Class: Inspec::Resources::UnixImmutableFlagCheck

Inherits:
ImmutableFlagCheck show all
Defined in:
lib/inspec/resources/file.rb

Instance Attribute Summary

Attributes inherited from ImmutableFlagCheck

#file_path, #inspec

Instance Method Summary collapse

Methods inherited from ImmutableFlagCheck

#find_utility_or_error, #initialize

Constructor Details

This class inherits a constructor from Inspec::Resources::ImmutableFlagCheck

Instance Method Details

#is_immutable?Boolean

Returns:

  • (Boolean)

Raises:



451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
 
# File 'lib/inspec/resources/file.rb', line 451

def is_immutable?
  # Check if chflags is available on the system. Most unix-like system comes with chflags.
  # This logic check is valid for immutable flag set with chflags
  find_utility_or_error("chflags")

  # In general ls -lO is used to check immutable flag set by chflags
  utility_cmd = inspec.command("ls -lO #{file_path}")

  # But on some bsd system (eg: freebsd) ls -lo is used instead of ls -lO
  utility_cmd = inspec.command("ls -lo #{file_path}") if utility_cmd.exit_status.to_i != 0

  raise Inspec::Exceptions::ResourceFailed, "Executing ls -lo #{file_path} and ls -lO #{file_path} failed: #{utility_cmd.stderr}" if utility_cmd.exit_status.to_i != 0

  # General output for ls -lO file_name is:
  # -rw-r--r--  1 current_user  1083951318  uchg 0 Apr  6 12:45 file_name
  # The schg flag and the uchg flag represents the immutable flags
  # uchg => user immutable flag, schg => system immutable flag.
  file_info = utility_cmd.stdout.strip.split
  file_info.include?("uchg") || file_info.include?("schg")
end