inspec-core 2.1.67

data/docs/resources/ntp_conf.md.erb

@@ -0,0 +1,60 @@
+---
+title: About the ntp_conf Resource
+platform: linux
+---
+
+# ntp_conf
+
+Use the `ntp_conf` InSpec audit resource to test the synchronization settings defined in the `ntp.conf` file. This file is typically located at `/etc/ntp.conf`.
+
+<br>
+
+## Syntax
+
+An `ntp_conf` resource block declares the synchronization settings that should be tested:
+
+    describe ntp_conf('path') do
+      its('setting_name') { should eq 'value' }
+    end
+
+where
+
+* `'setting_name'` is a synchronization setting defined in the `ntp.conf` file
+* `('path')` is the non-default path to the `ntp.conf` file
+* `{ should eq 'value' }` is the value that is expected
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test for clock drift against named servers
+
+    describe ntp_conf do
+      its('driftfile') { should eq '/var/lib/ntp/ntp.drift' }
+      its('server') { should eq [
+        0.ubuntu.pool.ntp.org,
+        1.ubuntu.pool.ntp.org,
+        2.ubuntu.pool.ntp.org
+      ] }
+    end
+
+<br>
+
+## Matchers
+
+This resource matches any service that is listed in the `ntp.conf` file. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+    its('server') { should_not eq nil }
+
+or:
+
+    its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
+
+For example:
+
+    describe ntp_conf do
+      its('server') { should_not eq nil }
+      its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
+    end

data/docs/resources/oneget.md.erb

@@ -0,0 +1,53 @@
+---
+title: About the oneget Resource
+platform: windows
+---
+
+# oneget
+
+Use the `oneget` InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses Oneget, which is `part of the Windows Management Framework 5.0 and Windows 10 <https://github.com/OneGet/oneget>`__. This resource uses the `Get-Package` cmdlet to return all of the package names in the Oneget repository.
+
+<br>
+
+## Syntax
+
+A `oneget` resource block declares a package and (optionally) a package version:
+
+    describe oneget('name') do
+      it { should be_installed }
+    end
+
+where
+
+* `('name')` must specify the name of a package, such as `'VLC'`
+* `be_installed` is a valid matcher for this resource
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if VLC is installed
+
+    describe oneget('VLC') do
+      it { should be_installed }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### be_installed
+
+The `be_installed` matcher tests if the named package is installed on the system:
+
+    it { should be_installed }
+
+### version
+
+The `version` matcher tests if the named package version is on the system:
+
+    its('version') { should eq '1.2.3' }

data/docs/resources/oracledb_session.md.erb

@@ -0,0 +1,52 @@
+---
+title: About the oracledb_session Resource
+platform: os
+---
+
+# oracledb_session
+
+Use the `oracledb_session` InSpec audit resource to test SQL commands run against a Oracle database.
+
+<br>
+
+## Syntax
+
+A `oracledb_session` resource block declares the username and password to use for the session with an optional service to connect to, and then the command to be run:
+
+    describe oracledb_session(user: 'username', password: 'password', service: 'ORCL.localdomain').query('QUERY').row(0).column('result') do
+      its('value') { should eq('') }
+    end
+
+where
+
+* `oracledb_session` declares a username and password with permission to run the query (required), and an optional parameters for host (default: `localhost`), SID (default: `nil`, which uses the default SID, and path to the sqlplus binary (default: `sqlplus`).
+* `query('QUERY')` contains the query to be run
+* `its('value') { should eq('') }` compares the results of the query against the expected result in the test
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test for matching databases
+
+    sql = oracledb_session(user: 'my_user', pass: 'password')
+
+    describe sql.query('SELECT NAME AS VALUE FROM v$database;').row(0).column('value') do
+      its('value') { should cmp 'ORCL' }
+    end
+
+### Test for matching databases with custom host, SID and sqlplus binary location
+
+    sql = oracledb_session(user: 'my_user', pass: 'password', host: 'oraclehost', sid: 'mysid', sqlplus_bin: '/u01/app/oracle/product/12.1.0/dbhome_1/bin/sqlplus')
+
+    describe sql.query('SELECT NAME FROM v$database;').row(0).column('name') do
+      its('value') { should cmp 'ORCL' }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/os.md.erb

