Cookstyle Bot Auto Corrections with Cookstyle 7.31.1

Berksfile

@@ -1,5 +1,3 @@
-# encoding: utf-8
-
 source 'https://supermarket.chef.io'
 
 metadata

Gemfile

@@ -1,5 +1,3 @@
-# encoding: utf-8
-
 source 'https://rubygems.org'
 
 gem 'berkshelf', '~> 7.0'

Rakefile

@@ -1,5 +1,3 @@
-# encoding: utf-8
-
 # rubocop:disable Style/SymbolArray
 
 require 'foodcritic'

attributes/default.rb

@@ -1,10 +1,8 @@
-# encoding: utf-8
-
 #
-# Cookbook Name:: ssh-hardening
+# Cookbook:: ssh-hardening
 # Attributes:: default
 #
-# Copyright 2012, Dominik Richter
+# Copyright:: 2012, Dominik Richter
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,40 +18,38 @@
 #
 
 # Define the client package name
-case node['platform']
-when 'redhat', 'centos', 'fedora', 'amazon', 'oracle', 'scientific'
-  default['ssh-hardening']['sshclient']['package'] = 'openssh-clients'
-when 'debian', 'ubuntu'
-  default['ssh-hardening']['sshclient']['package'] = 'openssh-client'
-when 'arch', 'suse', 'opensuse', 'opensuseleap'
-  default['ssh-hardening']['sshclient']['package'] = 'openssh'
-else
-  default['ssh-hardening']['sshclient']['package'] = 'openssh-client'
-end
+default['ssh-hardening']['sshclient']['package'] = case node['platform']
+                                                   when 'redhat', 'centos', 'fedora', 'amazon', 'oracle', 'scientific'
+                                                     'openssh-clients'
+                                                   when 'debian', 'ubuntu'
+                                                     'openssh-client'
+                                                   when 'arch', 'suse', 'opensuse', 'opensuseleap'
+                                                     'openssh'
+                                                   else
+                                                     'openssh-client'
+                                                   end
 
 # Define the package name for selinux utils
-if node['platform_family'] == 'fedora' || # rubocop:disable Style/ConditionalAssignment
-   node['platform_family'] == 'rhel' && node['platform_version'].to_f >= 8
+if platform_family?('fedora') || # rubocop:disable Style/ConditionalAssignment
+   platform_family?('rhel') && node['platform_version'].to_f >= 8
   default['ssh-hardening']['selinux']['package'] = 'policycoreutils-python-utils'
 else
   default['ssh-hardening']['selinux']['package'] = 'policycoreutils-python'
 end
 
 # Define the server package name
-case node['platform']
-when 'suse', 'opensuse', 'opensuseleap'
-  default['ssh-hardening']['sshserver']['package'] = 'openssh'
-else
-  default['ssh-hardening']['sshserver']['package'] = 'openssh-server'
-end
+default['ssh-hardening']['sshserver']['package'] = if platform?('suse', 'opensuse', 'opensuseleap')
+                                                     'openssh'
+                                                   else
+                                                     'openssh-server'
+                                                   end
 
 # Define the service name for sshd
-case node['platform_family']
-when 'rhel', 'fedora', 'suse', 'freebsd', 'gentoo', 'amazon'
-  default['ssh-hardening']['sshserver']['service_name'] = 'sshd'
-else
-  default['ssh-hardening']['sshserver']['service_name'] = 'ssh'
-end
+default['ssh-hardening']['sshserver']['service_name'] = if platform_family?('rhel', 'fedora', 'suse', 'freebsd', 'gentoo', 'amazon')
+                                                          'sshd'
+                                                        else
+                                                          'ssh'
+                                                        end
 
