RubyGems - inspec-core - Versions diffs - 2.1.67 - Mend

inspec-core 2.1.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (412) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +3136 -0
data/Gemfile +56 -0
data/LICENSE +14 -0
data/MAINTAINERS.md +33 -0
data/MAINTAINERS.toml +52 -0
data/README.md +453 -0
data/bin/inspec +12 -0
data/docs/.gitignore +2 -0
data/docs/README.md +40 -0
data/docs/dev/control-eval.md +62 -0
data/docs/dsl_inspec.md +258 -0
data/docs/dsl_resource.md +100 -0
data/docs/glossary.md +99 -0
data/docs/habitat.md +192 -0
data/docs/inspec_and_friends.md +114 -0
data/docs/matchers.md +169 -0
data/docs/migration.md +293 -0
data/docs/platforms.md +119 -0
data/docs/plugin_kitchen_inspec.md +50 -0
data/docs/profiles.md +378 -0
data/docs/reporters.md +105 -0
data/docs/resources/aide_conf.md.erb +76 -0
data/docs/resources/apache.md.erb +67 -0
data/docs/resources/apache_conf.md.erb +68 -0
data/docs/resources/apt.md.erb +71 -0
data/docs/resources/audit_policy.md.erb +47 -0
data/docs/resources/auditd.md.erb +79 -0
data/docs/resources/auditd_conf.md.erb +68 -0
data/docs/resources/bash.md.erb +75 -0
data/docs/resources/bond.md.erb +90 -0
data/docs/resources/bridge.md.erb +57 -0
data/docs/resources/bsd_service.md.erb +67 -0
data/docs/resources/chocolatey_package.md.erb +58 -0
data/docs/resources/command.md.erb +138 -0
data/docs/resources/cpan.md.erb +79 -0
data/docs/resources/cran.md.erb +64 -0
data/docs/resources/crontab.md.erb +89 -0
data/docs/resources/csv.md.erb +54 -0
data/docs/resources/dh_params.md.erb +205 -0
data/docs/resources/directory.md.erb +30 -0
data/docs/resources/docker.md.erb +219 -0
data/docs/resources/docker_container.md.erb +103 -0
data/docs/resources/docker_image.md.erb +94 -0
data/docs/resources/docker_service.md.erb +114 -0
data/docs/resources/elasticsearch.md.erb +242 -0
data/docs/resources/etc_fstab.md.erb +125 -0
data/docs/resources/etc_group.md.erb +75 -0
data/docs/resources/etc_hosts.md.erb +78 -0
data/docs/resources/etc_hosts_allow.md.erb +74 -0
data/docs/resources/etc_hosts_deny.md.erb +74 -0
data/docs/resources/file.md.erb +526 -0
data/docs/resources/filesystem.md.erb +41 -0
data/docs/resources/firewalld.md.erb +107 -0
data/docs/resources/gem.md.erb +79 -0
data/docs/resources/group.md.erb +61 -0
data/docs/resources/grub_conf.md.erb +101 -0
data/docs/resources/host.md.erb +86 -0
data/docs/resources/http.md.erb +197 -0
data/docs/resources/iis_app.md.erb +122 -0
data/docs/resources/iis_site.md.erb +135 -0
data/docs/resources/inetd_conf.md.erb +94 -0
data/docs/resources/ini.md.erb +76 -0
data/docs/resources/interface.md.erb +58 -0
data/docs/resources/iptables.md.erb +64 -0
data/docs/resources/json.md.erb +63 -0
data/docs/resources/kernel_module.md.erb +120 -0
data/docs/resources/kernel_parameter.md.erb +53 -0
data/docs/resources/key_rsa.md.erb +85 -0
data/docs/resources/launchd_service.md.erb +57 -0
data/docs/resources/limits_conf.md.erb +75 -0
data/docs/resources/login_defs.md.erb +71 -0
data/docs/resources/mount.md.erb +69 -0
data/docs/resources/mssql_session.md.erb +60 -0
data/docs/resources/mysql_conf.md.erb +99 -0
data/docs/resources/mysql_session.md.erb +74 -0
data/docs/resources/nginx.md.erb +79 -0
data/docs/resources/nginx_conf.md.erb +138 -0
data/docs/resources/npm.md.erb +60 -0
data/docs/resources/ntp_conf.md.erb +60 -0
data/docs/resources/oneget.md.erb +53 -0
data/docs/resources/oracledb_session.md.erb +52 -0
data/docs/resources/os.md.erb +141 -0
data/docs/resources/os_env.md.erb +91 -0
data/docs/resources/package.md.erb +120 -0