@@ -0,0 +1,141 @@
+---
+title: About the os Resource
+platform: os
+---
+
+# os
+
+Use the `os` InSpec audit resource to test the platform on which the system is running.
+
+<br>
+
+## Syntax
+
+An `os` resource block declares the platform to be tested. The platform may specified via matcher or control block name. For example, using a matcher:
+
+    describe os.family do
+      it { should eq 'platform_family_name' }
+    end
+
+* `'platform_family_name'` (a string) is one of `aix`, `bsd`, `darwin`, `debian`, `hpux`, `linux`, `redhat`, `solaris`, `suse`,  `unix`, or `windows`
+
+The parameters available to `os` are:
+
+* `:name` - the operating system name, such as `centos`
+* `:family` - the operating system family, such as `redhat`
+* `:release` - the version of the operating system, such as `7.3.1611`
+* `:arch` - the architecture of the operating system, such as `x86_64`
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test for RedHat
+
+    describe os.family do
+      it { should eq 'redhat' }
+    end
+
+### Test for Ubuntu
+
+    describe os.family do
+      it { should eq 'debian' }
+    end
+
+### Test for Microsoft Windows
+
+    describe os.family do
+      it { should eq 'windows' }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### os.family? Helpers
+
+The `os` audit resource includes a collection of helpers that enable more granular testing of platforms, platform names, architectures, and releases. Use any of the following platform-specific helpers to test for specific platforms:
+
+* `aix?`
+* `bsd?` (including Darwin, FreeBSD, NetBSD, and OpenBSD)
+* `darwin?`
+* `debian?`
+* `hpux?`
+* `linux?` (including Alpine Linux, Amazon Linux, ArchLinux, CoreOS, Exherbo, Fedora, Gentoo, and Slackware)
+* `redhat?` (including CentOS)
+* `solaris?` (including Nexenta Core, OmniOS, Open Indiana, Solaris Open, and SmartOS)
+* `suse?`
+* `unix?`
+* `windows?`
+
+For example, to test for Darwin use:
+
+    describe os.bsd? do
+       it { should eq true }
+    end
+
+To test for Windows use:
+
+    describe os.windows? do
+       it { should eq true }
+    end
+
+and to test for Redhat use:
+
+    describe os.redhat? do
+       it { should eq true }
+    end
+
+Use the following helpers to test for operating system names, releases, and architectures:
+
+    describe os.name do
+       it { should eq 'foo' }
+    end
+
+    describe os.release do
+       it { should eq 'foo' }
+    end
+
+    describe os.arch do
+       it { should eq 'foo' }
+    end
+
+### os.family names
+
+Use `os.family` to enable more granular testing of platforms, platform names, architectures, and releases. Use any of the following platform-specific names to test for specific platforms:
+
+* `aix`
+* `bsd` For platforms that are part of the Berkeley OS family `darwin`, `freebsd`, `netbsd`, and `openbsd`.
+* `debian`
+* `hpux`
+* `linux`. For platforms that are part of the Linux family `alpine`, `amazon`, `arch`, `coreos`, `exherbo`, `fedora`, `gentoo`, and `slackware`.
+* `redhat`. For platforms that are part of the Redhat family `centos`.
+* `solaris`. For platforms that are part of the Solaris family `nexentacore`, `omnios`, `openindiana`, `opensolaris`, and `smartos`.
+* `suse`
+* `unix`
+* `windows`
+
+For example, both of the following tests should have the same result:
+
+    if os.family == 'debian'
+      describe port(69) do
+        its('processes') { should include 'in.tftpd' }
+      end
+    elsif os.family == 'redhat'
+      describe port(69) do
+        its('processes') { should include 'xinetd' }
+      end
+    end
+
+    if os.debian?
+      describe port(69) do
+        its('processes') { should include 'in.tftpd' }
+      end
+    elsif os.redhat?
+      describe port(69) do
+        its('processes') { should include 'xinetd' }
+      end
+    end

