RubyGems - inspec-core - Versions diffs - 2.1.67 - Mend

inspec-core 2.1.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (412) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +3136 -0
data/Gemfile +56 -0
data/LICENSE +14 -0
data/MAINTAINERS.md +33 -0
data/MAINTAINERS.toml +52 -0
data/README.md +453 -0
data/bin/inspec +12 -0
data/docs/.gitignore +2 -0
data/docs/README.md +40 -0
data/docs/dev/control-eval.md +62 -0
data/docs/dsl_inspec.md +258 -0
data/docs/dsl_resource.md +100 -0
data/docs/glossary.md +99 -0
data/docs/habitat.md +192 -0
data/docs/inspec_and_friends.md +114 -0
data/docs/matchers.md +169 -0
data/docs/migration.md +293 -0
data/docs/platforms.md +119 -0
data/docs/plugin_kitchen_inspec.md +50 -0
data/docs/profiles.md +378 -0
data/docs/reporters.md +105 -0
data/docs/resources/aide_conf.md.erb +76 -0
data/docs/resources/apache.md.erb +67 -0
data/docs/resources/apache_conf.md.erb +68 -0
data/docs/resources/apt.md.erb +71 -0
data/docs/resources/audit_policy.md.erb +47 -0
data/docs/resources/auditd.md.erb +79 -0
data/docs/resources/auditd_conf.md.erb +68 -0
data/docs/resources/bash.md.erb +75 -0
data/docs/resources/bond.md.erb +90 -0
data/docs/resources/bridge.md.erb +57 -0
data/docs/resources/bsd_service.md.erb +67 -0
data/docs/resources/chocolatey_package.md.erb +58 -0
data/docs/resources/command.md.erb +138 -0
data/docs/resources/cpan.md.erb +79 -0
data/docs/resources/cran.md.erb +64 -0
data/docs/resources/crontab.md.erb +89 -0
data/docs/resources/csv.md.erb +54 -0
data/docs/resources/dh_params.md.erb +205 -0
data/docs/resources/directory.md.erb +30 -0
data/docs/resources/docker.md.erb +219 -0
data/docs/resources/docker_container.md.erb +103 -0
data/docs/resources/docker_image.md.erb +94 -0
data/docs/resources/docker_service.md.erb +114 -0
data/docs/resources/elasticsearch.md.erb +242 -0
data/docs/resources/etc_fstab.md.erb +125 -0
data/docs/resources/etc_group.md.erb +75 -0
data/docs/resources/etc_hosts.md.erb +78 -0
data/docs/resources/etc_hosts_allow.md.erb +74 -0
data/docs/resources/etc_hosts_deny.md.erb +74 -0
data/docs/resources/file.md.erb +526 -0
data/docs/resources/filesystem.md.erb +41 -0
data/docs/resources/firewalld.md.erb +107 -0
data/docs/resources/gem.md.erb +79 -0
data/docs/resources/group.md.erb +61 -0
data/docs/resources/grub_conf.md.erb +101 -0
data/docs/resources/host.md.erb +86 -0
data/docs/resources/http.md.erb +197 -0
data/docs/resources/iis_app.md.erb +122 -0
data/docs/resources/iis_site.md.erb +135 -0
data/docs/resources/inetd_conf.md.erb +94 -0
data/docs/resources/ini.md.erb +76 -0
data/docs/resources/interface.md.erb +58 -0
data/docs/resources/iptables.md.erb +64 -0
data/docs/resources/json.md.erb +63 -0
data/docs/resources/kernel_module.md.erb +120 -0
data/docs/resources/kernel_parameter.md.erb +53 -0
data/docs/resources/key_rsa.md.erb +85 -0
data/docs/resources/launchd_service.md.erb +57 -0
data/docs/resources/limits_conf.md.erb +75 -0
data/docs/resources/login_defs.md.erb +71 -0
data/docs/resources/mount.md.erb +69 -0
data/docs/resources/mssql_session.md.erb +60 -0
data/docs/resources/mysql_conf.md.erb +99 -0
data/docs/resources/mysql_session.md.erb +74 -0
data/docs/resources/nginx.md.erb +79 -0
data/docs/resources/nginx_conf.md.erb +138 -0
data/docs/resources/npm.md.erb +60 -0
data/docs/resources/ntp_conf.md.erb +60 -0
data/docs/resources/oneget.md.erb +53 -0
data/docs/resources/oracledb_session.md.erb +52 -0
data/docs/resources/os.md.erb +141 -0
data/docs/resources/os_env.md.erb +91 -0
data/docs/resources/package.md.erb +120 -0
data/docs/resources/packages.md.erb +67 -0
