RubyGems - inspec-core - Versions diffs - 2.1.67 - Mend

inspec-core 2.1.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (412) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +3136 -0
data/Gemfile +56 -0
data/LICENSE +14 -0
data/MAINTAINERS.md +33 -0
data/MAINTAINERS.toml +52 -0
data/README.md +453 -0
data/bin/inspec +12 -0
data/docs/.gitignore +2 -0
data/docs/README.md +40 -0
data/docs/dev/control-eval.md +62 -0
data/docs/dsl_inspec.md +258 -0
data/docs/dsl_resource.md +100 -0
data/docs/glossary.md +99 -0
data/docs/habitat.md +192 -0
data/docs/inspec_and_friends.md +114 -0
data/docs/matchers.md +169 -0
data/docs/migration.md +293 -0
data/docs/platforms.md +119 -0
data/docs/plugin_kitchen_inspec.md +50 -0
data/docs/profiles.md +378 -0
data/docs/reporters.md +105 -0
data/docs/resources/aide_conf.md.erb +76 -0
data/docs/resources/apache.md.erb +67 -0
data/docs/resources/apache_conf.md.erb +68 -0
data/docs/resources/apt.md.erb +71 -0
data/docs/resources/audit_policy.md.erb +47 -0
data/docs/resources/auditd.md.erb +79 -0
data/docs/resources/auditd_conf.md.erb +68 -0
data/docs/resources/bash.md.erb +75 -0
data/docs/resources/bond.md.erb +90 -0
data/docs/resources/bridge.md.erb +57 -0
data/docs/resources/bsd_service.md.erb +67 -0
data/docs/resources/chocolatey_package.md.erb +58 -0
data/docs/resources/command.md.erb +138 -0
data/docs/resources/cpan.md.erb +79 -0
data/docs/resources/cran.md.erb +64 -0
data/docs/resources/crontab.md.erb +89 -0
data/docs/resources/csv.md.erb +54 -0
data/docs/resources/dh_params.md.erb +205 -0
data/docs/resources/directory.md.erb +30 -0
data/docs/resources/docker.md.erb +219 -0
data/docs/resources/docker_container.md.erb +103 -0
data/docs/resources/docker_image.md.erb +94 -0
data/docs/resources/docker_service.md.erb +114 -0
data/docs/resources/elasticsearch.md.erb +242 -0
data/docs/resources/etc_fstab.md.erb +125 -0
data/docs/resources/etc_group.md.erb +75 -0
data/docs/resources/etc_hosts.md.erb +78 -0
data/docs/resources/etc_hosts_allow.md.erb +74 -0
data/docs/resources/etc_hosts_deny.md.erb +74 -0
data/docs/resources/file.md.erb +526 -0
data/docs/resources/filesystem.md.erb +41 -0
data/docs/resources/firewalld.md.erb +107 -0
data/docs/resources/gem.md.erb +79 -0
data/docs/resources/group.md.erb +61 -0
data/docs/resources/grub_conf.md.erb +101 -0
data/docs/resources/host.md.erb +86 -0
data/docs/resources/http.md.erb +197 -0
data/docs/resources/iis_app.md.erb +122 -0
data/docs/resources/iis_site.md.erb +135 -0
data/docs/resources/inetd_conf.md.erb +94 -0
data/docs/resources/ini.md.erb +76 -0
data/docs/resources/interface.md.erb +58 -0
data/docs/resources/iptables.md.erb +64 -0
data/docs/resources/json.md.erb +63 -0
data/docs/resources/kernel_module.md.erb +120 -0
data/docs/resources/kernel_parameter.md.erb +53 -0
data/docs/resources/key_rsa.md.erb +85 -0
data/docs/resources/launchd_service.md.erb +57 -0
data/docs/resources/limits_conf.md.erb +75 -0
data/docs/resources/login_defs.md.erb +71 -0
data/docs/resources/mount.md.erb +69 -0
data/docs/resources/mssql_session.md.erb +60 -0
data/docs/resources/mysql_conf.md.erb +99 -0
data/docs/resources/mysql_session.md.erb +74 -0
data/docs/resources/nginx.md.erb +79 -0
data/docs/resources/nginx_conf.md.erb +138 -0
data/docs/resources/npm.md.erb +60 -0
data/docs/resources/ntp_conf.md.erb +60 -0
data/docs/resources/oneget.md.erb +53 -0
data/docs/resources/oracledb_session.md.erb +52 -0
data/docs/resources/os.md.erb +141 -0
data/docs/resources/os_env.md.erb +91 -0
data/docs/resources/package.md.erb +120 -0
data/docs/resources/packages.md.erb +67 -0
data/docs/resources/parse_config.md.erb +103 -0
data/docs/resources/parse_config_file.md.erb +138 -0
data/docs/resources/passwd.md.erb +141 -0
data/docs/resources/pip.md.erb +67 -0
data/docs/resources/port.md.erb +137 -0
data/docs/resources/postgres_conf.md.erb +79 -0
data/docs/resources/postgres_hba_conf.md.erb +93 -0
data/docs/resources/postgres_ident_conf.md.erb +76 -0
data/docs/resources/postgres_session.md.erb +69 -0
data/docs/resources/powershell.md.erb +102 -0
