diff options
| author | Davin Taddeo <davin@chef.io> | 2020-06-11 11:33:34 -0400 |
|---|---|---|
| committer | Davin Taddeo <davin@chef.io> | 2020-06-11 11:33:34 -0400 |
| commit | 99aab8c6554183ddbefe6f324997942d8e00519a (patch) | |
| tree | 1c45d59f3810d263fe06dbb222d51f6a0de271b0 | |
| parent | 8383cdc0fee7252db99e4c4971b15f3bb7365290 (diff) | |
| download | chef-99aab8c6554183ddbefe6f324997942d8e00519a.tar.gz | |
chefstyle and spellcheck fixes.
Signed-off-by: Davin Taddeo <davin@chef.io>
| -rw-r--r-- | cspell.json | 10 | ||||
| -rw-r--r-- | lib/chef/resource/windows_audit_policy.rb | 41 | ||||
| -rw-r--r-- | spec/unit/resource/windows_audit_policy_spec.rb | 2 |
3 files changed, 32 insertions, 21 deletions
diff --git a/cspell.json b/cspell.json index 7c54d63296..8a8600eecc 100644 --- a/cspell.json +++ b/cspell.json @@ -72,6 +72,7 @@ "attribs", "attrname", "auditd", + "auditpol", "AUTHN", "AUTHROOT", "AUTHZ", @@ -436,6 +437,7 @@ "downcased", "downcases", "downto", + "DPAPI", "Dpkg", "dracut", "dragonflybsd", @@ -1121,6 +1123,7 @@ "mountpoint", "mounttab", "mpkg", + "MPSSVC", "MSDNQTR", "Msftedit", "msgarbossa", @@ -1151,6 +1154,7 @@ "munge", "Murawski", "Mutators", + "mutexes", "MUXWAITERS", "Mware", "myapp", @@ -1317,6 +1321,8 @@ "opscode", "OPTARG", "OPTIND", + "optname", + "optsetting", "optstr", "oracledb", "orgname", @@ -1819,6 +1825,8 @@ "struct", "stubabble", "stubbable", + "subcat", + "subcategory", "subclassable", "subclassing", "subcollections", @@ -1843,11 +1851,13 @@ "SUBSTED", "subsytem", "subtrees", + "successval", "sudoer", "sudoers", "suid", "SUPPRESSMSGBOXES", "Sutay", + "sval", "svcadm", "svccfg", "svcs", diff --git a/lib/chef/resource/windows_audit_policy.rb b/lib/chef/resource/windows_audit_policy.rb index 2ca178e40f..3203c777ef 100644 --- a/lib/chef/resource/windows_audit_policy.rb +++ b/lib/chef/resource/windows_audit_policy.rb @@ -80,12 +80,12 @@ class Chef "Credential Validation", "Kerberos Service Ticket Operations", "Other Account Logon Events", - "Kerberos Authentication Service" + "Kerberos Authentication Service", ] resource_name :windows_audit_policy - + description "The windows_audit_policy resource allows for configuring system and per-user Windows advanced audit policy settings." - + examples <<~DOC **Set Logon and Logoff policy to "Success and Failure"**: @@ -123,31 +123,31 @@ class Chef coerce: proc { |p| Array(p) }, description: "The audit policy subcategory, specified by GUID or name. Defaults to system if no user is specified.", callbacks: { "Subcategories entered should be an actual advanced audit policy subcategory" => proc { |n| (Array(n) - subcat_opts).empty? } } - + property :success, [true, false], description: "Specify success auditing. By setting this property to true the resource will enable success for the category or sub category. Success is the default and is applied if neither success nor failure are specified." - + property :failure, [true, false], description: "Specify failure auditing. By setting this property to true the resource will enable failure for the category or sub category. Success is the default and is applied if neither success nor failure are specified." - + property :include_user, String, description: "The audit policy specified by the category or subcategory is applied per-user if specified. When a user is specified, include user. Include and exclude cannot be used at the same time." - + property :exclude_user, String, description: "The audit policy specified by the category or subcategory is applied per-user if specified. When a user is specified, exclude user. Include and exclude cannot be used at the same time." - + property :crash_on_audit_fail, [true, false], description: "Setting this audit policy