/etc/motd should skip permissions check if file doesn't exist #125
Description
Describe the bug
We've been getting Inspec reports about the /etc/motd permissions from this section here: https://github.com/dev-sec/cis-dil-benchmark/blob/master/controls/1_7_warning_banners.rb#L61-L74
However in most of our VMs, we do not have an /etc/motd file. The inspec message is:
expected: "root"
got: nil
(compared using ==)
I would think the check should just skip if the file doesn't exist. It's certainly not a security issue.
Expected behavior
Exit/skip and move on to the next check
Actual behavior
0 {
code_desc File /etc/motd group is expected to eq "root"
message
expected: "root"
got: nil
(compared using ==)
resource_class file
resource_params ["/etc/motd"]
run_time 0.000364499
start_time 2022-06-16T03:59:19+00:00
status failed
},
1 {
code_desc File /etc/motd owner is expected to eq "root"
message
expected: "root"
got: nil
(compared using ==)
resource_class file
resource_params ["/etc/motd"]
run_time 0.000201999
start_time 2022-06-16T03:59:19+00:00
status failed
},
2 {
code_desc File /etc/motd mode is expected to cmp == "0644"
message
expected: 0644
got:
(compared using `cmp` matcher)
resource_class file
resource_params ["/etc/motd"]
run_time 0.000698698
start_time 2022-06-16T03:59:19+00:00
status failed
}
Example code
/opt/chef/embedded/bin/inspec exec https://github.com/dev-sec/cis-dil-benchmark/archive/master.zip --reporter=json
OS / Environment
- Ubuntu Linux 18.04 in Azure (5.4.0-1083-azure)
$ uname -rvmpis
Linux 5.4.0-1083-azure #87~18.04.1-Ubuntu SMP Fri Jun 3 13:19:07 UTC 2022 x86_64 x86_64 x86_64
Inspec Version
4.46.13
Baseline Version
Whatever is in https://github.com/dev-sec/cis-dil-benchmark/archive/master.zip
Additional context
Add any other context about the problem here.