data/docs/resources/packages.md.erb +67 -0
data/docs/resources/parse_config.md.erb +103 -0
data/docs/resources/parse_config_file.md.erb +138 -0
data/docs/resources/passwd.md.erb +141 -0
data/docs/resources/pip.md.erb +67 -0
data/docs/resources/port.md.erb +137 -0
data/docs/resources/postgres_conf.md.erb +79 -0
data/docs/resources/postgres_hba_conf.md.erb +93 -0
data/docs/resources/postgres_ident_conf.md.erb +76 -0
data/docs/resources/postgres_session.md.erb +69 -0
data/docs/resources/powershell.md.erb +102 -0
data/docs/resources/processes.md.erb +109 -0
data/docs/resources/rabbitmq_config.md.erb +41 -0
data/docs/resources/registry_key.md.erb +158 -0
data/docs/resources/runit_service.md.erb +57 -0
data/docs/resources/security_policy.md.erb +47 -0
data/docs/resources/service.md.erb +121 -0
data/docs/resources/shadow.md.erb +146 -0
data/docs/resources/ssh_config.md.erb +73 -0
data/docs/resources/sshd_config.md.erb +83 -0
data/docs/resources/ssl.md.erb +119 -0
data/docs/resources/sys_info.md.erb +42 -0
data/docs/resources/systemd_service.md.erb +57 -0
data/docs/resources/sysv_service.md.erb +57 -0
data/docs/resources/upstart_service.md.erb +57 -0
data/docs/resources/user.md.erb +140 -0
data/docs/resources/users.md.erb +127 -0
data/docs/resources/vbscript.md.erb +55 -0
data/docs/resources/virtualization.md.erb +57 -0
data/docs/resources/windows_feature.md.erb +47 -0
data/docs/resources/windows_hotfix.md.erb +53 -0
data/docs/resources/windows_task.md.erb +95 -0
data/docs/resources/wmi.md.erb +81 -0
data/docs/resources/x509_certificate.md.erb +151 -0
data/docs/resources/xinetd_conf.md.erb +156 -0
data/docs/resources/xml.md.erb +85 -0
data/docs/resources/yaml.md.erb +69 -0
data/docs/resources/yum.md.erb +98 -0
data/docs/resources/zfs_dataset.md.erb +53 -0
data/docs/resources/zfs_pool.md.erb +47 -0
data/docs/ruby_usage.md +203 -0
data/docs/shared/matcher_be.md.erb +1 -0
data/docs/shared/matcher_cmp.md.erb +43 -0
data/docs/shared/matcher_eq.md.erb +3 -0
data/docs/shared/matcher_include.md.erb +1 -0
data/docs/shared/matcher_match.md.erb +1 -0
data/docs/shell.md +217 -0
data/examples/README.md +8 -0
data/examples/inheritance/README.md +65 -0
data/examples/inheritance/controls/example.rb +14 -0
data/examples/inheritance/inspec.yml +15 -0
data/examples/kitchen-ansible/.kitchen.yml +25 -0
data/examples/kitchen-ansible/Gemfile +19 -0
data/examples/kitchen-ansible/README.md +53 -0
data/examples/kitchen-ansible/files/nginx.repo +6 -0
data/examples/kitchen-ansible/tasks/main.yml +16 -0
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-chef/.kitchen.yml +20 -0
data/examples/kitchen-chef/Berksfile +3 -0
data/examples/kitchen-chef/Gemfile +19 -0
data/examples/kitchen-chef/README.md +27 -0
data/examples/kitchen-chef/metadata.rb +7 -0
data/examples/kitchen-chef/recipes/default.rb +6 -0
data/examples/kitchen-chef/recipes/nginx.rb +30 -0
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-puppet/.kitchen.yml +23 -0
data/examples/kitchen-puppet/Gemfile +20 -0
data/examples/kitchen-puppet/Puppetfile +25 -0
data/examples/kitchen-puppet/README.md +53 -0
data/examples/kitchen-puppet/manifests/site.pp +33 -0
data/examples/kitchen-puppet/metadata.json +11 -0
data/examples/kitchen-puppet/modules/.gitkeep +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
data/examples/meta-profile/README.md +37 -0
data/examples/meta-profile/controls/example.rb +13 -0
data/examples/meta-profile/inspec.yml +13 -0
data/examples/profile-attribute.yml +2 -0
data/examples/profile-attribute/README.md +14 -0
