File tree Expand file tree Collapse file tree 2 files changed +23
-13
lines changed Expand file tree Collapse file tree 2 files changed +23
-13
lines changed Original file line number Diff line number Diff line change 1- DevSec PostgreSQL Baseline
2- ==========================
1+ # DevSec PostgreSQL Baseline
32
43This Compliance Profile ensures, that all hardening projects keep the same quality.
54
@@ -23,12 +22,12 @@ $ inspec exec https://github.com/dev-sec/postgres-baseline
2322
2423## License and Author
2524
26- * Author:: Patrick Muench <patrick.muench1111@gmail.com >
27- * Author:: Dominik Richter <dominik.richter@googlemail.com >
28- * Author:: Christoph Hartmann < chris@lollyrock.com >
29- * Author:: Edmund Haselwanter < me@ehaselwanter.com >
25+ - Author:: Patrick Muench <patrick.muench1111@gmail.com >
26+ - Author:: Dominik Richter <dominik.richter@googlemail.com >
27+ - Author:: Christoph Hartmann < chris@lollyrock.com >
28+ - Author:: Edmund Haselwanter < me@ehaselwanter.com >
3029
31- * Copyright 2014-2017 , The Hardening Framework Team
30+ - Copyright 2014-2019 , The DevSec Hardening Framework Team
3231
3332Licensed under the Apache License, Version 2.0 (the "License");
3433you may not use this file except in compliance with the License.
Original file line number Diff line number Diff line change 11# encoding: utf-8
22
33# Copyright 2016, Patrick Muench
4+ # Copyright 2016-2019 DevSec Hardening Framework Team
45#
56# Licensed under the Apache License, Version 2.0 (the "License");
67# you may not use this file except in compliance with the License.
155156
156157control 'postgres-06' do
157158 impact 1.0
158- title 'Use salted MD5 to store postgresql passwords'
159+ title 'Use salted hash to store postgresql passwords'
159160 desc 'Store postgresql passwords in salted hash format (e.g. salted MD5).'
160- describe postgres_session ( USER , PASSWORD ) . query ( 'SELECT passwd FROM pg_shadow;' ) do
161- its ( 'output' ) { should match ( /^md5\S *$/ ) }
162- end
163- describe postgres_conf ( POSTGRES_CONF_PATH ) do
164- its ( 'password_encryption' ) { should eq 'on' }
161+ case postgres . version
162+ when /^9/
163+ describe postgres_session ( USER , PASSWORD ) . query ( 'SELECT passwd FROM pg_shadow;' ) do
164+ its ( 'output' ) { should match ( /^md5\S *$/ ) }
165+ end
166+ describe postgres_conf ( POSTGRES_CONF_PATH ) do
167+ its ( 'password_encryption' ) { should eq 'on' }
168+ end
169+ when /^10/
170+ describe postgres_session ( USER , PASSWORD ) . query ( 'SELECT passwd FROM pg_shadow;' ) do
171+ its ( 'output' ) { should match ( /^scram-sha-256\S *$/ ) }
172+ end
173+ describe postgres_conf ( POSTGRES_CONF_PATH ) do
174+ its ( 'password_encryption' ) { should eq 'scram-sha-256' }
175+ end
165176 end
166177end
167178
You can’t perform that action at this time.
0 commit comments