RubyGems - inspec-core - Versions diffs - 2.1.67 - Mend

inspec-core 2.1.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (412) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +3136 -0
data/Gemfile +56 -0
data/LICENSE +14 -0
data/MAINTAINERS.md +33 -0
data/MAINTAINERS.toml +52 -0
data/README.md +453 -0
data/bin/inspec +12 -0
data/docs/.gitignore +2 -0
data/docs/README.md +40 -0
data/docs/dev/control-eval.md +62 -0
data/docs/dsl_inspec.md +258 -0
data/docs/dsl_resource.md +100 -0
data/docs/glossary.md +99 -0
data/docs/habitat.md +192 -0
data/docs/inspec_and_friends.md +114 -0
data/docs/matchers.md +169 -0
data/docs/migration.md +293 -0
data/docs/platforms.md +119 -0
data/docs/plugin_kitchen_inspec.md +50 -0
data/docs/profiles.md +378 -0
data/docs/reporters.md +105 -0
data/docs/resources/aide_conf.md.erb +76 -0
data/docs/resources/apache.md.erb +67 -0
data/docs/resources/apache_conf.md.erb +68 -0
data/docs/resources/apt.md.erb +71 -0
data/docs/resources/audit_policy.md.erb +47 -0
data/docs/resources/auditd.md.erb +79 -0
data/docs/resources/auditd_conf.md.erb +68 -0
data/docs/resources/bash.md.erb +75 -0
data/docs/resources/bond.md.erb +90 -0
data/docs/resources/bridge.md.erb +57 -0
data/docs/resources/bsd_service.md.erb +67 -0
data/docs/resources/chocolatey_package.md.erb +58 -0
data/docs/resources/command.md.erb +138 -0
data/docs/resources/cpan.md.erb +79 -0
data/docs/resources/cran.md.erb +64 -0
data/docs/resources/crontab.md.erb +89 -0
data/docs/resources/csv.md.erb +54 -0
data/docs/resources/dh_params.md.erb +205 -0
data/docs/resources/directory.md.erb +30 -0
data/docs/resources/docker.md.erb +219 -0
data/docs/resources/docker_container.md.erb +103 -0
data/docs/resources/docker_image.md.erb +94 -0
data/docs/resources/docker_service.md.erb +114 -0
data/docs/resources/elasticsearch.md.erb +242 -0
data/docs/resources/etc_fstab.md.erb +125 -0
data/docs/resources/etc_group.md.erb +75 -0
data/docs/resources/etc_hosts.md.erb +78 -0
data/docs/resources/etc_hosts_allow.md.erb +74 -0
data/docs/resources/etc_hosts_deny.md.erb +74 -0
data/docs/resources/file.md.erb +526 -0
data/docs/resources/filesystem.md.erb +41 -0
data/docs/resources/firewalld.md.erb +107 -0
data/docs/resources/gem.md.erb +79 -0
data/docs/resources/group.md.erb +61 -0
data/docs/resources/grub_conf.md.erb +101 -0
data/docs/resources/host.md.erb +86 -0
data/docs/resources/http.md.erb +197 -0
data/docs/resources/iis_app.md.erb +122 -0
data/docs/resources/iis_site.md.erb +135 -0
data/docs/resources/inetd_conf.md.erb +94 -0
data/docs/resources/ini.md.erb +76 -0
data/docs/resources/interface.md.erb +58 -0
data/docs/resources/iptables.md.erb +64 -0
data/docs/resources/json.md.erb +63 -0
data/docs/resources/kernel_module.md.erb +120 -0
data/docs/resources/kernel_parameter.md.erb +53 -0
data/docs/resources/key_rsa.md.erb +85 -0
data/docs/resources/launchd_service.md.erb +57 -0
data/docs/resources/limits_conf.md.erb +75 -0
data/docs/resources/login_defs.md.erb +71 -0
data/docs/resources/mount.md.erb +69 -0
data/docs/resources/mssql_session.md.erb +60 -0
data/docs/resources/mysql_conf.md.erb +99 -0
data/docs/resources/mysql_session.md.erb +74 -0
data/docs/resources/nginx.md.erb +79 -0
data/docs/resources/nginx_conf.md.erb +138 -0
data/docs/resources/npm.md.erb +60 -0
data/docs/resources/ntp_conf.md.erb +60 -0
data/docs/resources/oneget.md.erb +53 -0
data/docs/resources/oracledb_session.md.erb +52 -0
data/docs/resources/os.md.erb +141 -0
data/docs/resources/os_env.md.erb +91 -0
data/docs/resources/package.md.erb +120 -0
data/docs/resources/packages.md.erb +67 -0
data/docs/resources/parse_config.md.erb +103 -0