data/examples/profile-attribute/controls/example.rb +11 -0
data/examples/profile-attribute/inspec.yml +8 -0
data/examples/profile-sensitive/README.md +29 -0
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -0
data/examples/profile-sensitive/controls/sensitive.rb +9 -0
data/examples/profile-sensitive/inspec.yml +8 -0
data/examples/profile/README.md +48 -0
data/examples/profile/controls/example.rb +23 -0
data/examples/profile/controls/gordon.rb +36 -0
data/examples/profile/controls/meta.rb +34 -0
data/examples/profile/inspec.yml +10 -0
data/examples/profile/libraries/gordon_config.rb +59 -0
data/inspec-core.gemspec +43 -0
data/lib/bundles/README.md +3 -0
data/lib/bundles/inspec-artifact.rb +7 -0
data/lib/bundles/inspec-artifact/README.md +1 -0
data/lib/bundles/inspec-artifact/cli.rb +277 -0
data/lib/bundles/inspec-compliance.rb +16 -0
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -0
data/lib/bundles/inspec-compliance/README.md +193 -0
data/lib/bundles/inspec-compliance/api.rb +360 -0
data/lib/bundles/inspec-compliance/api/login.rb +193 -0
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -0
data/lib/bundles/inspec-compliance/cli.rb +260 -0
data/lib/bundles/inspec-compliance/configuration.rb +103 -0
data/lib/bundles/inspec-compliance/http.rb +125 -0
data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
data/lib/bundles/inspec-compliance/support.rb +36 -0
data/lib/bundles/inspec-compliance/target.rb +106 -0
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -0
data/lib/bundles/inspec-habitat.rb +12 -0
data/lib/bundles/inspec-habitat/cli.rb +36 -0
data/lib/bundles/inspec-habitat/log.rb +10 -0
data/lib/bundles/inspec-habitat/profile.rb +391 -0
data/lib/bundles/inspec-init.rb +8 -0
data/lib/bundles/inspec-init/README.md +31 -0
data/lib/bundles/inspec-init/cli.rb +97 -0
data/lib/bundles/inspec-init/templates/profile/README.md +3 -0
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -0
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -0
data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
data/lib/bundles/inspec-supermarket.rb +13 -0
data/lib/bundles/inspec-supermarket/README.md +45 -0
data/lib/bundles/inspec-supermarket/api.rb +84 -0
data/lib/bundles/inspec-supermarket/cli.rb +73 -0
data/lib/bundles/inspec-supermarket/target.rb +34 -0
data/lib/fetchers/git.rb +163 -0
data/lib/fetchers/local.rb +74 -0
data/lib/fetchers/mock.rb +35 -0
data/lib/fetchers/url.rb +247 -0
data/lib/inspec.rb +24 -0
data/lib/inspec/archive/tar.rb +29 -0
data/lib/inspec/archive/zip.rb +19 -0
data/lib/inspec/backend.rb +93 -0
data/lib/inspec/base_cli.rb +368 -0
data/lib/inspec/cached_fetcher.rb +66 -0
data/lib/inspec/cli.rb +292 -0
data/lib/inspec/completions/bash.sh.erb +45 -0
data/lib/inspec/completions/fish.sh.erb +34 -0
data/lib/inspec/completions/zsh.sh.erb +61 -0
data/lib/inspec/control_eval_context.rb +179 -0
data/lib/inspec/dependencies/cache.rb +72 -0
data/lib/inspec/dependencies/dependency_set.rb +92 -0
data/lib/inspec/dependencies/lockfile.rb +115 -0
data/lib/inspec/dependencies/requirement.rb +123 -0
data/lib/inspec/dependencies/resolver.rb +86 -0
data/lib/inspec/describe.rb +27 -0
data/lib/inspec/dsl.rb +66 -0
data/lib/inspec/dsl_shared.rb +33 -0
data/lib/inspec/env_printer.rb +157 -0
data/lib/inspec/errors.rb +14 -0
data/lib/inspec/exceptions.rb +12 -0
data/lib/inspec/expect.rb +45 -0
data/lib/inspec/fetcher.rb +45 -0
data/lib/inspec/file_provider.rb +275 -0
data/lib/inspec/formatters.rb +3 -0
data/lib/inspec/formatters/base.rb +259 -0
data/lib/inspec/formatters/json_rspec.rb +20 -0
