Class: Inspec::Resources::LinuxImmutableFlagCheck

Inherits:

ImmutableFlagCheck

• Object
• ImmutableFlagCheck
• Inspec::Resources::LinuxImmutableFlagCheck

Defined in:

lib/inspec/resources/file.rb

Instance Attribute Summary

Attributes inherited from ImmutableFlagCheck

#file_path, #inspec

Instance Method Summary

• #is_immutable? ⇒ Boolean

Methods inherited from ImmutableFlagCheck

#find_utility_or_error, #initialize

Constructor Details

This class inherits a constructor from Inspec::Resources::ImmutableFlagCheck

Instance Method Details

#is_immutable? ⇒ Boolean

Returns:

• (Boolean)

Raises:

• (Inspec::Exceptions::ResourceFailed)

# File 'lib/inspec/resources/file.rb', line 434

def is_immutable?
  # Check if lsattr is available. In general, all linux system has lsattr & chattr
  # This logic check is valid for immutable flag set with chattr
  utility = find_utility_or_error("lsattr")
  utility_cmd = inspec.command("#{utility} #{file_path}")

  raise Inspec::Exceptions::ResourceFailed, "Executing #{utility} #{file_path} failed: #{utility_cmd.stderr}" if utility_cmd.exit_status.to_i != 0

  # General output for lsattr file_name is:
  # ----i---------e----- file_name
  # The fifth char resembles the immutable flag. Total 20 flags are allowed.
  lsattr_info = utility_cmd.stdout.strip.squeeze(" ")
  lsattr_info =~ /^.{4}i.{15} .*/
end