data/docs/resources/processes.md.erb +109 -0
data/docs/resources/rabbitmq_config.md.erb +41 -0
data/docs/resources/registry_key.md.erb +158 -0
data/docs/resources/runit_service.md.erb +57 -0
data/docs/resources/security_policy.md.erb +47 -0
data/docs/resources/service.md.erb +121 -0
data/docs/resources/shadow.md.erb +146 -0
data/docs/resources/ssh_config.md.erb +73 -0
data/docs/resources/sshd_config.md.erb +83 -0
data/docs/resources/ssl.md.erb +119 -0
data/docs/resources/sys_info.md.erb +42 -0
data/docs/resources/systemd_service.md.erb +57 -0
data/docs/resources/sysv_service.md.erb +57 -0
data/docs/resources/upstart_service.md.erb +57 -0
data/docs/resources/user.md.erb +140 -0
data/docs/resources/users.md.erb +127 -0
data/docs/resources/vbscript.md.erb +55 -0
data/docs/resources/virtualization.md.erb +57 -0
data/docs/resources/windows_feature.md.erb +47 -0
data/docs/resources/windows_hotfix.md.erb +53 -0
data/docs/resources/windows_task.md.erb +95 -0
data/docs/resources/wmi.md.erb +81 -0
data/docs/resources/x509_certificate.md.erb +151 -0
data/docs/resources/xinetd_conf.md.erb +156 -0
data/docs/resources/xml.md.erb +85 -0
data/docs/resources/yaml.md.erb +69 -0
data/docs/resources/yum.md.erb +98 -0
data/docs/resources/zfs_dataset.md.erb +53 -0
data/docs/resources/zfs_pool.md.erb +47 -0
data/docs/ruby_usage.md +203 -0
data/docs/shared/matcher_be.md.erb +1 -0
data/docs/shared/matcher_cmp.md.erb +43 -0
data/docs/shared/matcher_eq.md.erb +3 -0
data/docs/shared/matcher_include.md.erb +1 -0
data/docs/shared/matcher_match.md.erb +1 -0
data/docs/shell.md +217 -0
data/examples/README.md +8 -0
data/examples/inheritance/README.md +65 -0
data/examples/inheritance/controls/example.rb +14 -0
data/examples/inheritance/inspec.yml +15 -0
data/examples/kitchen-ansible/.kitchen.yml +25 -0
data/examples/kitchen-ansible/Gemfile +19 -0
data/examples/kitchen-ansible/README.md +53 -0
data/examples/kitchen-ansible/files/nginx.repo +6 -0
data/examples/kitchen-ansible/tasks/main.yml +16 -0
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-chef/.kitchen.yml +20 -0
data/examples/kitchen-chef/Berksfile +3 -0
data/examples/kitchen-chef/Gemfile +19 -0
data/examples/kitchen-chef/README.md +27 -0
data/examples/kitchen-chef/metadata.rb +7 -0
data/examples/kitchen-chef/recipes/default.rb +6 -0
data/examples/kitchen-chef/recipes/nginx.rb +30 -0
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-puppet/.kitchen.yml +23 -0
data/examples/kitchen-puppet/Gemfile +20 -0
data/examples/kitchen-puppet/Puppetfile +25 -0
data/examples/kitchen-puppet/README.md +53 -0
data/examples/kitchen-puppet/manifests/site.pp +33 -0
data/examples/kitchen-puppet/metadata.json +11 -0
data/examples/kitchen-puppet/modules/.gitkeep +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
data/examples/meta-profile/README.md +37 -0
data/examples/meta-profile/controls/example.rb +13 -0
data/examples/meta-profile/inspec.yml +13 -0
data/examples/profile-attribute.yml +2 -0
data/examples/profile-attribute/README.md +14 -0
data/examples/profile-attribute/controls/example.rb +11 -0
data/examples/profile-attribute/inspec.yml +8 -0
data/examples/profile-sensitive/README.md +29 -0
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -0
data/examples/profile-sensitive/controls/sensitive.rb +9 -0
data/examples/profile-sensitive/inspec.yml +8 -0
data/examples/profile/README.md +48 -0
data/examples/profile/controls/example.rb +23 -0
data/examples/profile/controls/gordon.rb +36 -0
data/examples/profile/controls/meta.rb +34 -0
data/examples/profile/inspec.yml +10 -0
data/examples/profile/libraries/gordon_config.rb +59 -0
data/inspec-core.gemspec +43 -0
data/lib/bundles/README.md +3 -0
data/lib/bundles/inspec-artifact.rb +7 -0
data/lib/bundles/inspec-artifact/README.md +1 -0
data/lib/bundles/inspec-artifact/cli.rb +277 -0
data/lib/bundles/inspec-compliance.rb +16 -0
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -0
data/lib/bundles/inspec-compliance/README.md +193 -0
data/lib/bundles/inspec-compliance/api.rb +360 -0
