Merge pull request #31 from dev-sec/chris-rock/SCRAM-SHA-256

atomic111 · web-flow · commit b9f1bcd926fc · 2019-05-16T08:47:36.000+02:00
scram sha 256
diff --git a/README.md b/README.md
@@ -1,5 +1,4 @@
-DevSec PostgreSQL Baseline
-==========================
+# DevSec PostgreSQL Baseline
 
 This Compliance Profile ensures, that all hardening projects keep the same quality.
 
@@ -23,12 +22,12 @@ $ inspec exec https://github.com/dev-sec/postgres-baseline
 
 ## License and Author
 
-* Author:: Patrick Muench <patrick.muench1111@gmail.com >
-* Author:: Dominik Richter <dominik.richter@googlemail.com>
-* Author:: Christoph Hartmann <chris@lollyrock.com>
-* Author:: Edmund Haselwanter <me@ehaselwanter.com>
+- Author:: Patrick Muench <patrick.muench1111@gmail.com >
+- Author:: Dominik Richter <dominik.richter@googlemail.com>
+- Author:: Christoph Hartmann <chris@lollyrock.com>
+- Author:: Edmund Haselwanter <me@ehaselwanter.com>
 
-* Copyright 2014-2017, The Hardening Framework Team
+- Copyright 2014-2019, The DevSec Hardening Framework Team
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/controls/postgres_spec.rb b/controls/postgres_spec.rb
@@ -1,6 +1,7 @@
 # encoding: utf-8
 
 # Copyright 2016, Patrick Muench
+# Copyright 2016-2019 DevSec Hardening Framework Team
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -155,13 +156,23 @@
 
 control 'postgres-06' do
   impact 1.0
-  title 'Use salted MD5 to store postgresql passwords'
+  title 'Use salted hash to store postgresql passwords'
   desc 'Store postgresql passwords in salted hash format (e.g. salted MD5).'
-  describe postgres_session(USER, PASSWORD).query('SELECT passwd FROM pg_shadow;') do
-    its('output') { should match(/^md5\S*$/) }
-  end
-  describe postgres_conf(POSTGRES_CONF_PATH) do
-    its('password_encryption') { should eq 'on' }
+  case postgres.version
+  when /^9/
+    describe postgres_session(USER, PASSWORD).query('SELECT passwd FROM pg_shadow;') do
+      its('output') { should match(/^md5\S*$/) }
+    end
+    describe postgres_conf(POSTGRES_CONF_PATH) do
+      its('password_encryption') { should eq 'on' }
+    end
+  when /^10/
+    describe postgres_session(USER, PASSWORD).query('SELECT passwd FROM pg_shadow;') do
+      its('output') { should match(/^scram-sha-256\S*$/) }
+    end
+    describe postgres_conf(POSTGRES_CONF_PATH) do
+      its('password_encryption') { should eq 'scram-sha-256' }
+    end
   end
 end
 

-Original file line number
+Diff line change
@@ @@ -1,5 +1,4 @@ @@
 -DevSec PostgreSQL Baseline
 -==========================
 +# DevSec PostgreSQL Baseline
 This Compliance Profile ensures, that all hardening projects keep the same quality.
 ## License and Author
 -* Author:: Patrick Muench <[email protected] >
 -* Author:: Dominik Richter <[email protected]>
 -* Author:: Christoph Hartmann <[email protected]>
 -* Author:: Edmund Haselwanter <[email protected]>
 +- Author:: Patrick Muench <[email protected] >
 +- Author:: Dominik Richter <[email protected]>
 +- Author:: Christoph Hartmann <[email protected]>
 +- Author:: Edmund Haselwanter <[email protected]>
 -* Copyright 2014-2017, The Hardening Framework Team
 +- Copyright 2014-2019, The DevSec Hardening Framework Team
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.