data/lib/inspec/formatters/show_progress.rb +12 -0
data/lib/inspec/library_eval_context.rb +58 -0
data/lib/inspec/log.rb +11 -0
data/lib/inspec/metadata.rb +247 -0
data/lib/inspec/method_source.rb +24 -0
data/lib/inspec/objects.rb +14 -0
data/lib/inspec/objects/attribute.rb +75 -0
data/lib/inspec/objects/control.rb +61 -0
data/lib/inspec/objects/describe.rb +92 -0
data/lib/inspec/objects/each_loop.rb +36 -0
data/lib/inspec/objects/list.rb +15 -0
data/lib/inspec/objects/or_test.rb +40 -0
data/lib/inspec/objects/ruby_helper.rb +15 -0
data/lib/inspec/objects/tag.rb +27 -0
data/lib/inspec/objects/test.rb +87 -0
data/lib/inspec/objects/value.rb +27 -0
data/lib/inspec/plugins.rb +60 -0
data/lib/inspec/plugins/cli.rb +24 -0
data/lib/inspec/plugins/fetcher.rb +86 -0
data/lib/inspec/plugins/resource.rb +135 -0
data/lib/inspec/plugins/secret.rb +15 -0
data/lib/inspec/plugins/source_reader.rb +40 -0
data/lib/inspec/polyfill.rb +12 -0
data/lib/inspec/profile.rb +513 -0
data/lib/inspec/profile_context.rb +208 -0
data/lib/inspec/profile_vendor.rb +66 -0
data/lib/inspec/reporters.rb +60 -0
data/lib/inspec/reporters/automate.rb +76 -0
data/lib/inspec/reporters/base.rb +25 -0
data/lib/inspec/reporters/cli.rb +356 -0
data/lib/inspec/reporters/json.rb +116 -0
data/lib/inspec/reporters/json_min.rb +48 -0
data/lib/inspec/reporters/junit.rb +78 -0
data/lib/inspec/require_loader.rb +33 -0
data/lib/inspec/resource.rb +190 -0
data/lib/inspec/rule.rb +280 -0
data/lib/inspec/runner.rb +345 -0
data/lib/inspec/runner_mock.rb +41 -0
data/lib/inspec/runner_rspec.rb +175 -0
data/lib/inspec/runtime_profile.rb +26 -0
data/lib/inspec/schema.rb +213 -0
data/lib/inspec/secrets.rb +19 -0
data/lib/inspec/secrets/yaml.rb +30 -0
data/lib/inspec/shell.rb +220 -0
data/lib/inspec/shell_detector.rb +90 -0
data/lib/inspec/source_reader.rb +29 -0
data/lib/inspec/version.rb +8 -0
data/lib/matchers/matchers.rb +339 -0
data/lib/resources/aide_conf.rb +151 -0
data/lib/resources/apache.rb +48 -0
data/lib/resources/apache_conf.rb +149 -0
data/lib/resources/apt.rb +149 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd.rb +231 -0
data/lib/resources/auditd_conf.rb +46 -0
data/lib/resources/bash.rb +35 -0
data/lib/resources/bond.rb +69 -0
data/lib/resources/bridge.rb +122 -0
data/lib/resources/chocolatey_package.rb +78 -0
data/lib/resources/command.rb +73 -0
data/lib/resources/cpan.rb +58 -0
data/lib/resources/cran.rb +64 -0
data/lib/resources/crontab.rb +169 -0
data/lib/resources/csv.rb +56 -0
data/lib/resources/dh_params.rb +77 -0
data/lib/resources/directory.rb +25 -0
data/lib/resources/docker.rb +236 -0
data/lib/resources/docker_container.rb +89 -0
data/lib/resources/docker_image.rb +83 -0
data/lib/resources/docker_object.rb +57 -0
data/lib/resources/docker_service.rb +90 -0
data/lib/resources/elasticsearch.rb +169 -0
data/lib/resources/etc_fstab.rb +94 -0
data/lib/resources/etc_group.rb +154 -0
data/lib/resources/etc_hosts.rb +66 -0
data/lib/resources/etc_hosts_allow_deny.rb +112 -0
data/lib/resources/file.rb +298 -0
data/lib/resources/filesystem.rb +31 -0
data/lib/resources/firewalld.rb +143 -0
data/lib/resources/gem.rb +70 -0
data/lib/resources/groups.rb +215 -0
data/lib/resources/grub_conf.rb +227 -0
data/lib/resources/host.rb +306 -0
data/lib/resources/http.rb +253 -0
data/lib/resources/iis_app.rb +101 -0
data/lib/resources/iis_site.rb +148 -0
data/lib/resources/inetd_conf.rb +54 -0
data/lib/resources/ini.rb +29 -0
data/lib/resources/interface.rb +129 -0
data/lib/resources/iptables.rb +80 -0