data/lib/bundles/inspec-compliance/api/login.rb +193 -0
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -0
data/lib/bundles/inspec-compliance/cli.rb +260 -0
data/lib/bundles/inspec-compliance/configuration.rb +103 -0
data/lib/bundles/inspec-compliance/http.rb +125 -0
data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
data/lib/bundles/inspec-compliance/support.rb +36 -0
data/lib/bundles/inspec-compliance/target.rb +106 -0
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -0
data/lib/bundles/inspec-habitat.rb +12 -0
data/lib/bundles/inspec-habitat/cli.rb +36 -0
data/lib/bundles/inspec-habitat/log.rb +10 -0
data/lib/bundles/inspec-habitat/profile.rb +391 -0
data/lib/bundles/inspec-init.rb +8 -0
data/lib/bundles/inspec-init/README.md +31 -0
data/lib/bundles/inspec-init/cli.rb +97 -0
data/lib/bundles/inspec-init/templates/profile/README.md +3 -0
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -0
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -0
data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
data/lib/bundles/inspec-supermarket.rb +13 -0
data/lib/bundles/inspec-supermarket/README.md +45 -0
data/lib/bundles/inspec-supermarket/api.rb +84 -0
data/lib/bundles/inspec-supermarket/cli.rb +73 -0
data/lib/bundles/inspec-supermarket/target.rb +34 -0
data/lib/fetchers/git.rb +163 -0
data/lib/fetchers/local.rb +74 -0
data/lib/fetchers/mock.rb +35 -0
data/lib/fetchers/url.rb +247 -0
data/lib/inspec.rb +24 -0
data/lib/inspec/archive/tar.rb +29 -0
data/lib/inspec/archive/zip.rb +19 -0
data/lib/inspec/backend.rb +93 -0
data/lib/inspec/base_cli.rb +368 -0
data/lib/inspec/cached_fetcher.rb +66 -0
data/lib/inspec/cli.rb +292 -0
data/lib/inspec/completions/bash.sh.erb +45 -0
data/lib/inspec/completions/fish.sh.erb +34 -0
data/lib/inspec/completions/zsh.sh.erb +61 -0
data/lib/inspec/control_eval_context.rb +179 -0
data/lib/inspec/dependencies/cache.rb +72 -0
data/lib/inspec/dependencies/dependency_set.rb +92 -0
data/lib/inspec/dependencies/lockfile.rb +115 -0
data/lib/inspec/dependencies/requirement.rb +123 -0
data/lib/inspec/dependencies/resolver.rb +86 -0
data/lib/inspec/describe.rb +27 -0
data/lib/inspec/dsl.rb +66 -0
data/lib/inspec/dsl_shared.rb +33 -0
data/lib/inspec/env_printer.rb +157 -0
data/lib/inspec/errors.rb +14 -0
data/lib/inspec/exceptions.rb +12 -0
data/lib/inspec/expect.rb +45 -0
data/lib/inspec/fetcher.rb +45 -0
data/lib/inspec/file_provider.rb +275 -0
data/lib/inspec/formatters.rb +3 -0
data/lib/inspec/formatters/base.rb +259 -0
data/lib/inspec/formatters/json_rspec.rb +20 -0
data/lib/inspec/formatters/show_progress.rb +12 -0
data/lib/inspec/library_eval_context.rb +58 -0
data/lib/inspec/log.rb +11 -0
data/lib/inspec/metadata.rb +247 -0
data/lib/inspec/method_source.rb +24 -0
data/lib/inspec/objects.rb +14 -0
data/lib/inspec/objects/attribute.rb +75 -0
data/lib/inspec/objects/control.rb +61 -0
data/lib/inspec/objects/describe.rb +92 -0
data/lib/inspec/objects/each_loop.rb +36 -0
data/lib/inspec/objects/list.rb +15 -0
data/lib/inspec/objects/or_test.rb +40 -0
data/lib/inspec/objects/ruby_helper.rb +15 -0
data/lib/inspec/objects/tag.rb +27 -0
data/lib/inspec/objects/test.rb +87 -0
data/lib/inspec/objects/value.rb +27 -0
data/lib/inspec/plugins.rb +60 -0
data/lib/inspec/plugins/cli.rb +24 -0
data/lib/inspec/plugins/fetcher.rb +86 -0
data/lib/inspec/plugins/resource.rb +135 -0
data/lib/inspec/plugins/secret.rb +15 -0
data/lib/inspec/plugins/source_reader.rb +40 -0
data/lib/inspec/polyfill.rb +12 -0
data/lib/inspec/profile.rb +513 -0
data/lib/inspec/profile_context.rb +208 -0
data/lib/inspec/profile_vendor.rb +66 -0
data/lib/inspec/reporters.rb +60 -0
data/lib/inspec/reporters/automate.rb +76 -0
data/lib/inspec/reporters/base.rb +25 -0
data/lib/inspec/reporters/cli.rb +356 -0
data/lib/inspec/reporters/json.rb +116 -0
data/lib/inspec/reporters/json_min.rb +48 -0
data/lib/inspec/reporters/junit.rb +78 -0
data/lib/inspec/require_loader.rb +33 -0
data/lib/inspec/resource.rb +190 -0
data/lib/inspec/rule.rb +280 -0
data/lib/inspec/runner.rb +345 -0
