data-General.  
+This software was produced for the U. S. Government under Contract Number
+HHSM-500-2012-00008I, and is subject to Federal Acquisition Regulation Clause
+52.227-14, Rights in Data-General.
 
-No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation. 
+No other use other than that granted to the U. S. Government, or to those acting
+on behalf of the U. S. Government under that Clause is authorized without the
+express written permission of The MITRE Corporation.
 
-For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA  22102-7539, (703) 983-6000.  
+For further information, please contact The MITRE Corporation, Contracts
+Management Office, 7515 Colshire Drive, McLean, VA  22102-7539, (703) 983-6000.
 
-## NOTICE
+### NOTICE
 
 DISA STIGs are published by DISA IASE, see: https://iase.disa.mil/Pages/privacy_policy.aspx

controls/V-38437.rb

@@ -1,4 +1,4 @@
-control "V-38437" do
+control 'V-38437' do
   title "Automated file system mounting tools must not be enabled unless
 needed."
   desc  "All filesystems that are required for the successful operation of the
@@ -14,13 +14,13 @@
 statically by editing \"/etc/fstab\" rather than relying on the automounter.
   "
   impact 0.3
-  tag "gtitle": "SRG-OS-999999"
-  tag "gid": "V-38437"
-  tag "rid": "SV-50237r1_rule"
-  tag "stig_id": "RHEL-06-000526"
-  tag "fix_id": "F-43381r1_fix"
-  tag "cci": ["CCI-000366"]
-  tag "nist": ["CM-6 b", "Rev_4"]
+  tag "gtitle": 'SRG-OS-999999'
+  tag "gid": 'V-38437'
+  tag "rid": 'SV-50237r1_rule'
+  tag "stig_id": 'RHEL-06-000526'
+  tag "fix_id": 'F-43381r1_fix'
+  tag "cci": ['CCI-000366']
+  tag "nist": ['CM-6 b', 'Rev_4']
   tag "false_negatives": nil
   tag "false_positives": nil
   tag "documentable": false
@@ -54,26 +54,25 @@
 
 # service autofs stop"
 
-  describe service("autofs").runlevels(/0/) do
+  describe service('autofs').runlevels(/0/) do
     it { should_not be_enabled }
   end
-  describe service("autofs").runlevels(/1/) do
+  describe service('autofs').runlevels(/1/) do
     it { should_not be_enabled }
   end
-  describe service("autofs").runlevels(/2/) do
+  describe service('autofs').runlevels(/2/) do
     it { should_not be_enabled }
   end
-  describe service("autofs").runlevels(/3/) do
+  describe service('autofs').runlevels(/3/) do
     it { should_not be_enabled }
   end
-  describe service("autofs").runlevels(/4/) do
+  describe service('autofs').runlevels(/4/) do
     it { should_not be_enabled }
   end
-  describe service("autofs").runlevels(/5/) do
+  describe service('autofs').runlevels(/5/) do
     it { should_not be_enabled }
   end
-  describe service("autofs").runlevels(/6/) do
+  describe service('autofs').runlevels(/6/) do
     it { should_not be_enabled }
   end
 end
-

controls/V-38438.rb

@@ -1,17 +1,17 @@
-control "V-38438" do
-  title "Auditing must be enabled at boot by setting a kernel parameter."
+control 'V-38438' do
+  title 'Auditing must be enabled at boot by setting a kernel parameter.'
   desc  "Each process on the system carries an \"auditable\" flag which
 indicates whether its activities can be audited. Although \"auditd\" takes care
 of enabling this for all processes which launch after it does, adding the
 kernel argument ensures it is set for every process during boot."
   impact 0.3
-  tag "gtitle": "SRG-OS-000062"
-  tag "gid": "V-38438"
-  tag "rid": "SV-50238r4_rule"
-  tag "stig_id": "RHEL-06-000525"
-  tag "fix_id": "F-43382r4_fix"
-  tag "cci": ["CCI-000169"]
-  tag "nist": ["AU-12 a", "Rev_4"]
+  tag "gtitle": 'SRG-OS-000062'
+  tag "gid": 'V-38438'
+  tag "rid": 'SV-50238r4_rule'
+  tag "stig_id": 'RHEL-06-000525'
+  tag "fix_id": 'F-43382r4_fix'
+  tag "cci": ['CCI-000169']
+  tag "nist": ['AU-12 a', 'Rev_4']
   tag "false_negatives": nil
   tag "false_positives": nil
   tag "documentable": false
@@ -42,12 +42,11 @@
 UEFI systems may prepend \"/boot\" to the \"/vmlinuz-version\" argument."
 