 # sshd + ssh client
 default['ssh-hardening']['network']['ipv6']['enable']      = false
@@ -68,9 +64,9 @@
   client['cbc_required']  = false
   client['weak_hmac']     = false
   client['weak_kex']      = false
-  client['allow_agent_forwarding']   = false
-  client['remote_hosts']  = []
-  client['password_authentication'] = false   # ssh
+  client['allow_agent_forwarding'] = false
+  client['remote_hosts'] = []
+  client['password_authentication'] = false # ssh
   # http://undeadly.org/cgi?action=article&sid=20160114142733
   client['roaming']       = false
   client['send_env']      = ['LANG', 'LC_*', 'LANGUAGE']
@@ -80,7 +76,7 @@
 end
 
 # sshd
-default['ssh-hardening']['ssh']['server'].tap do |server| # rubocop: disable BlockLength
+default['ssh-hardening']['ssh']['server'].tap do |server| # rubocop: disable Metrics/BlockLength
   server['kex']                      = nil     # nil = calculate best combination for server version
   server['cipher']                   = nil     # nil = calculate best combination for server version
   server['mac']                      = nil     # nil = calculate best combination for server version

libraries/devsec_ssh.rb

@@ -1,13 +1,11 @@
-# encoding: utf-8
-
 #
-# Cookbook Name:: ssh-hardening
+# Cookbook:: ssh-hardening
 # Library:: devsec_ssh
 #
-# Copyright 2012, Dominik Richter
-# Copyright 2014, Christoph Hartmann
-# Copyright 2014, Deutsche Telekom AG
-# Copyright 2016, Artem Sidorenko
+# Copyright:: 2012, Dominik Richter
+# Copyright:: 2014, Christoph Hartmann
+# Copyright:: 2014, Deutsche Telekom AG
+# Copyright:: 2016, Artem Sidorenko
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -42,40 +40,40 @@ class Ssh # rubocop:disable Metrics/ClassLength
     # Fallback ssh version for autodetection
     FALLBACK_SSH_VERSION ||= 5.9
     # Support types of ssh
-    SSH_TYPES ||= %i[client server].freeze
+    SSH_TYPES ||= %i(client server).freeze
     # Crypto configuration for different ssh parameters
     CRYPTO ||= {
       kexs: {
         5.3 => [],
-        5.9 => %w[diffie-hellman-group-exchange-sha256],
-        6.6 => %w[curve25519-sha256@libssh.org diffie-hellman-group-exchange-sha256],
-        :weak => %w[diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1]
+        5.9 => %w(diffie-hellman-group-exchange-sha256),
+        6.6 => %w(curve25519-sha256@libssh.org diffie-hellman-group-exchange-sha256),
+        :weak => %w(diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1),
       },
       macs: {
-        5.3 => %w[hmac-ripemd160 hmac-sha1],
-        5.9 => %w[hmac-sha2-512 hmac-sha2-256 hmac-ripemd160],
-        6.6 => %w[hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com
-                  umac-128-etm@openssh.com hmac-sha2-512 hmac-sha2-256],
-        :weak => %w[hmac-sha1]
+        5.3 => %w(hmac-ripemd160 hmac-sha1),
+        5.9 => %w(hmac-sha2-512 hmac-sha2-256 hmac-ripemd160),
+        6.6 => %w(hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com
+                  umac-128-etm@openssh.com hmac-sha2-512 hmac-sha2-256),
+        :weak => %w(hmac-sha1),
       },
       ciphers: {
-        5.3 => %w[aes256-ctr aes192-ctr aes128-ctr],
-        6.6 => %w[chacha20-poly1305@openssh.com aes256-gcm@openssh.com aes128-gcm@openssh.com
-                  aes256-ctr aes192-ctr aes128-ctr],
-        :weak => %w[aes256-cbc aes192-cbc aes128-cbc]
-      }
+        5.3 => %w(aes256-ctr aes192-ctr aes128-ctr),
+        6.6 => %w(chacha20-poly1305@openssh.com aes256-gcm@openssh.com aes128-gcm@openssh.com
+                  aes256-ctr aes192-ctr aes128-ctr),
+        :weak => %w(aes256-cbc aes192-cbc aes128-cbc),
+      },
     }.freeze
     # Privilege separation values
     PRIVILEGE_SEPARATION ||= {
       5.3 => 'yes',
-      5.9 => 'sandbox'
+      5.9 => 'sandbox',
     }.freeze
     # Hostkey algorithms
     # In the current implementation they are server specific so we need own data hash for it
     HOSTKEY_ALGORITHMS ||= {
-      5.3 => %w[rsa],
-      6.0 => %w[rsa ecdsa],
-      6.6 => %w[rsa ecdsa ed25519]
+      5.3 => %w(rsa),
+      6.0 => %w(rsa ecdsa),
+      6.6 => %w(rsa ecdsa ed25519),
     }.freeze
 
