mitre / redhat-jboss-enterprise-application-platform-6.3-stig-baseline Goto Github PK

The logic in this control does not actually check based on the check text. Change to a manual review instead.

skip statement should read as such:

describe "Perform manual review to determine if auditing is configured properly." do
      skip "Perform manual review to determine if auditing is configured properly."
end

service.properties does not exist in normal installations of jboss. Need to query the correct standalone.xml file instead

For the following controls, when determining that the test is not applicable, do not change the desc field. only set the skip message:

V-62325
V-62229
V-62219
V-62279
V-62233
V-62285
V-62277

The test seems to be a manual review, changing logic to that of a manual review.

Research the InSpec code to ensure it accurately measures the setting, and fix.
for V-62273, V-62303, V-62321, V-62323
See @ejaronne for sample output

Two Enhancement Proposed:

1. Add a new attribute for Jboss process name.(Ex: jboss_process_name)

2. Enhance the ps command like so
   ps -ef|grep -w #{ attribute('jboss_process_name')| grep -v inspec | grep -v grep | awk '{print $1}'|uniq

Attributes are being handled the old way that inspec used to handle attributes. They should be moved to the inspec.yml and initialized again within the control. This will improve the runtime when executing the profile.

• 62073
• 62215
• 62219
• 62221
• 62223
• 62225
• 62227
• 62229
• 62231
• 62233
• 62235
• 62237
• 62239
• 62241
• 62245
• 62247
• 62249
• 62251
• 62253
• 62255
• 62257
• 62269
• 62271
• 62273
• 62275
• 62277
• 62279
• 62281
• 62285
• 62287
• 62289
• 62291
• 62293
• 62303
• 62305
• 62307
• 62309
• 62311
• 62313
• 62315
• 62319
• 62321
• 62323
• 62329
• 62331
• 62333
• 62335
• 62337
• 62339
• 62341
• 62345

Some controls need better reporting using expect and its. At it's current state some controls spit out too much information and it's hard to read what's going on.

• 62341
• 62235
• 62225
• 62287
• 62231
• 62221
• 62321
• 62315
• 62245
• 62305
• 62331
• 62073
• 62311
• 62335
• 62241
• 62289
• 62239
• 62329
• 62339
• 62217
• 62343
• 62227
• 62313
• 62337
• 62303
• 62323
• 62317
• 62247
• 62307

Java version/installation can be different from each installation so rather than a hard coded path, moving the path to an input

the following issues were found with the inspec check:
inspecCheck.txt

Add hardened output data to the repo

rubocop found the following issues:
rubocop.txt

This control does 3 different tests. According to the check text only the first 2 tests are required for the control, not sure what the third test is doing

The following controls have comments still in them:

• 62219
• 62281