data/docs/resources/parse_config.md.erb +103 -0
data/docs/resources/parse_config_file.md.erb +138 -0
data/docs/resources/passwd.md.erb +141 -0
data/docs/resources/pip.md.erb +67 -0
data/docs/resources/port.md.erb +137 -0
data/docs/resources/postgres_conf.md.erb +79 -0
data/docs/resources/postgres_hba_conf.md.erb +93 -0
data/docs/resources/postgres_ident_conf.md.erb +76 -0
data/docs/resources/postgres_session.md.erb +69 -0
data/docs/resources/powershell.md.erb +102 -0
data/docs/resources/processes.md.erb +109 -0
data/docs/resources/rabbitmq_config.md.erb +41 -0
data/docs/resources/registry_key.md.erb +158 -0
data/docs/resources/runit_service.md.erb +57 -0
data/docs/resources/security_policy.md.erb +47 -0
data/docs/resources/service.md.erb +121 -0
data/docs/resources/shadow.md.erb +146 -0
data/docs/resources/ssh_config.md.erb +73 -0
data/docs/resources/sshd_config.md.erb +83 -0
data/docs/resources/ssl.md.erb +119 -0
data/docs/resources/sys_info.md.erb +42 -0
data/docs/resources/systemd_service.md.erb +57 -0
data/docs/resources/sysv_service.md.erb +57 -0
data/docs/resources/upstart_service.md.erb +57 -0
data/docs/resources/user.md.erb +140 -0
data/docs/resources/users.md.erb +127 -0
data/docs/resources/vbscript.md.erb +55 -0
data/docs/resources/virtualization.md.erb +57 -0
data/docs/resources/windows_feature.md.erb +47 -0
data/docs/resources/windows_hotfix.md.erb +53 -0
data/docs/resources/windows_task.md.erb +95 -0
data/docs/resources/wmi.md.erb +81 -0
data/docs/resources/x509_certificate.md.erb +151 -0
data/docs/resources/xinetd_conf.md.erb +156 -0
data/docs/resources/xml.md.erb +85 -0
data/docs/resources/yaml.md.erb +69 -0
data/docs/resources/yum.md.erb +98 -0
data/docs/resources/zfs_dataset.md.erb +53 -0
data/docs/resources/zfs_pool.md.erb +47 -0
data/docs/ruby_usage.md +203 -0
data/docs/shared/matcher_be.md.erb +1 -0
data/docs/shared/matcher_cmp.md.erb +43 -0
data/docs/shared/matcher_eq.md.erb +3 -0
data/docs/shared/matcher_include.md.erb +1 -0
data/docs/shared/matcher_match.md.erb +1 -0
data/docs/shell.md +217 -0
data/examples/README.md +8 -0
data/examples/inheritance/README.md +65 -0
data/examples/inheritance/controls/example.rb +14 -0
data/examples/inheritance/inspec.yml +15 -0
data/examples/kitchen-ansible/.kitchen.yml +25 -0
data/examples/kitchen-ansible/Gemfile +19 -0
data/examples/kitchen-ansible/README.md +53 -0
data/examples/kitchen-ansible/files/nginx.repo +6 -0
data/examples/kitchen-ansible/tasks/main.yml +16 -0
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-chef/.kitchen.yml +20 -0
data/examples/kitchen-chef/Berksfile +3 -0
data/examples/kitchen-chef/Gemfile +19 -0
data/examples/kitchen-chef/README.md +27 -0
data/examples/kitchen-chef/metadata.rb +7 -0
data/examples/kitchen-chef/recipes/default.rb +6 -0
data/examples/kitchen-chef/recipes/nginx.rb +30 -0
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-puppet/.kitchen.yml +23 -0
data/examples/kitchen-puppet/Gemfile +20 -0
data/examples/kitchen-puppet/Puppetfile +25 -0
data/examples/kitchen-puppet/README.md +53 -0
data/examples/kitchen-puppet/manifests/site.pp +33 -0
data/examples/kitchen-puppet/metadata.json +11 -0
data/examples/kitchen-puppet/modules/.gitkeep +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
data/examples/meta-profile/README.md +37 -0
data/examples/meta-profile/controls/example.rb +13 -0
data/examples/meta-profile/inspec.yml +13 -0
data/examples/profile-attribute.yml +2 -0
data/examples/profile-attribute/README.md +14 -0
data/examples/profile-attribute/controls/example.rb +11 -0
data/examples/profile-attribute/inspec.yml +8 -0