data/lib/inspec/runner_mock.rb +41 -0
data/lib/inspec/runner_rspec.rb +175 -0
data/lib/inspec/runtime_profile.rb +26 -0
data/lib/inspec/schema.rb +213 -0
data/lib/inspec/secrets.rb +19 -0
data/lib/inspec/secrets/yaml.rb +30 -0
data/lib/inspec/shell.rb +220 -0
data/lib/inspec/shell_detector.rb +90 -0
data/lib/inspec/source_reader.rb +29 -0
data/lib/inspec/version.rb +8 -0
data/lib/matchers/matchers.rb +339 -0
data/lib/resources/aide_conf.rb +151 -0
data/lib/resources/apache.rb +48 -0
data/lib/resources/apache_conf.rb +149 -0
data/lib/resources/apt.rb +149 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd.rb +231 -0
data/lib/resources/auditd_conf.rb +46 -0
data/lib/resources/bash.rb +35 -0
data/lib/resources/bond.rb +69 -0
data/lib/resources/bridge.rb +122 -0
data/lib/resources/chocolatey_package.rb +78 -0
data/lib/resources/command.rb +73 -0
data/lib/resources/cpan.rb +58 -0
data/lib/resources/cran.rb +64 -0
data/lib/resources/crontab.rb +169 -0
data/lib/resources/csv.rb +56 -0
data/lib/resources/dh_params.rb +77 -0
data/lib/resources/directory.rb +25 -0
data/lib/resources/docker.rb +236 -0
data/lib/resources/docker_container.rb +89 -0
data/lib/resources/docker_image.rb +83 -0
data/lib/resources/docker_object.rb +57 -0
data/lib/resources/docker_service.rb +90 -0
data/lib/resources/elasticsearch.rb +169 -0
data/lib/resources/etc_fstab.rb +94 -0
data/lib/resources/etc_group.rb +154 -0
data/lib/resources/etc_hosts.rb +66 -0
data/lib/resources/etc_hosts_allow_deny.rb +112 -0
data/lib/resources/file.rb +298 -0
data/lib/resources/filesystem.rb +31 -0
data/lib/resources/firewalld.rb +143 -0
data/lib/resources/gem.rb +70 -0
data/lib/resources/groups.rb +215 -0
data/lib/resources/grub_conf.rb +227 -0
data/lib/resources/host.rb +306 -0
data/lib/resources/http.rb +253 -0
data/lib/resources/iis_app.rb +101 -0
data/lib/resources/iis_site.rb +148 -0
data/lib/resources/inetd_conf.rb +54 -0
data/lib/resources/ini.rb +29 -0
data/lib/resources/interface.rb +129 -0
data/lib/resources/iptables.rb +80 -0
data/lib/resources/json.rb +111 -0
data/lib/resources/kernel_module.rb +107 -0
data/lib/resources/kernel_parameter.rb +58 -0
data/lib/resources/key_rsa.rb +63 -0
data/lib/resources/limits_conf.rb +46 -0
data/lib/resources/login_def.rb +57 -0
data/lib/resources/mount.rb +88 -0
data/lib/resources/mssql_session.rb +101 -0
data/lib/resources/mysql.rb +82 -0
data/lib/resources/mysql_conf.rb +127 -0
data/lib/resources/mysql_session.rb +85 -0
data/lib/resources/nginx.rb +96 -0
data/lib/resources/nginx_conf.rb +226 -0
data/lib/resources/npm.rb +48 -0
data/lib/resources/ntp_conf.rb +51 -0
data/lib/resources/oneget.rb +71 -0
data/lib/resources/oracledb_session.rb +139 -0
data/lib/resources/os.rb +36 -0
data/lib/resources/os_env.rb +86 -0
data/lib/resources/package.rb +370 -0
data/lib/resources/packages.rb +111 -0
data/lib/resources/parse_config.rb +112 -0
data/lib/resources/passwd.rb +76 -0
data/lib/resources/pip.rb +130 -0
data/lib/resources/platform.rb +109 -0
data/lib/resources/port.rb +771 -0
data/lib/resources/postgres.rb +131 -0
data/lib/resources/postgres_conf.rb +114 -0
data/lib/resources/postgres_hba_conf.rb +90 -0
data/lib/resources/postgres_ident_conf.rb +79 -0
data/lib/resources/postgres_session.rb +71 -0
data/lib/resources/powershell.rb +67 -0
data/lib/resources/processes.rb +204 -0
data/lib/resources/rabbitmq_conf.rb +51 -0
data/lib/resources/registry_key.rb +297 -0
data/lib/resources/security_policy.rb +180 -0
data/lib/resources/service.rb +794 -0
data/lib/resources/shadow.rb +159 -0
data/lib/resources/ssh_conf.rb +97 -0
data/lib/resources/ssl.rb +99 -0
data/lib/resources/sys_info.rb +28 -0
data/lib/resources/toml.rb +32 -0
data/lib/resources/users.rb +654 -0
data/lib/resources/vbscript.rb +68 -0
data/lib/resources/virtualization.rb +247 -0
data/lib/resources/windows_feature.rb +84 -0
data/lib/resources/windows_hotfix.rb +35 -0
data/lib/resources/windows_task.rb +102 -0
data/lib/resources/wmi.rb +110 -0
data/lib/resources/x509_certificate.rb +137 -0
data/lib/resources/xinetd.rb +106 -0