data/lib/resources/json.rb +111 -0
data/lib/resources/kernel_module.rb +107 -0
data/lib/resources/kernel_parameter.rb +58 -0
data/lib/resources/key_rsa.rb +63 -0
data/lib/resources/limits_conf.rb +46 -0
data/lib/resources/login_def.rb +57 -0
data/lib/resources/mount.rb +88 -0
data/lib/resources/mssql_session.rb +101 -0
data/lib/resources/mysql.rb +82 -0
data/lib/resources/mysql_conf.rb +127 -0
data/lib/resources/mysql_session.rb +85 -0
data/lib/resources/nginx.rb +96 -0
data/lib/resources/nginx_conf.rb +226 -0
data/lib/resources/npm.rb +48 -0
data/lib/resources/ntp_conf.rb +51 -0
data/lib/resources/oneget.rb +71 -0
data/lib/resources/oracledb_session.rb +139 -0
data/lib/resources/os.rb +36 -0
data/lib/resources/os_env.rb +86 -0
data/lib/resources/package.rb +370 -0
data/lib/resources/packages.rb +111 -0
data/lib/resources/parse_config.rb +112 -0
data/lib/resources/passwd.rb +76 -0
data/lib/resources/pip.rb +130 -0
data/lib/resources/platform.rb +109 -0
data/lib/resources/port.rb +771 -0
data/lib/resources/postgres.rb +131 -0
data/lib/resources/postgres_conf.rb +114 -0
data/lib/resources/postgres_hba_conf.rb +90 -0
data/lib/resources/postgres_ident_conf.rb +79 -0
data/lib/resources/postgres_session.rb +71 -0
data/lib/resources/powershell.rb +67 -0
data/lib/resources/processes.rb +204 -0
data/lib/resources/rabbitmq_conf.rb +51 -0
data/lib/resources/registry_key.rb +297 -0
data/lib/resources/security_policy.rb +180 -0
data/lib/resources/service.rb +794 -0
data/lib/resources/shadow.rb +159 -0
data/lib/resources/ssh_conf.rb +97 -0
data/lib/resources/ssl.rb +99 -0
data/lib/resources/sys_info.rb +28 -0
data/lib/resources/toml.rb +32 -0
data/lib/resources/users.rb +654 -0
data/lib/resources/vbscript.rb +68 -0
data/lib/resources/virtualization.rb +247 -0
data/lib/resources/windows_feature.rb +84 -0
data/lib/resources/windows_hotfix.rb +35 -0
data/lib/resources/windows_task.rb +102 -0
data/lib/resources/wmi.rb +110 -0
data/lib/resources/x509_certificate.rb +137 -0
data/lib/resources/xinetd.rb +106 -0
data/lib/resources/xml.rb +46 -0
data/lib/resources/yaml.rb +43 -0
data/lib/resources/yum.rb +180 -0
data/lib/resources/zfs_dataset.rb +60 -0
data/lib/resources/zfs_pool.rb +49 -0
data/lib/source_readers/flat.rb +39 -0
data/lib/source_readers/inspec.rb +75 -0
data/lib/utils/command_wrapper.rb +27 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/database_helpers.rb +77 -0
data/lib/utils/enumerable_delegation.rb +9 -0
data/lib/utils/erlang_parser.rb +192 -0
data/lib/utils/file_reader.rb +25 -0
data/lib/utils/filter.rb +273 -0
data/lib/utils/filter_array.rb +27 -0
data/lib/utils/find_files.rb +47 -0
data/lib/utils/hash.rb +41 -0
data/lib/utils/json_log.rb +18 -0
data/lib/utils/latest_version.rb +22 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/nginx_parser.rb +105 -0
data/lib/utils/object_traversal.rb +49 -0
data/lib/utils/parser.rb +274 -0
data/lib/utils/pkey_reader.rb +15 -0
data/lib/utils/plugin_registry.rb +93 -0
data/lib/utils/simpleconfig.rb +120 -0
data/lib/utils/spdx.rb +13 -0
data/lib/utils/spdx.txt +344 -0
metadata +713 -0

data/lib/resources/aide_conf.rb ADDED

@@ -0,0 +1,151 @@
+# encoding: utf-8
+require 'utils/filter'
+require 'utils/parser'
+require 'utils/file_reader'
+module Inspec::Resources
+  class AideConf < Inspec.resource(1)
+    name 'aide_conf'
+    supports platform: 'unix'
+    desc 'Use the aide_conf InSpec audit resource to test the rules established for
+      the file integrity tool AIDE. Controlled by the aide.conf file typically at /etc/aide.conf.'