data/docs/resources/os_env.md.erb

@@ -0,0 +1,91 @@
+---
+title: About the os_env Resource
+platform: os
+---
+
+# os_env
+
+Use the `os_env` InSpec audit resource to test the environment variables for the platform on which the system is running.
+
+<br>
+
+## Syntax
+
+A `os_env` resource block declares an environment variable, and then declares its value:
+
+    describe os_env('VARIABLE') do
+      its('property') { should eq 1 }
+    end
+
+where
+
+* `('VARIABLE')` must specify an environment variable, such as `PATH`
+* `matcher` is a valid matcher for this resource
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test the PATH environment variable
+
+    describe os_env('PATH') do
+      its('split') { should_not include('') }
+      its('split') { should_not include('.') }
+    end
+
+### Test the Path environment variable by specifying the target Environment (Windows)
+
+On windows a User's environment variable may obscure the local machine (system) environment variable.  The correct environment variable may be tested as follows:
+
+    describe os_env('PATH', 'target') do
+      its('split') { should_not include('') }
+      its('split') { should_not include('.') }
+    end
+
+where
+
+* `'target'` may be either `system` or `user` 
+
+### Test Habitat environment variables
+
+Habitat uses the `os_env` resource to test environment variables. The environment variables are first defined in a whitespace array, after which each environment variable is tested:
+
+    hab_env_vars = %w(HAB_AUTH_TOKEN
+                      HAB_CACHE_KEY_PATH
+                      HAB_DEPOT_URL
+                      HAB_ORG
+                      HAB_ORIGIN
+                      HAB_ORIGIN_KEYS
+                      HAB_RING
+                      HAB_RING_KEY
+                      HAB_STUDIOS_HOME
+                      HAB_STUDIO_ROOT
+                      HAB_USER)
+
+    hab_env_vars.each do |e|
+      describe os_env(e) do
+        its('content') { should eq nil }
+      end
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### content
+
+The `content` matcher return the value of the environment variable:
+
+    its('content') { should eq '/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin' }
+
+### split
+
+The `split` matcher splits the value of the environment variable with the `:` deliminator (use the `;` deliminator if Windows):
+
+    its('split') { should include ('/usr/bin') }
+
+Note: the `split` matcher returns an array including `""` for cases where there is a trailing colon (`:`), such as `dir1::dir2:`

data/docs/resources/package.md.erb

@@ -0,0 +1,120 @@
+---
+title: About the package Resource
+platform: os
+---
+
+# package
+
+Use the `package` InSpec audit resource to test if the named package and/or package version is installed on the system.
+
+<br>
+
+## Syntax
+
+A `package` resource block declares a package and (optionally) a package version:
+
+    describe package('name') do
+      it { should be_installed }
+    end
+
+where
+
+* `('name')` must specify the name of a package, such as `'nginx'`
+* `be_installed` is a valid matcher for this resource
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if NGINX version 1.9.5 is installed
+
+    describe package('nginx') do
+      it { should be_installed }
+      its('version') { should eq '1.9.5' }
+    end
+
+### Test that a package is not installed
+
+    describe package('some_package') do
+      it { should_not be_installed }
+    end
+
+### Test if telnet is installed
+
+    describe package('telnetd') do
+      it { should_not be_installed }
+    end
+
+    describe inetd_conf do
+      its('telnet') { should eq nil }
+    end
+
+### Test if ClamAV (an antivirus engine) is installed and running
+
+    describe package('clamav') do
+      it { should be_installed }
+      its('version') { should eq '0.98.7' }
+    end
+
+    describe service('clamd') do
+      it { should_not be_enabled }
+      it { should_not be_installed }
+      it { should_not be_running }
+    end
+
+### Verify if a package is installed according to my rpm database
+
+    describe package('some_package', rpm_dbpath: '/var/lib/my_rpmdb') do
+      it { should be_installed }
+    end
+
+### Verify if Memcached is installed, enabled, and running
+
+Memcached is an in-memory key-value store that helps improve the performance of database-driven websites and can be installed, maintained, and tested using the `memcached` cookbook (maintained by Chef). The following example is from the `memcached` cookbook and shows how to use a combination of the `package`, `service`, and `port` InSpec audit resources to test if Memcached is installed, enabled, and running:
+
+    describe package('memcached') do
+      it { should be_installed }
+    end
+
+    describe service('memcached') do
+      it { should be_installed }
+      it { should be_enabled }
+      it { should be_running }
+    end
+
+    describe port(11_211) do
+      it { should be_listening }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### be_held
+
+The `be_held` matcher tests if the named package is "held". On dpkg platforms, a "held" package
+will not be upgraded to a later version.
+
+    it { should be_held }
+
+### be_installed
+
+The `be_installed` matcher tests if the named package is installed on the system:
+
+    it { should be_installed }
+
+### version
+
+The `version` matcher tests if the named package version is on the system:
+
+    its('version') { should eq '1.2.3' }
+
+You can also use the `cmp OPERATOR` matcher to perform comparisons using the version attribute:
+
+    its('version') { should cmp >= '7.35.0-1ubuntu3.10' }
+
+`cmp` understands version numbers using Gem::Version, and can use the operators `==, <, <=, >=, and >`.  It will compare versions by each segment, not as a string - so '7.4' is smaller than '7.30', for example.