data/lib/resources/xml.rb +46 -0
data/lib/resources/yaml.rb +43 -0
data/lib/resources/yum.rb +180 -0
data/lib/resources/zfs_dataset.rb +60 -0
data/lib/resources/zfs_pool.rb +49 -0
data/lib/source_readers/flat.rb +39 -0
data/lib/source_readers/inspec.rb +75 -0
data/lib/utils/command_wrapper.rb +27 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/database_helpers.rb +77 -0
data/lib/utils/enumerable_delegation.rb +9 -0
data/lib/utils/erlang_parser.rb +192 -0
data/lib/utils/file_reader.rb +25 -0
data/lib/utils/filter.rb +273 -0
data/lib/utils/filter_array.rb +27 -0
data/lib/utils/find_files.rb +47 -0
data/lib/utils/hash.rb +41 -0
data/lib/utils/json_log.rb +18 -0
data/lib/utils/latest_version.rb +22 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/nginx_parser.rb +105 -0
data/lib/utils/object_traversal.rb +49 -0
data/lib/utils/parser.rb +274 -0
data/lib/utils/pkey_reader.rb +15 -0
data/lib/utils/plugin_registry.rb +93 -0
data/lib/utils/simpleconfig.rb +120 -0
data/lib/utils/spdx.rb +13 -0
data/lib/utils/spdx.txt +344 -0
metadata +713 -0

data/lib/resources/grub_conf.rb ADDED

@@ -0,0 +1,227 @@
+# encoding: utf-8
+require 'utils/simpleconfig'
+require 'utils/file_reader'
+class GrubConfig < Inspec.resource(1)
+  name 'grub_conf'
+  supports platform: 'unix'
+  desc 'Use the grub_conf InSpec audit resource to test the boot config of Linux systems that use Grub.'
+  example "
+    describe grub_conf('/etc/grub.conf',  'default') do
+      its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
+      its('initrd') { should include '/initramfs-2.6.32-573.el6.x86_64.img=1' }
+      its('default') { should_not eq '1' }
+      its('timeout') { should eq '5' }
+    end
+    also check specific kernels
+    describe grub_conf('/etc/grub.conf',  'CentOS (2.6.32-573.12.1.el6.x86_64)') do
+      its('kernel') { should include 'audit=1' }
+    end
+  "
+  include FileReader
+  class UnknownGrubConfig < StandardError; end
+  def initialize(path = nil, kernel = nil)
+    config_for_platform(path)
+    @content = read_file(@conf_path)
+    @kernel = kernel || 'default'
+  rescue UnknownGrubConfig
+    return skip_resource 'The `grub_config` resource is not supported on your OS yet.'
+  end
+  def config_for_platform(path)
+    os = inspec.os
+    if os.redhat? || os[:name] == 'fedora'
+      config_for_redhatish(path)
+    elsif os.debian?
+      @conf_path = path || '/boot/grub/grub.cfg'
+      @defaults_path = '/etc/default/grub'
+      @grubenv_path = '/boot/grub2/grubenv'
+      @version = 'grub2'
+    elsif os[:name] == 'amazon'
+      @conf_path = path || '/etc/grub.conf'
+      @version = 'legacy'
+    else
+      raise UnknownGrubConfig
+    end
+  end
+  def config_for_redhatish(path)
+    if inspec.os[:release].to_f < 7
+      @conf_path = path || '/etc/grub.conf'
+      @version = 'legacy'
+    else
+      @conf_path = path || '/boot/grub2/grub.cfg'
+      @defaults_path = '/etc/default/grub'
+      @grubenv_path = '/boot/grub2/grubenv'
+      @version = 'grub2'
+    end
+  end
+  def method_missing(name)
+    read_params[name.to_s]
+  end
+  def to_s
+    'Grub Config'
+  end
+  private
+  ######################################################################
+  # Grub2 This is used by all supported versions of Ubuntu and Rhel 7+ #
+  ######################################################################
+  def grub2_parse_kernel_lines(content, conf)
+    menu_entries = extract_menu_entries(content)
+    if @kernel == 'default'
+      default_menu_entry(menu_entries, conf['GRUB_DEFAULT'])
+    else
+      menu_entries.find { |entry| entry['name'] == @kernel }
+    end
+  end
+  def extract_menu_entries(content)
+    menu_entries = []
+    lines = content.split("\n")
+    lines.each_with_index do |line, index|
+      next unless line =~ /^menuentry\s+.*/
+      entry = {}
+      entry['insmod'] = []
+      # Extract name from menuentry line
+      capture_data = line.match(/(?:^|\s+).*menuentry\s*['|"](.*)['|"]\s*--/)
+      if capture_data.nil? || capture_data.captures[0].nil?