+    example "
+      describe aide_conf do
+        its('selection_lines') { should include '/sbin' }
+      end
+      describe aide_conf.where { selection_line == '/bin' } do
+        its('rules.flatten') { should include 'r' }
+      end
+      describe aide_conf.all_have_rule('sha512') do
+        it { should eq true }
+      end
+    "
+    attr_reader :params
+    include CommentParser
+    include FileReader
+    def initialize(aide_conf_path = nil)
+      @conf_path = aide_conf_path || '/etc/aide.conf'
+      @content = nil
+      @rules = nil
+      read_content
+    end
+    def all_have_rule(rule)
+      # Case when file didn't exist or perms didn't allow an open
+      return false if @content.nil?
+      lines = @params.reject { |line| line['rules'].include? rule }
+      lines.empty?
+    end
+    filter = FilterTable.create
+    filter.add_accessor(:where)
+          .add_accessor(:entries)
+          .add(:selection_lines, field: 'selection_line')
+          .add(:rules,           field: 'rules')
+    filter.connect(self, :params)
+    private
+    def read_content
+      return @content unless @content.nil?
+      @rules = {}
+      raw_conf = read_file_content(@conf_path)
+      # If there is a file and it contains content, continue
+      @content = filter_comments(raw_conf.lines)
+      @params = parse_conf(@content)
+    end
+    def filter_comments(data)
+      content = []
+      data.each do |line|
+        content_line, = parse_comment_line(line, comment_char: '#', standalone_comments: false)
+        content.push(content_line)
+      end
+      content
+    end
+    def parse_conf(content)
+      params = []
+      content.each do |line|
+        param = parse_line(line)
+        if !param['selection_line'].nil?
+          params.push(param)
+        end
+      end
+      params
+    end
+    def parse_line(line)
+      line_and_rules = {}
+      # Case when line is a rule line
+      if line.include?(' = ')
+        parse_rule_line(line)
+      # Case when line is a selection line
+      elsif line.start_with?('/', '!', '=')
+        line_and_rules = parse_selection_line(line)
+      end
+      line_and_rules
+    end
+    def parse_rule_line(line)
+      line.gsub!(/\s+/, '')
+      rule_line_arr = line.split('=')
+      rules_list = rule_line_arr.last.split('+')
+      rule_name = rule_line_arr.first
+      rules_list.each_index do |i|
+        # Cases where rule respresents one or more other rules
+        if @rules.key?(rules_list[i])
+          rules_list[i] = @rules[rules_list[i]]
+        end
+        rules_list[i] = handle_multi_rule(rules_list, i)
+      end
+      @rules[rule_name] = rules_list.flatten
+    end
+    def parse_selection_line(line)
+      selec_line_arr = line.split(' ')
+      selection_line = selec_line_arr.first
+      selection_line.chop! if selection_line.end_with?('/')
+      rule_list = selec_line_arr.last.split('+')
+      rule_list.each_index do |i|
+        hash_list = @rules[rule_list[i]]
+        # Cases where rule respresents one or more other rules
+        if !hash_list.nil?
+          rule_list[i] = hash_list
+        end
+        rule_list[i] = handle_multi_rule(rule_list, i)
+      end
+      rule_list.flatten!
+      {
+        'selection_line' => selection_line,
+        'rules' => rule_list,
+      }
+    end
+    def handle_multi_rule(rule_list, i)
+      # Rules that represent multiple rules (R,L,>)
+      r_rules = %w{p i l n u g s m c md5}
+      l_rules = %w{p i l n u g}
+      grow_log_rules = %w{p l u g i n S}
+      case rule_list[i]
+      when 'R'
+        return r_rules
+      when 'L'
+        return l_rules
+      when '>'
+        return grow_log_rules
+      end
+      rule_list[i]
+    end
+  end
+end

data/lib/resources/apache.rb ADDED

@@ -0,0 +1,48 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+module Inspec::Resources
+  class Apache < Inspec.resource(1)
+    name 'apache'
+    supports platform: 'unix'
+    desc 'Use the apache InSpec audit resource to retrieve Apache environment settings.'
+    example "
+      describe apache do
+        its ('service') { should cmp 'apache2' }
+      end
+      describe apache do
+        its ('conf_dir') { should cmp '/etc/apache2' }
+      end
+      describe apache do
+        its ('conf_path') { should cmp '/etc/apache2/apache2.conf' }
+      end
+      describe apache do
+        its ('user') { should cmp 'www-data' }
+      end
+    "
+    attr_reader :service, :conf_dir, :conf_path, :user
+    def initialize
+      warn '[DEPRECATED] The `apache` resource is deprecated and will be removed in InSpec 3.0.'
+      if inspec.os.debian?