     class << self
@@ -163,7 +161,7 @@ def get_crypto_data(crypto_type, ssh_type, enable_weak)
         # on the particilar ssh version. Return nil in such cases
         if crypto.empty?
           Chef::Log.debug("No value present for ssh version #{found_ssh_version}. Returning nil.")
-          return nil
+          return
         end
 
         if enable_weak
@@ -194,7 +192,7 @@ def find_ssh_version(version, versions)
       def get_ssh_version(package)
         version = node['packages'][package]['version']
         # on debian we get the epoch in front of version number: 1:7.2p2-4ubuntu2.1
-        version = version.split(':')[1] if node['platform_family'] == 'debian'
+        version = version.split(':')[1] if platform_family?('debian')
         Chef::Log.debug("Detected openssh version #{version} for package #{package}")
         version.to_f
       rescue NoMethodError

metadata.rb

@@ -1,7 +1,5 @@
-# encoding: utf-8
-
 #
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,10 +19,9 @@
 maintainer_email 'dominik.richter@googlemail.com'
 license          'Apache-2.0'
 description      'This cookbook installs and provides secure ssh and sshd configurations.'
-long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 version          '2.9.0'
 
-chef_version '>= 12.5' if respond_to?(:chef_version)
+chef_version '>= 12.5'
 
 supports 'ubuntu', '>= 12.04'
 supports 'debian', '>= 6.0'
@@ -37,9 +34,5 @@
 supports 'opensuseleap', '>= 42.1'
 supports 'amazon'
 
-recipe 'ssh-hardening::default', 'installs and configures ssh client and server'
-recipe 'ssh-hardening::client', 'install and apply security hardening for ssh client'
-recipe 'ssh-hardening::server', 'install and apply security hardening for ssh server'
-
 source_url 'https://github.com/dev-sec/chef-ssh-hardening'
 issues_url 'https://github.com/dev-sec/chef-ssh-hardening/issues'

recipes/client.rb

@@ -1,11 +1,9 @@
-# encoding: utf-8
-
 #
-# Cookbook Name:: ssh-hardening
+# Cookbook:: ssh-hardening
 # Recipe:: client.rb
 #
-# Copyright 2012, Dominik Richter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2012, Dominik Richter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -49,7 +47,7 @@
         mac:     node['ssh-hardening']['ssh']['client']['mac']    || DevSec::Ssh.get_client_macs(node['ssh-hardening']['ssh']['client']['weak_hmac']),
         kex:     node['ssh-hardening']['ssh']['client']['kex']    || DevSec::Ssh.get_client_kexs(node['ssh-hardening']['ssh']['client']['weak_kex']),
         cipher:  node['ssh-hardening']['ssh']['client']['cipher'] || DevSec::Ssh.get_client_ciphers(node['ssh-hardening']['ssh']['client']['cbc_required']),
-        version: DevSec::Ssh.get_ssh_client_version
+        version: DevSec::Ssh.get_ssh_client_version,
       }
     end
   )

recipes/default.rb

@@ -1,11 +1,9 @@
-# encoding: utf-8
-
 #
-# Cookbook Name:: ssh-hardening
+# Cookbook:: ssh-hardening
 # Recipe:: default.rb
 #
-# Copyright 2012, Dominik Richter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2012, Dominik Richter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

recipes/server.rb

@@ -1,11 +1,9 @@
-# encoding: utf-8
-
 #
-# Cookbook Name:: ssh-hardening
+# Cookbook:: ssh-hardening
 # Recipe:: server.rb
 #
-# Copyright 2012, Dominik Richter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2012, Dominik Richter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -51,7 +49,7 @@
 end
 