data/docs/resources/parse_config_file.md.erb +138 -0
data/docs/resources/passwd.md.erb +141 -0
data/docs/resources/pip.md.erb +67 -0
data/docs/resources/port.md.erb +137 -0
data/docs/resources/postgres_conf.md.erb +79 -0
data/docs/resources/postgres_hba_conf.md.erb +93 -0
data/docs/resources/postgres_ident_conf.md.erb +76 -0
data/docs/resources/postgres_session.md.erb +69 -0
data/docs/resources/powershell.md.erb +102 -0
data/docs/resources/processes.md.erb +109 -0
data/docs/resources/rabbitmq_config.md.erb +41 -0
data/docs/resources/registry_key.md.erb +158 -0
data/docs/resources/runit_service.md.erb +57 -0
data/docs/resources/security_policy.md.erb +47 -0
data/docs/resources/service.md.erb +121 -0
data/docs/resources/shadow.md.erb +146 -0
data/docs/resources/ssh_config.md.erb +73 -0
data/docs/resources/sshd_config.md.erb +83 -0
data/docs/resources/ssl.md.erb +119 -0
data/docs/resources/sys_info.md.erb +42 -0
data/docs/resources/systemd_service.md.erb +57 -0
data/docs/resources/sysv_service.md.erb +57 -0
data/docs/resources/upstart_service.md.erb +57 -0
data/docs/resources/user.md.erb +140 -0
data/docs/resources/users.md.erb +127 -0
data/docs/resources/vbscript.md.erb +55 -0
data/docs/resources/virtualization.md.erb +57 -0
data/docs/resources/windows_feature.md.erb +47 -0
data/docs/resources/windows_hotfix.md.erb +53 -0
data/docs/resources/windows_task.md.erb +95 -0
data/docs/resources/wmi.md.erb +81 -0
data/docs/resources/x509_certificate.md.erb +151 -0
data/docs/resources/xinetd_conf.md.erb +156 -0
data/docs/resources/xml.md.erb +85 -0
data/docs/resources/yaml.md.erb +69 -0
data/docs/resources/yum.md.erb +98 -0
data/docs/resources/zfs_dataset.md.erb +53 -0
data/docs/resources/zfs_pool.md.erb +47 -0
data/docs/ruby_usage.md +203 -0
data/docs/shared/matcher_be.md.erb +1 -0
data/docs/shared/matcher_cmp.md.erb +43 -0
data/docs/shared/matcher_eq.md.erb +3 -0
data/docs/shared/matcher_include.md.erb +1 -0
data/docs/shared/matcher_match.md.erb +1 -0
data/docs/shell.md +217 -0
data/examples/README.md +8 -0
data/examples/inheritance/README.md +65 -0
data/examples/inheritance/controls/example.rb +14 -0
data/examples/inheritance/inspec.yml +15 -0
data/examples/kitchen-ansible/.kitchen.yml +25 -0
data/examples/kitchen-ansible/Gemfile +19 -0
data/examples/kitchen-ansible/README.md +53 -0
data/examples/kitchen-ansible/files/nginx.repo +6 -0
data/examples/kitchen-ansible/tasks/main.yml +16 -0
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-chef/.kitchen.yml +20 -0
data/examples/kitchen-chef/Berksfile +3 -0
data/examples/kitchen-chef/Gemfile +19 -0
data/examples/kitchen-chef/README.md +27 -0
data/examples/kitchen-chef/metadata.rb +7 -0
data/examples/kitchen-chef/recipes/default.rb +6 -0
data/examples/kitchen-chef/recipes/nginx.rb +30 -0
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-puppet/.kitchen.yml +23 -0
data/examples/kitchen-puppet/Gemfile +20 -0
data/examples/kitchen-puppet/Puppetfile +25 -0
data/examples/kitchen-puppet/README.md +53 -0
data/examples/kitchen-puppet/manifests/site.pp +33 -0
data/examples/kitchen-puppet/metadata.json +11 -0
data/examples/kitchen-puppet/modules/.gitkeep +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
data/examples/meta-profile/README.md +37 -0
data/examples/meta-profile/controls/example.rb +13 -0
data/examples/meta-profile/inspec.yml +13 -0
data/examples/profile-attribute.yml +2 -0
data/examples/profile-attribute/README.md +14 -0
data/examples/profile-attribute/controls/example.rb +11 -0
data/examples/profile-attribute/inspec.yml +8 -0
data/examples/profile-sensitive/README.md +29 -0
