diff --git a/spec/ansible/roles/mongo-stig/tasks/cat2.yml b/spec/ansible/roles/mongo-stig/tasks/cat2.yml index 6b2c4a8..1c4ba7c 100644 --- a/spec/ansible/roles/mongo-stig/tasks/cat2.yml +++ b/spec/ansible/roles/mongo-stig/tasks/cat2.yml @@ -765,13 +765,6 @@ - enterprise - manual -# - name: "MEDIUM | SV-252174 | MongoDB must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status." -# command: true -# ignore_errors: true -# tags: -# - cat2 -# - medium -# - SV-252174 - name: "MEDIUM | SV-252174 | MongoDB must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status." vars: reg_mongo_users_174: [] diff --git a/spec/mongo-inspec-profile/controls/SV-252140.rb b/spec/mongo-inspec-profile/controls/SV-252140.rb index 42577f1..df3e70a 100644 --- a/spec/mongo-inspec-profile/controls/SV-252140.rb +++ b/spec/mongo-inspec-profile/controls/SV-252140.rb @@ -67,7 +67,7 @@ get_system_users = "EJSON.stringify(db.system.users.find().toArray())" - run_get_system_users = "mongosh \"mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')}/#{input'mongo_auth_source'}?authSource=#{input'mongo_auth_source'}&tls=true&tlsCAFile=#{input('ca_file')}&tlsCertificateKeyFile=#{input('certificate_key_file')}\" --quiet --eval \"#{get_system_users}\"" + run_get_system_users = "mongosh \"mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')}/admin?authSource=#{input'mongo_auth_source'}&tls=true&tlsCAFile=#{input('ca_file')}&tlsCertificateKeyFile=#{input('certificate_key_file')}\" --quiet --eval \"#{get_system_users}\"" system_users = json({command: run_get_system_users}).params diff --git a/spec/mongo-inspec-profile/controls/SV-252174.rb b/spec/mongo-inspec-profile/controls/SV-252174.rb index 5d60185..a53b84f 100644 --- a/spec/mongo-inspec-profile/controls/SV-252174.rb +++ b/spec/mongo-inspec-profile/controls/SV-252174.rb @@ -89,7 +89,7 @@ describe "Role '#{role}' of user #{user['_id']} does not have privileges for 'createCollection' and 'changeStream', and" do subject { all_actions } - it { should_not be_in ["createCollection", "changeStream"] } + it { should_not be_in input('inappropriate_mongo_privileges') } end end end