data/examples/profile-sensitive/README.md +29 -0
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -0
data/examples/profile-sensitive/controls/sensitive.rb +9 -0
data/examples/profile-sensitive/inspec.yml +8 -0
data/examples/profile/README.md +48 -0
data/examples/profile/controls/example.rb +23 -0
data/examples/profile/controls/gordon.rb +36 -0
data/examples/profile/controls/meta.rb +34 -0
data/examples/profile/inspec.yml +10 -0
data/examples/profile/libraries/gordon_config.rb +59 -0
data/inspec-core.gemspec +43 -0
data/lib/bundles/README.md +3 -0
data/lib/bundles/inspec-artifact.rb +7 -0
data/lib/bundles/inspec-artifact/README.md +1 -0
data/lib/bundles/inspec-artifact/cli.rb +277 -0
data/lib/bundles/inspec-compliance.rb +16 -0
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -0
data/lib/bundles/inspec-compliance/README.md +193 -0
data/lib/bundles/inspec-compliance/api.rb +360 -0
data/lib/bundles/inspec-compliance/api/login.rb +193 -0
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -0
data/lib/bundles/inspec-compliance/cli.rb +260 -0
data/lib/bundles/inspec-compliance/configuration.rb +103 -0
data/lib/bundles/inspec-compliance/http.rb +125 -0
data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
data/lib/bundles/inspec-compliance/support.rb +36 -0
data/lib/bundles/inspec-compliance/target.rb +106 -0
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -0
data/lib/bundles/inspec-habitat.rb +12 -0
data/lib/bundles/inspec-habitat/cli.rb +36 -0
data/lib/bundles/inspec-habitat/log.rb +10 -0
data/lib/bundles/inspec-habitat/profile.rb +391 -0
data/lib/bundles/inspec-init.rb +8 -0
data/lib/bundles/inspec-init/README.md +31 -0
data/lib/bundles/inspec-init/cli.rb +97 -0
data/lib/bundles/inspec-init/templates/profile/README.md +3 -0
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -0
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -0
data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
data/lib/bundles/inspec-supermarket.rb +13 -0
data/lib/bundles/inspec-supermarket/README.md +45 -0
data/lib/bundles/inspec-supermarket/api.rb +84 -0
data/lib/bundles/inspec-supermarket/cli.rb +73 -0
data/lib/bundles/inspec-supermarket/target.rb +34 -0
data/lib/fetchers/git.rb +163 -0
data/lib/fetchers/local.rb +74 -0
data/lib/fetchers/mock.rb +35 -0
data/lib/fetchers/url.rb +247 -0
data/lib/inspec.rb +24 -0
data/lib/inspec/archive/tar.rb +29 -0
data/lib/inspec/archive/zip.rb +19 -0
data/lib/inspec/backend.rb +93 -0
data/lib/inspec/base_cli.rb +368 -0
data/lib/inspec/cached_fetcher.rb +66 -0
data/lib/inspec/cli.rb +292 -0
data/lib/inspec/completions/bash.sh.erb +45 -0
data/lib/inspec/completions/fish.sh.erb +34 -0
data/lib/inspec/completions/zsh.sh.erb +61 -0
data/lib/inspec/control_eval_context.rb +179 -0
data/lib/inspec/dependencies/cache.rb +72 -0
data/lib/inspec/dependencies/dependency_set.rb +92 -0
data/lib/inspec/dependencies/lockfile.rb +115 -0
data/lib/inspec/dependencies/requirement.rb +123 -0
data/lib/inspec/dependencies/resolver.rb +86 -0
data/lib/inspec/describe.rb +27 -0
data/lib/inspec/dsl.rb +66 -0
data/lib/inspec/dsl_shared.rb +33 -0
data/lib/inspec/env_printer.rb +157 -0
data/lib/inspec/errors.rb +14 -0
data/lib/inspec/exceptions.rb +12 -0
data/lib/inspec/expect.rb +45 -0
data/lib/inspec/fetcher.rb +45 -0
data/lib/inspec/file_provider.rb +275 -0
data/lib/inspec/formatters.rb +3 -0
data/lib/inspec/formatters/base.rb +259 -0
data/lib/inspec/formatters/json_rspec.rb +20 -0
data/lib/inspec/formatters/show_progress.rb +12 -0
data/lib/inspec/library_eval_context.rb +58 -0
data/lib/inspec/log.rb +11 -0
data/lib/inspec/metadata.rb +247 -0