+        raise Inspec::Exceptions::ResourceFailed "Failed to extract menuentry name from #{line}"
+      end
+      entry['name'] = capture_data.captures[0]
+      # Begin processing from index forward until a `}` line is met
+      lines.drop(index+1).each do |mline|
+        break if mline =~ /^\s*}\s*$/
+        case mline
+        when /(?:^|\s*)initrd.*/
+          entry['initrd'] = mline.split(' ')[1]
+        when /(?:^|\s*)linux.*/
+          entry['kernel'] = mline.split
+        when /(?:^|\s*)set root=.*/
+          entry['root'] = mline.split('=')[1].tr('\'', '')
+        when /(?:^|\s*)insmod.*/
+          entry['insmod'] << mline.split(' ')[1]
+        end
+      end
+      menu_entries << entry
+    end
+    menu_entries
+  end
+  def default_menu_entry(menu_entries, default)
+    # If the default entry isn't `saved` then a number is used as an index.
+    # By default this is `0`, which would be the first item in the list.
+    return menu_entries[default.to_i] unless default == 'saved'
+    grubenv_contents = inspec.file(@grubenv_path).content
+    # The location of the grubenv file is not guaranteed. In the case that
+    # the file does not exist this will return the 0th entry. This will also
+    # return the 0th entry if InSpec lacks permission to read the file. Both
+    # of these reflect the default Grub2 behavior.
+    return menu_entries[0] if grubenv_contents.nil?
+    default_name = SimpleConfig.new(grubenv_contents).params['saved_entry']
+    default_entry = menu_entries.select { |k| k['name'] == default_name }[0]
+    return default_entry unless default_entry.nil?
+    # It is possible for the saved entry to not be valid . For example, grubenv
+    # not being up to date. If so, the 0th entry is the default.
+    menu_entries[0]
+  end
+  ###################################################################
+  # Grub1 aka legacy-grub config. Primarily used by Centos/Rhel 6.x #
+  ###################################################################
+  def parse_kernel_lines(content, conf)
+    # Find all "title" lines and then parse them into arrays
+    menu_entry = 0
+    lines = content.split("\n")
+    kernel_opts = {}
+    lines.each_with_index do |file_line, index|
+      next unless file_line =~ /^title.*/
+      current_kernel = file_line.split(' ', 2)[1]
+      lines.drop(index+1).each do |kernel_line|
+        if kernel_line =~ /^\s.*/
+          option_type = kernel_line.split(' ')[0]
+          line_options = kernel_line.split(' ').drop(1)
+          if (menu_entry == conf['default'].to_i && @kernel == 'default') || current_kernel == @kernel
+            if option_type == 'kernel'
+              kernel_opts['kernel'] = line_options
+            else
+              kernel_opts[option_type] = line_options[0]
+            end
+          end
+        else
+          menu_entry += 1
+          break
+        end
+      end
+    end
+    kernel_opts
+  end
+  def read_file(config_file)
+    read_file_content(config_file)
+  end
+  def read_params
+    return @params if defined?(@params)
+    content = read_file(@conf_path)
+    if @version == 'legacy'
+      # parse the file
+      conf = SimpleConfig.new(
+        content,
+        multiple_values: true,
+      ).params
+      # convert single entry arrays into strings
+      conf.each do |key, value|
+        if value.size == 1
+          conf[key] = conf[key][0].to_s
+        end
+      end
+      kernel_opts = parse_kernel_lines(content, conf)
+      @params = conf.merge(kernel_opts)
+    end
+    if @version == 'grub2'
+      # read defaults
+      defaults = read_file(@defaults_path)
+      conf = SimpleConfig.new(
+        defaults,
+        multiple_values: true,
+      ).params
+      # convert single entry arrays into strings
+      conf.each do |key, value|
+        if value.size == 1
+          conf[key] = conf[key][0].to_s
+        end
+      end
+      kernel_opts = grub2_parse_kernel_lines(content, conf)
+      @params = conf.merge(kernel_opts)
+    end
+    @params
+  end
+end

data/lib/resources/host.rb ADDED

@@ -0,0 +1,306 @@
+# encoding: utf-8
+# Usage:
+# describe host('example.com') do
+#   it { should be_resolvable }
+#   it { should be_reachable }
+#   its('ipaddress') { should include '93.184.216.34' }
+# end
+#
+# To verify a hostname with protocol and port
+# describe host('example.com', port: 443, protocol: 'tcp') do
+#   it { should be_reachable }
+# end
+#
+# We do not support the following serverspec syntax:
+# describe host('example.com') do
+#   it { should be_reachable.with( :port => 22 ) }
+#   it { should be_reachable.with( :port => 22, :proto => 'tcp' ) }
+#   it { should be_reachable.with( :port => 53, :proto => 'udp' ) }
+#
+#   it { should be_resolvable.by('hosts') }
+#   it { should be_resolvable.by('dns') }
+# end
+require 'resolv'
+module Inspec::Resources
+  class Host < Inspec.resource(1)
+    name 'host'
+    supports platform: 'unix'
+    supports platform: 'windows'
+    desc 'Use the host InSpec audit resource to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available.'