+        @service = 'apache2'
+        @conf_dir = '/etc/apache2/'
+        @conf_path = File.join @conf_dir, 'apache2.conf'
+        @user = 'www-data'
+      else
+        @service = 'httpd'
+        @conf_dir = '/etc/httpd/'
+        @conf_path = File.join @conf_dir, '/conf/httpd.conf'
+        @user = 'apache'
+      end
+    end
+    def to_s
+      'Apache Environment'
+    end
+  end
+end

data/lib/resources/apache_conf.rb ADDED

@@ -0,0 +1,149 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+require 'utils/simpleconfig'
+require 'utils/find_files'
+require 'utils/file_reader'
+module Inspec::Resources
+  class ApacheConf < Inspec.resource(1)
+    name 'apache_conf'
+    supports platform: 'linux'
+    supports platform: 'debian'
+    desc 'Use the apache_conf InSpec audit resource to test the configuration settings for Apache. This file is typically located under /etc/apache2 on the Debian and Ubuntu platforms and under /etc/httpd on the Fedora, CentOS, Red Hat Enterprise Linux, and Arch Linux platforms. The configuration settings may vary significantly from platform to platform.'
+    example "
+      describe apache_conf do
+        its('setting_name') { should eq 'value' }
+      end
+    "
+    include FindFiles
+    include FileReader
+    attr_reader :conf_path
+    def initialize(conf_path = nil)
+      @conf_path = conf_path || default_conf_path
+      @files_contents = {}
+      @content = nil
+      @params = nil
+      read_content
+    end
+    def content
+      @content ||= read_content
+    end
+    def params(*opts)
+      @params || read_content
+      res = @params
+      opts.each do |opt|
+        res = res[opt] unless res.nil?
+      end
+      res
+    end
+    def method_missing(name)
+      # ensure params are loaded
+      @params || read_content
+      # extract values
+      @params[name.to_s] unless @params.nil?
+    end
+    def filter_comments(data)
+      content = ''
+      data.each_line do |line|
+        if !line.match(/^\s*#/)
+          content << line
+        end
+      end
+      content
+    end
+    def read_content
+      @content = ''
+      @params = {}
+      read_file_content(conf_path)
+      to_read = [conf_path]
+      until to_read.empty?
+        raw_conf = read_file(to_read[0])
+        @content += raw_conf
+        # An explaination of the below regular expression.
+        # Creates two capture groups.
+        # The first group captures the first group of non-whitespace character
+        # surrounded whitespace characters.
+        # The second group contains a conditional with a positive lookahead
+        # (does the line end with one or more spaces?). If the lookahead succeeds
+        # a non-greedy capture takes place, if it fails then a greedy capture takes place.
+        # The regex is terminated by an expression that matches zero or more spaces.
+        params = SimpleConfig.new(
+          raw_conf,
+          assignment_regex: /^\s*(\S+)\s+((?=.*\s+$).*?|.*)\s*$/,
+          multiple_values: true,
+        ).params
+        @params.merge!(params)
+        to_read = to_read.drop(1)
+        to_read += include_files(params).find_all do |fp|
+          not @files_contents.key? fp
+        end
+      end
+      # fiter comments
+      @content = filter_comments @content
+      @content
+    end
+    def include_files(params)
+      # see if there is more config files to include
+      include_files = params['Include'] || []
+      include_files_optional = params['IncludeOptional'] || []
+      includes = []
+      (include_files + include_files_optional).each do |f|
+        id    = Pathname.new(f).absolute? ? f : File.join(conf_dir, f)
+        files = find_files(id, depth: 1, type: 'file')
+        files += find_files(id, depth: 1, type: 'link')
+        includes.push(files) if files
+      end
+      # [].flatten! == nil
+      includes.flatten! || []
+    end
+    def read_file(path)
+      @files_contents[path] ||= read_file_content(path)
+    end
+    def conf_dir
+      if inspec.os.debian?
+        File.dirname(conf_path)
+      else
+        # On RHEL-based systems, the configuration is usually in a /conf directory
+        # that contains the primary config file. We assume the "config path" is the
+        # directory that contains the /conf directory, such as /etc/httpd, so that
+        # the conf.d directory can be properly located.
+        Pathname.new(File.dirname(conf_path)).parent.to_s
+      end
+    end
+    def to_s
+      "Apache Config #{conf_path}"
+    end
+    private
+    def default_conf_path
+      if inspec.os.debian?