   describe.one do
-    describe file("/boot/grub/grub.conf") do
-      its("content") { should match(/^\s*kernel\s(?:\/boot)?\/vmlinuz.*audit=1.*$/) }
+    describe file('/boot/grub/grub.conf') do
+      its('content') { should match(/^\s*kernel\s(?:\/boot)?\/vmlinuz.*audit=1.*$/) }
     end
-    describe file("/boot/efi/EFI/redhat/grub.conf") do
-      its("content") { should match(/^\s*kernel\s(?:\/boot)?\/vmlinuz.*audit=1.*$/) }
+    describe file('/boot/efi/EFI/redhat/grub.conf') do
+      its('content') { should match(/^\s*kernel\s(?:\/boot)?\/vmlinuz.*audit=1.*$/) }
     end
   end
 end
-

controls/V-38439.rb

@@ -1,4 +1,4 @@
-control "V-38439" do
+control 'V-38439' do
   title "The system must provide automated support for account management
 functions."
   desc  "A comprehensive account management process that includes automation
@@ -7,13 +7,13 @@
 challenging and complex. A user management process requiring administrators to
 manually address account management functions adds risk of potential oversight."
   impact 0.5
-  tag "gtitle": "SRG-OS-000001"
-  tag "gid": "V-38439"
-  tag "rid": "SV-50239r1_rule"
-  tag "stig_id": "RHEL-06-000524"
-  tag "fix_id": "F-43384r1_fix"
-  tag "cci": ["CCI-000015"]
-  tag "nist": ["AC-2 (1)", "Rev_4"]
+  tag "gtitle": 'SRG-OS-000001'
+  tag "gid": 'V-38439'
+  tag "rid": 'SV-50239r1_rule'
+  tag "stig_id": 'RHEL-06-000524'
+  tag "fix_id": 'F-43384r1_fix'
+  tag "cci": ['CCI-000015']
+  tag "nist": ['AC-2 (1)', 'Rev_4']
   tag "false_negatives": nil
   tag "false_positives": nil
   tag "documentable": false
@@ -34,8 +34,7 @@
 this system should integrate with an existing enterprise user management
 system, such as, one based Active Directory or Kerberos."
 
-  describe "Manual test" do
-    skip "This control must be reviewed manually"
+  describe 'Manual test' do
+    skip 'This control must be reviewed manually'
   end
 end
-

controls/V-38443.rb

@@ -1,15 +1,15 @@
-control "V-38443" do
-  title "The /etc/gshadow file must be owned by root."
+control 'V-38443' do
+  title 'The /etc/gshadow file must be owned by root.'
   desc  "The \"/etc/gshadow\" file contains group password hashes. Protection
 of this file is critical for system security."
   impact 0.5
-  tag "gtitle": "SRG-OS-999999"
-  tag "gid": "V-38443"
-  tag "rid": "SV-50243r1_rule"
-  tag "stig_id": "RHEL-06-000036"
-  tag "fix_id": "F-43388r1_fix"
-  tag "cci": ["CCI-000366"]
-  tag "nist": ["CM-6 b", "Rev_4"]
+  tag "gtitle": 'SRG-OS-999999'
+  tag "gid": 'V-38443'
+  tag "rid": 'SV-50243r1_rule'
+  tag "stig_id": 'RHEL-06-000036'
+  tag "fix_id": 'F-43388r1_fix'
+  tag "cci": ['CCI-000366']
+  tag "nist": ['CM-6 b', 'Rev_4']
   tag "false_negatives": nil
   tag "false_positives": nil
   tag "documentable": false
@@ -31,11 +31,10 @@
 
 # chown root /etc/gshadow"
 
-  describe file("/etc/gshadow") do
+  describe file('/etc/gshadow') do
     it { should exist }
   end
-  describe file("/etc/gshadow") do
-    its("uid") { should cmp 0 }
+  describe file('/etc/gshadow') do
+    its('uid') { should cmp 0 }
   end
 end
-

controls/V-38444.rb

@@ -1,18 +1,18 @@
-control "V-38444" do
+control 'V-38444' do
   title "The systems local IPv6 firewall must implement a deny-all,
 allow-by-exception policy for inbound packets."
   desc  "In \"ip6tables\" the default policy is applied only after all the
 applicable rules in the table are examined for a match. Setting the default
 policy to \"DROP\" implements proper design for a firewall, i.e., any packets
 which are not explicitly permitted should not be accepted."
   impact 0.5
-  tag "gtitle": "SRG-OS-000231"
-  tag "gid": "V-38444"
-  tag "rid": "SV-50244r2_rule"
-  tag "stig_id": "RHEL-06-000523"
-  tag "fix_id": "F-43389r3_fix"
-  tag "cci": ["CCI-000066"]
-  tag "nist": ["AC-17 e", "Rev_4"]
+  tag "gtitle": 'SRG-OS-000231'
+  tag "gid": 'V-38444'
+  tag "rid": 'SV-50244r2_rule'
+  tag "stig_id": 'RHEL-06-000523'
+  tag "fix_id": 'F-43389r3_fix'
+  tag "cci": ['CCI-000066']
+  tag "nist": ['AC-17 e', 'Rev_4']
   tag "false_negatives": nil
   tag "false_positives": nil
   tag "documentable": false
@@ -42,8 +42,7 @@
 
 # service ip6tables restart"
 
-  describe command("ip6tables -nvL | grep -i input") do
-    its('stdout.strip') { should match %r{Chain INPUT \(policy DROP} }
+  describe command('ip6tables -nvL | grep -i input') do
+    its('stdout.strip') { should match /Chain INPUT \(policy DROP/ }
   end
 end
-