data/lib/inspec/method_source.rb +24 -0
data/lib/inspec/objects.rb +14 -0
data/lib/inspec/objects/attribute.rb +75 -0
data/lib/inspec/objects/control.rb +61 -0
data/lib/inspec/objects/describe.rb +92 -0
data/lib/inspec/objects/each_loop.rb +36 -0
data/lib/inspec/objects/list.rb +15 -0
data/lib/inspec/objects/or_test.rb +40 -0
data/lib/inspec/objects/ruby_helper.rb +15 -0
data/lib/inspec/objects/tag.rb +27 -0
data/lib/inspec/objects/test.rb +87 -0
data/lib/inspec/objects/value.rb +27 -0
data/lib/inspec/plugins.rb +60 -0
data/lib/inspec/plugins/cli.rb +24 -0
data/lib/inspec/plugins/fetcher.rb +86 -0
data/lib/inspec/plugins/resource.rb +135 -0
data/lib/inspec/plugins/secret.rb +15 -0
data/lib/inspec/plugins/source_reader.rb +40 -0
data/lib/inspec/polyfill.rb +12 -0
data/lib/inspec/profile.rb +513 -0
data/lib/inspec/profile_context.rb +208 -0
data/lib/inspec/profile_vendor.rb +66 -0
data/lib/inspec/reporters.rb +60 -0
data/lib/inspec/reporters/automate.rb +76 -0
data/lib/inspec/reporters/base.rb +25 -0
data/lib/inspec/reporters/cli.rb +356 -0
data/lib/inspec/reporters/json.rb +116 -0
data/lib/inspec/reporters/json_min.rb +48 -0
data/lib/inspec/reporters/junit.rb +78 -0
data/lib/inspec/require_loader.rb +33 -0
data/lib/inspec/resource.rb +190 -0
data/lib/inspec/rule.rb +280 -0
data/lib/inspec/runner.rb +345 -0
data/lib/inspec/runner_mock.rb +41 -0
data/lib/inspec/runner_rspec.rb +175 -0
data/lib/inspec/runtime_profile.rb +26 -0
data/lib/inspec/schema.rb +213 -0
data/lib/inspec/secrets.rb +19 -0
data/lib/inspec/secrets/yaml.rb +30 -0
data/lib/inspec/shell.rb +220 -0
data/lib/inspec/shell_detector.rb +90 -0
data/lib/inspec/source_reader.rb +29 -0
data/lib/inspec/version.rb +8 -0
data/lib/matchers/matchers.rb +339 -0
data/lib/resources/aide_conf.rb +151 -0
data/lib/resources/apache.rb +48 -0
data/lib/resources/apache_conf.rb +149 -0
data/lib/resources/apt.rb +149 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd.rb +231 -0
data/lib/resources/auditd_conf.rb +46 -0
data/lib/resources/bash.rb +35 -0
data/lib/resources/bond.rb +69 -0
data/lib/resources/bridge.rb +122 -0
data/lib/resources/chocolatey_package.rb +78 -0
data/lib/resources/command.rb +73 -0
data/lib/resources/cpan.rb +58 -0
data/lib/resources/cran.rb +64 -0
data/lib/resources/crontab.rb +169 -0
data/lib/resources/csv.rb +56 -0
data/lib/resources/dh_params.rb +77 -0
data/lib/resources/directory.rb +25 -0
data/lib/resources/docker.rb +236 -0
data/lib/resources/docker_container.rb +89 -0
data/lib/resources/docker_image.rb +83 -0
data/lib/resources/docker_object.rb +57 -0
data/lib/resources/docker_service.rb +90 -0
data/lib/resources/elasticsearch.rb +169 -0
data/lib/resources/etc_fstab.rb +94 -0
data/lib/resources/etc_group.rb +154 -0
data/lib/resources/etc_hosts.rb +66 -0
data/lib/resources/etc_hosts_allow_deny.rb +112 -0
data/lib/resources/file.rb +298 -0
data/lib/resources/filesystem.rb +31 -0
data/lib/resources/firewalld.rb +143 -0
data/lib/resources/gem.rb +70 -0
data/lib/resources/groups.rb +215 -0
data/lib/resources/grub_conf.rb +227 -0
data/lib/resources/host.rb +306 -0
data/lib/resources/http.rb +253 -0
data/lib/resources/iis_app.rb +101 -0
data/lib/resources/iis_site.rb +148 -0
data/lib/resources/inetd_conf.rb +54 -0
data/lib/resources/ini.rb +29 -0
data/lib/resources/interface.rb +129 -0
data/lib/resources/iptables.rb +80 -0
data/lib/resources/json.rb +111 -0
data/lib/resources/kernel_module.rb +107 -0
data/lib/resources/kernel_parameter.rb +58 -0
data/lib/resources/key_rsa.rb +63 -0
data/lib/resources/limits_conf.rb +46 -0
data/lib/resources/login_def.rb +57 -0