option to true will cause the system to crash if the auditing system is unable to log events." - + property :full_privilege_auditing, [true, false], description: "Setting this audit policy option to true will force the audit of all privilege changes except SeAuditPrivilege. Setting this property may cause the logs to fill up more quickly." - + property :audit_base_objects, [true, false], description: "Setting this audit policy option to true will force the system to assign a System Access Control List to named objects to enable auditing of base objects such as mutexes." - + property :audit_base_directories, [true, false], description: "Setting this audit policy option to true will force the system to assign a System Access Control List to named objects to enable auditing of container objects such as directories." - + def subcategory_configured?(subcat, successval, failval) setting = if successval && failval "Success and Failure$" @@ -163,7 +163,7 @@ class Chef if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false } CODE end - + def option_configured?(optname, optsetting) setting = optsetting ? "Enabled$" : "Disabled$" powershell_exec(<<-CODE).result @@ -171,24 +171,25 @@ class Chef if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false } CODE end - + action :set do unless new_resource.sub_category.empty? new_resource.sub_category.each do |subcategory| next if subcategory_configured?(subcategory, new_resource.success, new_resource.failure) + sval = new_resource.success ? "enable" : "disable" fval = new_resource.failure ? "enable" : "disable" cmd = "auditpol /set " cmd << "/user:\"#{new_resource.include_user}\" /include " if new_resource.include_user cmd << "/user:\"#{new_resource.exclude_user}\" /exclude " if new_resource.exclude_user cmd << "/subcategory:\"#{subcategory}\" /success:#{sval} /failure:#{fval}" - + powershell_script "Update Audit Policy for Subcategory: #{subcategory}" do code cmd end end end - + if !new_resource.crash_on_audit_fail.nil? && option_configured?("CrashOnAuditFail", new_resource.crash_on_audit_fail) val = new_resource.crash_on_audit_fail ? "Enable" : "Disable" cmd = "auditpol /set /option:CrashOnAuditFail /value:#{val}" @@ -196,7 +197,7 @@ class Chef code cmd end end - + if !new_resource.full_privilege_auditing.nil? && option_configured?("FullPrivilegeAuditing", new_resource.full_privilege_auditing) val = new_resource.full_privilege_auditing ? "Enable" : "Disable" cmd = "auditpol /set /option:FullPrivilegeAuditing /value:#{val}" @@ -204,7 +205,7 @@ class Chef code cmd end end - + if !new_resource.audit_base_directories.nil? && option_configured?("AuditBaseDirectories", new_resource.audit_base_directories) val = new_resource.audit_base_directories ? "Enable" : "Disable" cmd = "auditpol /set /option:AuditBaseDirectories /value:#{val}" @@ -212,7 +213,7 @@ class Chef code cmd end end - + if !new_resource.audit_base_objects.nil? && option_configured?("AuditBaseObjects", new_resource.audit_base_objects) val = new_resource.audit_base_objects ? "Enable" : "Disable" cmd = "auditpol /set /option:AuditBaseObjects /value:#{val}" @@ -220,7 +221,7 @@ class Chef code cmd end end - end + end end end end diff --git a/spec/unit/resource/windows_audit_policy_spec.rb b/spec/unit/resource/windows_audit_policy_spec.rb index 31a8ba0c1c..03ec740882 100644 --- a/spec/unit/resource/windows_audit_policy_spec.rb +++ b/spec/unit/resource/windows_audit_policy_spec.rb @@ -76,7 +76,7 @@ describe Chef::Resource::WindowsAuditPolicy do "Credential Validation", "Kerberos Service Ticket Operations", "Other Account Logon Events", - "Kerberos Authentication Service" + "Kerberos Authentication Service", ] let(:resource) { Chef::Resource::WindowsAuditPolicy.new("fakey_fakerton") } |