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -0
data/examples/profile-sensitive/controls/sensitive.rb +9 -0
data/examples/profile-sensitive/inspec.yml +8 -0
data/examples/profile/README.md +48 -0
data/examples/profile/controls/example.rb +23 -0
data/examples/profile/controls/gordon.rb +36 -0
data/examples/profile/controls/meta.rb +34 -0
data/examples/profile/inspec.yml +10 -0
data/examples/profile/libraries/gordon_config.rb +59 -0
data/inspec-core.gemspec +43 -0
data/lib/bundles/README.md +3 -0
data/lib/bundles/inspec-artifact.rb +7 -0
data/lib/bundles/inspec-artifact/README.md +1 -0
data/lib/bundles/inspec-artifact/cli.rb +277 -0
data/lib/bundles/inspec-compliance.rb +16 -0
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -0
data/lib/bundles/inspec-compliance/README.md +193 -0
data/lib/bundles/inspec-compliance/api.rb +360 -0
data/lib/bundles/inspec-compliance/api/login.rb +193 -0
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -0
data/lib/bundles/inspec-compliance/cli.rb +260 -0
data/lib/bundles/inspec-compliance/configuration.rb +103 -0
data/lib/bundles/inspec-compliance/http.rb +125 -0
data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
data/lib/bundles/inspec-compliance/support.rb +36 -0
data/lib/bundles/inspec-compliance/target.rb +106 -0
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -0
data/lib/bundles/inspec-habitat.rb +12 -0
data/lib/bundles/inspec-habitat/cli.rb +36 -0
data/lib/bundles/inspec-habitat/log.rb +10 -0
data/lib/bundles/inspec-habitat/profile.rb +391 -0
data/lib/bundles/inspec-init.rb +8 -0
data/lib/bundles/inspec-init/README.md +31 -0
data/lib/bundles/inspec-init/cli.rb +97 -0
data/lib/bundles/inspec-init/templates/profile/README.md +3 -0
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -0
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -0
data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
data/lib/bundles/inspec-supermarket.rb +13 -0
data/lib/bundles/inspec-supermarket/README.md +45 -0
data/lib/bundles/inspec-supermarket/api.rb +84 -0
data/lib/bundles/inspec-supermarket/cli.rb +73 -0
data/lib/bundles/inspec-supermarket/target.rb +34 -0
data/lib/fetchers/git.rb +163 -0
data/lib/fetchers/local.rb +74 -0
data/lib/fetchers/mock.rb +35 -0
data/lib/fetchers/url.rb +247 -0
data/lib/inspec.rb +24 -0
data/lib/inspec/archive/tar.rb +29 -0
data/lib/inspec/archive/zip.rb +19 -0
data/lib/inspec/backend.rb +93 -0
data/lib/inspec/base_cli.rb +368 -0
data/lib/inspec/cached_fetcher.rb +66 -0
data/lib/inspec/cli.rb +292 -0
data/lib/inspec/completions/bash.sh.erb +45 -0
data/lib/inspec/completions/fish.sh.erb +34 -0
data/lib/inspec/completions/zsh.sh.erb +61 -0
data/lib/inspec/control_eval_context.rb +179 -0
data/lib/inspec/dependencies/cache.rb +72 -0
data/lib/inspec/dependencies/dependency_set.rb +92 -0
data/lib/inspec/dependencies/lockfile.rb +115 -0
data/lib/inspec/dependencies/requirement.rb +123 -0
data/lib/inspec/dependencies/resolver.rb +86 -0
data/lib/inspec/describe.rb +27 -0
data/lib/inspec/dsl.rb +66 -0
data/lib/inspec/dsl_shared.rb +33 -0
data/lib/inspec/env_printer.rb +157 -0
data/lib/inspec/errors.rb +14 -0
data/lib/inspec/exceptions.rb +12 -0
data/lib/inspec/expect.rb +45 -0
data/lib/inspec/fetcher.rb +45 -0
data/lib/inspec/file_provider.rb +275 -0
data/lib/inspec/formatters.rb +3 -0
data/lib/inspec/formatters/base.rb +259 -0
data/lib/inspec/formatters/json_rspec.rb +20 -0
data/lib/inspec/formatters/show_progress.rb +12 -0
data/lib/inspec/library_eval_context.rb +58 -0
data/lib/inspec/log.rb +11 -0
data/lib/inspec/metadata.rb +247 -0
data/lib/inspec/method_source.rb +24 -0
data/lib/inspec/objects.rb +14 -0