+        '/etc/apache2/apache2.conf'
+      else
+        '/etc/httpd/conf/httpd.conf'
+      end
+    end
+  end
+end

data/lib/resources/apt.rb ADDED

@@ -0,0 +1,149 @@
+# encoding: utf-8
+# Verifies apt and ppa repositories
+#
+# Usage:
+# describe apt('ubuntu-wine/ppa') do
+#   it { should exist }
+#   it { should be_enabled }
+# end
+#
+# it also understands a ppa url
+# describe apt('ppa:ubuntu-wine/ppa') do
+#   it { should exist }
+#   it { should be_enabled }
+# end
+#
+# The following ppa formats are supported:
+# - ubuntu-wine/ppa
+# - ppa:ubuntu-wine/ppa
+# - http://ppa.launchpad.net/juju/stable/ubuntu
+#
+# Install a ppa as following:
+# apt-get install python-software-properties
+# apt-get install software-properties-common
+# add-apt-repository ppa:ubuntu-wine/ppa
+require 'uri'
+module Inspec::Resources
+  class AptRepository < Inspec.resource(1)
+    name 'apt'
+    supports platform: 'unix'
+    desc 'Use the apt InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform.'
+    example "
+      describe apt('nginx/stable') do
+        it { should exist }
+        it { should be_enabled }
+      end
+    "
+    def initialize(ppa_name)
+      @deb_url = nil
+      # check if the os is ubuntu or debian
+      if inspec.os.debian?
+        @deb_url = determine_ppa_url(ppa_name)
+      else
+        # this resource is only supported on ubuntu and debian
+        skip_resource 'The `apt` resource is not supported on your OS yet.'
+      end
+    end
+    def exists?
+      find_repo.count > 0
+    end
+    def enabled?
+      return false if find_repo.count == 0
+      actives = find_repo.map { |repo| repo[:active] }
+      actives = actives.uniq
+      actives.size == 1 && actives[0] = true
+    end
+    def to_s
+      "Apt Repository #{@deb_url}"
+    end
+    private
+    def find_repo
+      read_debs.select { |repo| repo[:url] == @deb_url && repo[:type] == 'deb' }
+    end
+    HTTP_URL_RE = /\A#{URI::DEFAULT_PARSER.make_regexp(%w{http https})}\z/
+    # read
+    def read_debs
+      return @repo_cache if defined?(@repo_cache)
+      # load all lists
+      cmd = inspec.command("find /etc/apt/ -name \*.list -exec sh -c 'cat {} || echo -n' \\;")
+      # @see https://help.ubuntu.com/community/Repositories/CommandLine#Explanation_of_the_Repository_Format
+      @repo_cache = cmd.stdout.chomp.split("\n").each_with_object([]) do |raw_line, lines|
+        active = true
+        # detect if the repo is commented out
+        line = raw_line.gsub(/^(#\s*)*/, '')
+        active = false if raw_line != line
+        # eg.: deb http://archive.ubuntu.com/ubuntu/ wily main restricted
+        # or : deb [trusted=yes] http://archive.ubuntu.com/ubuntu/ wily main restricted
+        parse_repo = /^\s*(\S+)\s+(?:\[\S+\])?\s*"?([^ "\t\r\n\f]+)"?\s+(\S+)\s+(.*)$/.match(line)
+        # check if we got any result and the second param is an url
+        next if parse_repo.nil? || !parse_repo[2] =~ HTTP_URL_RE
+        # map data
+        repo = {
+          type: parse_repo[1],
+          url: parse_repo[2],
+          distro: parse_repo[3],
+          components: parse_repo[4].chomp.split(' '),
+          active: active,
+        }
+        next unless ['deb', 'deb-src'].include? repo[:type]
+        lines.push(repo)
+      end
+    end
+    # resolves ppa urls
+    # @see http://bazaar.launchpad.net/~ubuntu-core-dev/software-properties/main/view/head:/softwareproperties/ppa.py
+    def determine_ppa_url(ppa_url)
+      # verify if we have the url already, then just return
+      return ppa_url if ppa_url =~ HTTP_URL_RE
+      # otherwise start generating the ppa url
+      # special care if the name stats with :
+      ppa_url = ppa_url.split(':')[1] if ppa_url.start_with?('ppa:')
+      # parse ppa owner and repo
+      ppa_owner, ppa_repo = ppa_url.split('/')
+      ppa_repo = 'ppa' if ppa_repo.nil?
+      # construct new ppa url and return it
+      format('http://ppa.launchpad.net/%s/%s/ubuntu', ppa_owner, ppa_repo)
+    end
+  end
+  # for compatability with serverspec
+  # this is deprecated syntax and will be removed in future versions
+  class PpaRepository < AptRepository
+    name 'ppa'
+    def exists?
+      deprecated
+      super()
+    end
+    def enabled?
+      deprecated
+      super()
+    end
+    def deprecated
+      warn '[DEPRECATION] `ppa(reponame)` is deprecated.  Please use `apt(reponame)` instead.'
+    end
+  end
+end