data/lib/resources/mount.rb +88 -0
data/lib/resources/mssql_session.rb +101 -0
data/lib/resources/mysql.rb +82 -0
data/lib/resources/mysql_conf.rb +127 -0
data/lib/resources/mysql_session.rb +85 -0
data/lib/resources/nginx.rb +96 -0
data/lib/resources/nginx_conf.rb +226 -0
data/lib/resources/npm.rb +48 -0
data/lib/resources/ntp_conf.rb +51 -0
data/lib/resources/oneget.rb +71 -0
data/lib/resources/oracledb_session.rb +139 -0
data/lib/resources/os.rb +36 -0
data/lib/resources/os_env.rb +86 -0
data/lib/resources/package.rb +370 -0
data/lib/resources/packages.rb +111 -0
data/lib/resources/parse_config.rb +112 -0
data/lib/resources/passwd.rb +76 -0
data/lib/resources/pip.rb +130 -0
data/lib/resources/platform.rb +109 -0
data/lib/resources/port.rb +771 -0
data/lib/resources/postgres.rb +131 -0
data/lib/resources/postgres_conf.rb +114 -0
data/lib/resources/postgres_hba_conf.rb +90 -0
data/lib/resources/postgres_ident_conf.rb +79 -0
data/lib/resources/postgres_session.rb +71 -0
data/lib/resources/powershell.rb +67 -0
data/lib/resources/processes.rb +204 -0
data/lib/resources/rabbitmq_conf.rb +51 -0
data/lib/resources/registry_key.rb +297 -0
data/lib/resources/security_policy.rb +180 -0
data/lib/resources/service.rb +794 -0
data/lib/resources/shadow.rb +159 -0
data/lib/resources/ssh_conf.rb +97 -0
data/lib/resources/ssl.rb +99 -0
data/lib/resources/sys_info.rb +28 -0
data/lib/resources/toml.rb +32 -0
data/lib/resources/users.rb +654 -0
data/lib/resources/vbscript.rb +68 -0
data/lib/resources/virtualization.rb +247 -0
data/lib/resources/windows_feature.rb +84 -0
data/lib/resources/windows_hotfix.rb +35 -0
data/lib/resources/windows_task.rb +102 -0
data/lib/resources/wmi.rb +110 -0
data/lib/resources/x509_certificate.rb +137 -0
data/lib/resources/xinetd.rb +106 -0
data/lib/resources/xml.rb +46 -0
data/lib/resources/yaml.rb +43 -0
data/lib/resources/yum.rb +180 -0
data/lib/resources/zfs_dataset.rb +60 -0
data/lib/resources/zfs_pool.rb +49 -0
data/lib/source_readers/flat.rb +39 -0
data/lib/source_readers/inspec.rb +75 -0
data/lib/utils/command_wrapper.rb +27 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/database_helpers.rb +77 -0
data/lib/utils/enumerable_delegation.rb +9 -0
data/lib/utils/erlang_parser.rb +192 -0
data/lib/utils/file_reader.rb +25 -0
data/lib/utils/filter.rb +273 -0
data/lib/utils/filter_array.rb +27 -0
data/lib/utils/find_files.rb +47 -0
data/lib/utils/hash.rb +41 -0
data/lib/utils/json_log.rb +18 -0
data/lib/utils/latest_version.rb +22 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/nginx_parser.rb +105 -0
data/lib/utils/object_traversal.rb +49 -0
data/lib/utils/parser.rb +274 -0
data/lib/utils/pkey_reader.rb +15 -0
data/lib/utils/plugin_registry.rb +93 -0
data/lib/utils/simpleconfig.rb +120 -0
data/lib/utils/spdx.rb +13 -0
data/lib/utils/spdx.txt +344 -0
metadata +713 -0

data/lib/resources/filesystem.rb ADDED

@@ -0,0 +1,31 @@
+module Inspec::Resources
+  class FileSystemResource < Inspec.resource(1)
+    name 'filesystem'
+    supports platform: 'linux'
+    desc 'Use the filesystem InSpec resource to test file system'
+    example "
+      describe filesystem('/') do
+        its('size') { should be >= 32000 }
+      end
+    "
+    attr_reader :partition
+    def initialize(partition)
+      @partition = partition
+    end
+    def size
+      @size ||= begin
+        cmd = inspec.command("df #{partition} --output=size")
+        raise Inspec::Exceptions::ResourceFailed, "Unable to get available space for partition #{partition}" if cmd.stdout.nil? || cmd.stdout.empty? || !cmd.exit_status.zero?