 # Handle addional SELinux policy on RHEL/Fedora for different UsePAM options
-if %w[fedora rhel].include?(node['platform_family'])
+if platform_family?('fedora', 'rhel')
   policy_file = ::File.join(cache_dir, 'ssh_password.te')
   module_file = ::File.join(cache_dir, 'ssh_password.mod')
   package_file = ::File.join(cache_dir, 'ssh_password.pp')
@@ -104,7 +102,7 @@
 # remove all small primes
 # https://stribika.github.io/2015/01/04/secure-secure-shell.html
 dh_min_prime_size = node['ssh-hardening']['ssh']['server']['dh_min_prime_size'].to_i - 1 # 4096 is 4095 in the moduli file
-ruby_block 'remove small primes from DH moduli' do # ~FC014
+ruby_block 'remove small primes from DH moduli' do
   block do
     tmp_file = "#{dh_moduli_file}.tmp"
     ::File.open(tmp_file, 'w') do |new_file|
@@ -134,8 +132,7 @@
 service 'sshd' do
   # use upstart for ubuntu, otherwise chef uses init
   # @see http://docs.opscode.com/resource_service.html#providers
-  case node['platform']
-  when 'ubuntu'
+  if platform?('ubuntu')
     if node['platform_version'].to_f >= 15.04
       provider Chef::Provider::Service::Systemd
     elsif node['platform_version'].to_f >= 12.04
@@ -144,19 +141,19 @@
   end
   service_name node['ssh-hardening']['sshserver']['service_name']
   supports value_for_platform(
-    'centos' => { 'default' => %i[restart reload status] },
-    'redhat' => { 'default' => %i[restart reload status] },
-    'fedora' => { 'default' => %i[restart reload status] },
-    'scientific' => { 'default' => %i[restart reload status] },
+    'centos' => { 'default' => %i(restart reload status) },
+    'redhat' => { 'default' => %i(restart reload status) },
+    'fedora' => { 'default' => %i(restart reload status) },
+    'scientific' => { 'default' => %i(restart reload status) },
     'arch' => { 'default' => [:restart] },
-    'debian' => { 'default' => %i[restart reload status] },
+    'debian' => { 'default' => %i(restart reload status) },
     'ubuntu' => {
-      '8.04' => %i[restart reload],
-      'default' => %i[restart reload status]
+      '8.04' => %i(restart reload),
+      'default' => %i(restart reload status),
     },
-    'default' => { 'default' => %i[restart reload] }
+    'default' => { 'default' => %i(restart reload) }
   )
-  action %i[enable start]
+  action %i(enable start)
 end
 
 directory 'openssh-server ssh directory /etc/ssh' do
@@ -181,7 +178,7 @@
         cipher:       node['ssh-hardening']['ssh']['server']['cipher'] || DevSec::Ssh.get_server_ciphers(node['ssh-hardening']['ssh']['server']['cbc_required']),
         use_priv_sep: node['ssh-hardening']['ssh']['use_privilege_separation'] || DevSec::Ssh.get_server_privilege_separarion,
         hostkeys:     node['ssh-hardening']['ssh']['server']['host_key_files'] || DevSec::Ssh.get_server_algorithms.map { |alg| "/etc/ssh/ssh_host_#{alg}_key" },
-        version:      DevSec::Ssh.get_ssh_server_version
+        version:      DevSec::Ssh.get_ssh_server_version,
       }
     end
   )

recipes/unlock.rb

@@ -1,10 +1,8 @@
-# encoding: utf-8
-
 #
-# Cookbook Name:: ssh-hardening
+# Cookbook:: ssh-hardening
 # Recipe:: unlock
 #
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.