+    example "
+      describe host('example.com') do
+        it { should be_reachable }
+        it { should be_resolvable }
+        its('ipaddress') { should include '12.34.56.78' }
+      end
+      describe host('example.com', port: '80', protocol: 'tcp') do
+        it { should be_reachable }
+      end
+    "
+    attr_reader :hostname, :port, :protocol
+    def initialize(hostname, params = {})
+      @hostname = hostname
+      @port = params[:port]
+      if params[:proto]
+        warn '[DEPRECATION] The `proto` parameter is deprecated. Use `protocol` instead.'
+        @protocol = params[:proto]
+      else
+        @protocol = params.fetch(:protocol, 'icmp')
+      end
+      @host_provider = nil
+      if inspec.os.linux?
+        @host_provider = LinuxHostProvider.new(inspec)
+      elsif inspec.os.windows?
+        return skip_resource 'Invalid protocol: only `tcp` and `icmp` protocols are support for the `host` resource on your OS.' unless
+          %w{icmp tcp}.include?(@protocol)
+        @host_provider = WindowsHostProvider.new(inspec)
+      elsif inspec.os.darwin?
+        @host_provider = DarwinHostProvider.new(inspec)
+      else
+        return skip_resource 'The `host` resource is not supported on your OS yet.'
+      end
+      missing_requirements = @host_provider.missing_requirements(protocol)
+      return skip_resource 'The following requirements are not met for this resource: ' \
+        "#{missing_requirements.join(', ')}" unless missing_requirements.empty?
+    end
+    def proto
+      warn '[DEPRECATION] The `proto` method is deprecated. Use `protocol` instead.'
+      protocol
+    end
+    # if we get the IP address, the host is resolvable
+    def resolvable?(type = nil)
+      warn "The `host` resource ignores #{type} parameters. Continue to resolve host." if !type.nil?
+      resolve.nil? || resolve.empty? ? false : true
+    end
+    def reachable?
+      # ping checks do not require port or protocol
+      return ping.fetch(:success, false) if protocol == 'icmp'
+      # if either port or protocol are specified but not both, we cannot proceed.
+      if port.nil? || protocol.nil?
+        raise "Protocol required with port. Use `host` resource with host('#{hostname}', port: 1234, proto: 'tcp') parameters." if port.nil? || protocol.nil?
+      end
+      # perform the protocol-specific reachability test
+      ping.fetch(:success, false)
+    end
+    def connection
+      ping[:connection]
+    end
+    def socket
+      ping[:socket]
+    end
+    # returns all A records of the IP address, will return an array
+    def ipaddress
+      resolve.nil? || resolve.empty? ? nil : resolve
+    end
+    def to_s
+      resource_name = "Host #{hostname}"
+      resource_name += " port #{port} proto #{protocol}" if port
+      resource_name
+    end
+    private
+    def ping
+      return @ping_cache if defined?(@ping_cache)
+      return {} if @host_provider.nil?
+      @ping_cache = @host_provider.ping(hostname, port, protocol)
+    end
+    def resolve
+      return @ip_cache if defined?(@ip_cache)
+      @ip_cache = @host_provider.resolve(hostname) if !@host_provider.nil?
+    end
+  end
+  class HostProvider
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
+    def missing_requirements(_protocol)
+      # each provider can return an array of missing requirements that can
+      # be enumerated in a skip_resource message
+      []
+    end
+  end
+  class UnixHostProvider < HostProvider
+    def initialize(inspec)
+      super
+      @has_nc = inspec.command('nc').exist?
+      @has_ncat = inspec.command('ncat').exist?
+      @has_net_redirections = inspec.command("strings `which bash` | grep -qE '/dev/(tcp|udp)/'").exit_status == 0
+    end
+    def missing_requirements(protocol)
+      missing = []
+      if %w{tcp udp}.include?(protocol) && !@has_nc && !@has_ncat
+        if @has_net_redirections
+          missing << "#{timeout} (part of coreutils) or netcat must be installed" unless inspec.command(timeout).exist?