+        value = cmd.stdout.gsub(/\dK-blocks[\r\n]/, '').strip
+        value.to_i
+      end
+    end
+    def to_s
+      "Filesystem #{partition}"
+    end
+  end
+end

data/lib/resources/firewalld.rb ADDED

@@ -0,0 +1,143 @@
+# encoding: utf-8
+module Inspec::Resources
+  class FirewallD < Inspec.resource(1)
+    ###
+    #  This recourse assumes that the file sudo vim /etc/polkit-1/rules.d/49-nopasswd_global.rules has been
+    #  set to allow users in group "wheel" to perform any commands without authentication.
+    ###
+    name 'firewalld'
+    supports platform: 'linux'
+    desc 'Use the firewalld resource to check and see if firewalld is configured to grand or deny access to specific hosts or services'
+    example "
+      describe firewalld do
+        it { should be_running }
+        its('default_zone') { should eq 'public' }
+        it { should have_service_enabled_in_zone('ssh', 'public') }
+        it { should have_rule_enabled('rule family=ipv4 source address=192.168.0.14 accept', 'public') }
+      end
+      describe firewalld.where { zone == 'public' } do
+        its('interfaces') { should cmp ['enp0s3', 'eno2'] }
+        its('sources') { should cmp ['ssh', 'icmp'] }
+        its('services') { should cmp ['192.168.1.0/24', '192.168.1.2'] }
+      end
+    "
+    attr_reader :params
+    filter = FilterTable.create
+    filter.add_accessor(:where)
+          .add_accessor(:entries)
+          .add(:zone,       field: 'zone')
+          .add(:interfaces, field: 'interfaces')
+          .add(:sources,    field: 'sources')
+          .add(:services,   field: 'services')
+    filter.connect(self, :params)
+    def initialize
+      @params = parse_active_zones(active_zones)
+    end
+    def installed?
+      inspec.command('firewall-cmd').exist?
+    end
+    def has_zone?(query_zone)
+      return false unless installed?
+      result = firewalld_command('--get-zones').split(' ')
+      result.include?(query_zone)
+    end
+    def running?
+      return false unless installed?
+      result = firewalld_command('--state')
+      result =~ /^running/ ? true : false
+    end
+    def default_zone
+      # return: word associated with the name of the default zone
+      # example: 'public'
+      firewalld_command('--get-default-zone')
+    end
+    def has_service_enabled_in_zone?(query_service, query_zone = default_zone)
+      firewalld_command("--zone=#{query_zone} --query-service=#{query_service}") == 'yes'
+    end
+    def service_ports_enabled_in_zone(query_service, query_zone = default_zone)
+      # return: String of ports open
+      # example: ['22/tcp', '4722/tcp']
+      firewalld_command("--zone=#{query_zone} --service=#{query_service} --get-ports --permanent").split(' ')
+    end
+    def service_protocols_enabled_in_zone(query_service, query_zone = default_zone)
+      # return: String of protocoals open
+      # example: ['icmp', 'ipv4', 'igmp']
+      firewalld_command("--zone=#{query_zone} --service=#{query_service} --get-protocols --permanent").split(' ')
+    end
+    def has_port_enabled_in_zone?(query_port, query_zone = default_zone)
+      firewalld_command("--zone=#{query_zone} --query-port=#{query_port}") == 'yes'
+    end
+    def has_rule_enabled?(rule, query_zone = default_zone)
+      rule = "rule #{rule}" unless rule.start_with?('rule')
+      firewalld_command("--zone=#{query_zone} --query-rich-rule='#{rule}'") == 'yes'
+    end
+    private
+    def active_zones
+      # return syntax:
+      #   [default-zone-name]
+      #       interfaces: [open interfases]
+      #
+      # example:
+      #   public
+      #       interfaces: enp0s3
+      firewalld_command('--get-active-zones')
+    end
+    def parse_active_zones(content)
+      # Split by every second line, which contains the zone and the interfaces.
+      content = content.split(/\n/).each_slice(2).map { |slice| slice.join("\n") }
+      content.map do |line|
+        parse_line(line)
+      end.compact
+    end
+    def parse_line(line)
+      zone = line.split("\n")[0]
+      {
+        'zone' => zone,
+        'interfaces' => line.split(':')[1].split(' '),
+        'services' =>   services_bound(zone),
+        'sources' =>    sources_bound(zone),
+      }
+    end
+    def sources_bound(query_zone)
+      # result: a list containing either an ip address or ip address with a mask, or a ipset or an ipset with the ipset prefix.
