Update ssh_config resource to support returning the current sshd_config file in use.

[aaronlippold]

Signed-off-by: Aaron Lippold lippold@gmail.com
@DMedina6 is implementing and @aaronlippold is reviewing

Description

Updates to the testing requirements for various benchmarks require the ability to dynamically ask the sshd process which configuration file on the system is being used to configure the system.

This PR adds that ability to the ssh_config resource with a new resource sshd_active_config to active this and then inherit the rest of its interface from the existing sshd_config resource.

This is a blocker for profile updates to the latest revision of security profiles for the DoD STIGs.

PR Tasks

• New resource sshd_active_config
• Lazy loading file
• Documentation
• Unit Tests
• bundle exec rake lint
• bundle exec rake m ...tests...
• Signed Off DCO

Related Issue

N/A

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New content (non-breaking change)
• Breaking change (a content change which would break existing functionality or processes)

Checklist:

• I have read the CONTRIBUTING document.

[netlify]

✅ Deploy Preview for chef-inspec ready!

Name	Link
🔨 Latest commit	18d80a2
🔍 Latest deploy log	https://app.netlify.com/sites/chef-inspec/deploys/669ff9bb024dd500083849a2
😎 Deploy Preview	https://deploy-preview-7070--chef-inspec.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[chef-expeditor]

Hello aaronlippold! Thanks for the pull request!

Here is what will happen next:

1. Your PR will be reviewed by the maintainers.
2. Possible Outcomes
   a. If everything looks good, one of them will approve it, and your PR will be merged.
   b. The maintainer may request follow-on work (e.g. code fix, linting, etc). We would encourage you to address this work in 2-3 business days to keep the conversation going and to get your contribution in sooner.
   c. Cases exist where a PR is neither aligned to Chef InSpec's product roadmap, or something the team can own or maintain long-term. In these cases, the maintainer will provide justification and close out the PR.

Thank you for contributing!

[aaronlippold]

odd thing we are seeing is that git is not allowing us to add the docs ... seeing if I can resolve it. gitignore seems to be correct.

[aaronlippold]

Thank you @IanMadd for the assist. @DMedina6 will update the two doc files and then look to see if we need to add a unit test or not for this enhancement.

[aaronlippold]

I don't think /etc/ssh/sshd_active_config is what should be here correct?

The sshd active config finds the path of the sshd_config file by interrogating the active sshd process for the config file it is loaded with. Then we can say, all other functions and properties of the ssh and sshd resource are the same with the addition of the active_path variable available to the sshd_active_config resource which will be the path of the config file the sshd service reported as loaded.

[DMedina6]

My mistake. This has been corrected.

[clintoncwolfe]

This looks very good from where I sit. There is a linting concern - I opened a PR against your branch to resolve, mitre#1 .

I've also asked Product for clearance to include this in the next release of InSpec 6.

[clintoncwolfe]

This has been approved by Product and is expected to be in v6.8.0 - you may update the docs.

[DMedina6]

Fixed.

[clintoncwolfe]

Thanks!