+        else
+          missing << 'netcat must be installed'
+        end
+      end
+      missing
+    end
+    def ping(hostname, port, protocol)
+      if %w{tcp udp}.include?(protocol)
+        if @has_nc || @has_ncat
+          resp = inspec.command(netcat_check_command(hostname, port, protocol))
+        else
+          resp = inspec.command("#{timeout} 1 bash -c \"< /dev/#{protocol}/#{hostname}/#{port}\"")
+        end
+      else
+        # fall back to ping, but we can only test ICMP packages with ping
+        resp = inspec.command("ping -w 1 -c 1 #{hostname}")
+      end
+      {
+        success: resp.exit_status.to_i.zero?,
+        connection: resp.stderr,
+        socket: resp.stdout,
+      }
+    end
+    def netcat_check_command(hostname, port, protocol)
+      if @has_nc
+        base_cmd = 'nc'
+      elsif @has_ncat
+        base_cmd = 'ncat'
+      else
+        return
+      end
+      if protocol == 'udp'
+        extra_flags = '-u'
+      else
+        extra_flags = ''
+      end
+      "echo | #{base_cmd} -v -w 1 #{extra_flags} #{hostname} #{port}"
+    end
+    def timeout
+      'timeout'
+    end
+    def resolve_with_dig(hostname)
+      addresses = []
+      # look for IPv4 addresses
+      cmd = inspec.command("dig +short A #{hostname}")
+      cmd.stdout.lines.each do |line|
+        matched = line.chomp.match(Resolv::IPv4::Regex)
+        addresses << matched.to_s unless matched.nil?
+      end
+      # look for IPv6 addresses
+      cmd = inspec.command("dig +short AAAA #{hostname}")
+      cmd.stdout.lines.each do |line|
+        matched = line.chomp.match(Resolv::IPv6::Regex)
+        addresses << matched.to_s unless matched.nil?
+      end
+      addresses.empty? ? nil : addresses
+    end
+    def resolve_with_getent(hostname)
+      cmd = inspec.command("getent ahosts #{hostname}")
+      return nil unless cmd.exit_status.to_i.zero?
+      # getent ahosts output is formatted like so:
+      # $ getent ahosts www.google.com
+      # 172.217.8.4     STREAM www.google.com
+      # 172.217.8.4     DGRAM
+      # 172.217.8.4     RAW
+      # 2607:f8b0:4004:803::2004 STREAM
+      # 2607:f8b0:4004:803::2004 DGRAM
+      # 2607:f8b0:4004:803::2004 RAW
+      addresses = []
+      cmd.stdout.lines.each do |line|
+        ip, = line.split(/\s+/, 2)
+        next unless ip.match(Resolv::IPv4::Regex) || ip.match(Resolv::IPv6::Regex)
+        addresses << ip unless addresses.include?(ip)
+      end
+      addresses
+    end
+  end
+  class DarwinHostProvider < UnixHostProvider
+    def timeout
+      'gtimeout'
+    end
+    def resolve(hostname)
+      resolve_with_dig(hostname)
+    end
+  end
+  class LinuxHostProvider < UnixHostProvider
+    def resolve(hostname)
+      resolve_with_getent(hostname)
+    end
+  end
+  # Windows
+  # TODO: UDP is not supported yey, we need a custom ps1 script to add udp support
+  # @see http://blogs.technet.com/b/josebda/archive/2015/04/18/windows-powershell-equivalents-for-common-networking-commands-ipconfig-ping-nslookup.aspx
+  # @see http://blogs.technet.com/b/heyscriptingguy/archive/2014/03/19/creating-a-port-scanner-with-windows-powershell.aspx
+  class WindowsHostProvider < HostProvider
+    def ping(hostname, port = nil, _proto = nil)
+      # ICMP: Test-NetConnection www.microsoft.com
+      # TCP and port: Test-NetConnection -ComputerName www.microsoft.com -RemotePort 80
+      request = "Test-NetConnection -ComputerName #{hostname} -WarningAction SilentlyContinue"
+      request += " -RemotePort #{port}" unless port.nil?
+      request += '| Select-Object -Property ComputerName, TcpTestSucceeded, PingSucceeded | ConvertTo-Json'
+      cmd = inspec.command(request)
+      begin
+        ping = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => _e
+        return {}
+      end
+      { success: port.nil? ? ping['PingSucceeded'] : ping['TcpTestSucceeded'] }
+    end
+    def resolve(hostname)
+      cmd = inspec.command("Resolve-DnsName –Type A #{hostname} | ConvertTo-Json")
+      begin
+        resolv = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => _e
+        return nil
+      end
+      resolv = [resolv] unless resolv.is_a?(Array)
+      resolv.map { |entry| entry['IPAddress'] }
+    end
+  end
+end