+      # example: ['192.168.0.4', '192.168.0.0/16', '2111:DB28:ABC:12::', '2111:db89:ab3d:0112::0/64']
+      firewalld_command("--zone=#{query_zone} --list-sources").split(' ')
+    end
+    def services_bound(query_zone)
+      # result: a list of services bound to a zone.
+      # example: ['ssh', 'dhcpv6-client']
+      firewalld_command("--zone=#{query_zone} --list-services").split(' ')
+    end
+    def firewalld_command(command)
+      command = "firewall-cmd #{command}"
+      result = inspec.command(command)
+      if result.stderr != ''
+        return "Error on command #{command}: #{result.stderr}"
+      end
+      result.stdout.strip
+    end
+  end
+end

data/lib/resources/gem.rb ADDED

@@ -0,0 +1,70 @@
+# encoding: utf-8
+module Inspec::Resources
+  class GemPackage < Inspec.resource(1)
+    name 'gem'
+    supports platform: 'unix'
+    supports platform: 'windows'
+    desc 'Use the gem InSpec audit resource to test if a global gem package is installed.'
+    example "
+      describe gem('rubocop') do
+        it { should be_installed }
+        its('version') { should eq '0.33.0' }
+      end
+    "
+    attr_reader :gem_binary
+    def initialize(package_name, gem_binary = nil)
+      @package_name = package_name
+      @gem_binary = case gem_binary
+                    when nil
+                      'gem'
+                    when :chef
+                      if inspec.os.windows?
+                        'c:\opscode\chef\embedded\bin\gem.bat'
+                      else
+                        '/opt/chef/embedded/bin/gem'
+                      end
+                    when :chef_server
+                      '/opt/opscode/embedded/bin/gem'
+                    else
+                      gem_binary
+                    end
+      skip_resource 'Unable to retrieve gem information' if info.empty?
+    end
+    def info
+      return @info if defined?(@info)
+      cmd = inspec.command("#{@gem_binary} list --local -a -q \^#{@package_name}\$")
+      return {} unless cmd.exit_status.zero?
+      # extract package name and version
+      # parses data like winrm (1.3.4, 1.3.3)
+      params = /^\s*([^\(]*?)\s*\((.*?)\)\s*$/.match(cmd.stdout.chomp)
+      @info = {
+        installed: !params.nil?,
+        type: 'gem',
+      }
+      return @info unless @info[:installed]
+      versions = params[2].split(',')
+      @info[:name] = params[1]
+      @info[:version] = versions[0]
+      @info
+    end
+    def installed?
+      info[:installed] == true
+    end
+    def version
+      info[:version]
+    end
+    def to_s
+      "gem package #{@package_name}"
+    end
+  end
+end

data/lib/resources/groups.rb ADDED

@@ -0,0 +1,215 @@
+# encoding: utf-8
+require 'utils/filter'
+module Inspec::Resources
+  # This file contains two resources, the `group` and `groups` resource.
+  # The `group` resource is optimized for requests that verify specific groups
+  # that you know upfront for testing. If you need to query all groups or search
+  # specific groups with certain properties, use the `groups` resource.
+  module GroupManagementSelector
+    # select group provider based on the operating system
+    # returns nil, if no group manager was found for the operating system
+    def select_group_manager(os)
+      @group_provider = if os.darwin?
+                          DarwinGroup.new(inspec)
+                        elsif os.unix?
+                          UnixGroup.new(inspec)
+                        elsif os.windows?
+                          WindowsGroup.new(inspec)
+                        end
+    end
+  end
+  class Groups < Inspec.resource(1)
+    include GroupManagementSelector
+    name 'groups'
+    supports platform: 'unix'
+    supports platform: 'windows'
+    desc 'Use the group InSpec audit resource to test groups on the system. Groups can be filtered.'
+    example "
+      describe groups.where { name == 'root'} do
+        its('names') { should eq ['root'] }
+        its('gids') { should eq [0] }
+      end
+      describe groups.where { name == 'Administrators'} do
+        its('names') { should eq ['Administrators'] }
+        its('gids') { should eq ['S-1-5-32-544'] }
+      end
+    "
+    def initialize
+      # select group manager
+      @group_provider = select_group_manager(inspec.os)
+      return skip_resource 'The `groups` resource is not supported on your OS yet.' if @group_provider.nil?
+    end
+    filter = FilterTable.create
+    filter.add_accessor(:where)
+          .add_accessor(:entries)
+          .add(:names,     field: 'name')
+          .add(:gids,      field: 'gid')
+          .add(:domains,   field: 'domain')
+          .add(:exists?) { |x| !x.entries.empty? }
+    filter.connect(self, :collect_group_details)
+    def to_s
+      'Groups'
+    end
+    private
+    # collects information about every group
+    def collect_group_details
+      return @groups_cache ||= @group_provider.groups unless @group_provider.nil?
+      []
+    end
+  end
+  # Usage:
+  # describe group('root') do
+  #   it { should exist }
+  #   its('gid') { should eq 0 }
+  # end
+  #
+  # deprecated has matcher
+  # describe group('root') do
+  #  it { should have_gid 0 }
+  # end
+  class Group < Inspec.resource(1)
+    include GroupManagementSelector
+    name 'group'
+    supports platform: 'unix'
+    supports platform: 'windows'
+    desc 'Use the group InSpec audit resource to test groups on the system.'
+    example "
+      describe group('root') do
+        it { should exist }
+        its('gid') { should eq 0 }
+      end
+    "
+    def initialize(groupname)
+      @group = groupname
+      # select group manager
+      @group_provider = select_group_manager(inspec.os)
+      return skip_resource 'The `group` resource is not supported on your OS yet.' if @group_provider.nil?
+    end
+    # verifies if a group exists
+    def exists?
+      !group_info.entries.empty?
+    end
+    def gid
+      gids = group_info.gids
+      if gids.empty?
+        nil
+      # the default case should be one group
+      elsif gids.size == 1
+        gids.entries[0]
+      else
+        raise 'found more than one group with the same name, please use `groups` resource'
+      end
+    end
+    # implements rspec has matcher, to be compatible with serverspec
+    def has_gid?(compare_gid)
+      gid == compare_gid
+    end
+    def local
+      # at this point the implementation only returns local groups
+      true
+    end
+    def to_s
+      "Group #{@group}"
+    end
+    private
+    def group_info
+      # we need a local copy for the block
+      group = @group.dup
+      @groups_cache ||= inspec.groups.where { name == group }
+    end
+  end
+  class GroupInfo
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
+    def groups
+      raise 'group provider must implement the `groups` method'
+    end
+  end
+  # implements generic unix groups via /etc/group
+  class UnixGroup < GroupInfo
+    def groups
+      inspec.etc_group.entries
+    end
+  end
+  # OSX uses opendirectory for groups, so `/etc/group` may not be fully accurate
+  # This uses `dscacheutil` to get the group info instead of `etc_group`
+  class DarwinGroup < GroupInfo
+    def groups
+      group_info = inspec.command('dscacheutil -q group').stdout.split("\n\n")
+      groups = []
+      regex = /^([^:]*?)\s*:\s(.*?)\s*$/
+      group_info.each do |data|
+        groups << inspec.parse_config(data, assignment_regex: regex).params
+      end
+      # Convert the `dscacheutil` groups to match `inspec.etc_group.entries`
+      groups.each { |g| g['gid'] = g['gid'].to_i }
+      groups.each do |g|
+        next if g['users'].nil?
+        g['members'] = g.delete('users')
+        g['members'].tr!(' ', ',')
+      end
+    end
+  end
+  class WindowsGroup < GroupInfo
+    # returns all local groups
+    def groups
+      script = <<~EOH
+        Function  ConvertTo-SID { Param([byte[]]$BinarySID)
+          (New-Object  System.Security.Principal.SecurityIdentifier($BinarySID,0)).Value
+        }
+        $Computername =  $Env:Computername
+        $adsi  = [ADSI]"WinNT://$Computername"
+        $groups = $adsi.Children | where {$_.SchemaClassName -eq  'group'} |  ForEach {
+          $name = $_.Name[0]
+          $sid = ConvertTo-SID -BinarySID $_.ObjectSID[0]
+          $group =[ADSI]$_.Path
+          new-object psobject -property @{name = $group.Name[0]; gid = $sid; domain=$Computername}
+        }
+        $groups | ConvertTo-Json -Depth 3
+      EOH
+      cmd = inspec.powershell(script)
+      # cannot rely on exit code for now, successful command returns exit code 1
+      # return nil if cmd.exit_status != 0, try to parse json
+      begin
+        groups = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => _e
+        return []
+      end
+      # ensure we have an array of groups
+      groups = [groups] if !groups.is_a?(Array)
+      groups
+    end
+  end
+end