data/lib/inspec/objects/attribute.rb +75 -0
data/lib/inspec/objects/control.rb +61 -0
data/lib/inspec/objects/describe.rb +92 -0
data/lib/inspec/objects/each_loop.rb +36 -0
data/lib/inspec/objects/list.rb +15 -0
data/lib/inspec/objects/or_test.rb +40 -0
data/lib/inspec/objects/ruby_helper.rb +15 -0
data/lib/inspec/objects/tag.rb +27 -0
data/lib/inspec/objects/test.rb +87 -0
data/lib/inspec/objects/value.rb +27 -0
data/lib/inspec/plugins.rb +60 -0
data/lib/inspec/plugins/cli.rb +24 -0
data/lib/inspec/plugins/fetcher.rb +86 -0
data/lib/inspec/plugins/resource.rb +135 -0
data/lib/inspec/plugins/secret.rb +15 -0
data/lib/inspec/plugins/source_reader.rb +40 -0
data/lib/inspec/polyfill.rb +12 -0
data/lib/inspec/profile.rb +513 -0
data/lib/inspec/profile_context.rb +208 -0
data/lib/inspec/profile_vendor.rb +66 -0
data/lib/inspec/reporters.rb +60 -0
data/lib/inspec/reporters/automate.rb +76 -0
data/lib/inspec/reporters/base.rb +25 -0
data/lib/inspec/reporters/cli.rb +356 -0
data/lib/inspec/reporters/json.rb +116 -0
data/lib/inspec/reporters/json_min.rb +48 -0
data/lib/inspec/reporters/junit.rb +78 -0
data/lib/inspec/require_loader.rb +33 -0
data/lib/inspec/resource.rb +190 -0
data/lib/inspec/rule.rb +280 -0
data/lib/inspec/runner.rb +345 -0
data/lib/inspec/runner_mock.rb +41 -0
data/lib/inspec/runner_rspec.rb +175 -0
data/lib/inspec/runtime_profile.rb +26 -0
data/lib/inspec/schema.rb +213 -0
data/lib/inspec/secrets.rb +19 -0
data/lib/inspec/secrets/yaml.rb +30 -0
data/lib/inspec/shell.rb +220 -0
data/lib/inspec/shell_detector.rb +90 -0
data/lib/inspec/source_reader.rb +29 -0
data/lib/inspec/version.rb +8 -0
data/lib/matchers/matchers.rb +339 -0
data/lib/resources/aide_conf.rb +151 -0
data/lib/resources/apache.rb +48 -0
data/lib/resources/apache_conf.rb +149 -0
data/lib/resources/apt.rb +149 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd.rb +231 -0
data/lib/resources/auditd_conf.rb +46 -0
data/lib/resources/bash.rb +35 -0
data/lib/resources/bond.rb +69 -0
data/lib/resources/bridge.rb +122 -0
data/lib/resources/chocolatey_package.rb +78 -0
data/lib/resources/command.rb +73 -0
data/lib/resources/cpan.rb +58 -0
data/lib/resources/cran.rb +64 -0
data/lib/resources/crontab.rb +169 -0
data/lib/resources/csv.rb +56 -0
data/lib/resources/dh_params.rb +77 -0
data/lib/resources/directory.rb +25 -0
data/lib/resources/docker.rb +236 -0
data/lib/resources/docker_container.rb +89 -0
data/lib/resources/docker_image.rb +83 -0
data/lib/resources/docker_object.rb +57 -0
data/lib/resources/docker_service.rb +90 -0
data/lib/resources/elasticsearch.rb +169 -0
data/lib/resources/etc_fstab.rb +94 -0
data/lib/resources/etc_group.rb +154 -0
data/lib/resources/etc_hosts.rb +66 -0
data/lib/resources/etc_hosts_allow_deny.rb +112 -0
data/lib/resources/file.rb +298 -0
data/lib/resources/filesystem.rb +31 -0
data/lib/resources/firewalld.rb +143 -0
data/lib/resources/gem.rb +70 -0
data/lib/resources/groups.rb +215 -0
data/lib/resources/grub_conf.rb +227 -0
data/lib/resources/host.rb +306 -0
data/lib/resources/http.rb +253 -0
data/lib/resources/iis_app.rb +101 -0
data/lib/resources/iis_site.rb +148 -0
data/lib/resources/inetd_conf.rb +54 -0
data/lib/resources/ini.rb +29 -0
data/lib/resources/interface.rb +129 -0
data/lib/resources/iptables.rb +80 -0
data/lib/resources/json.rb +111 -0
data/lib/resources/kernel_module.rb +107 -0
data/lib/resources/kernel_parameter.rb +58 -0
data/lib/resources/key_rsa.rb +63 -0
data/lib/resources/limits_conf.rb +46 -0
data/lib/resources/login_def.rb +57 -0
data/lib/resources/mount.rb +88 -0
data/lib/resources/mssql_session.rb +101 -0
data/lib/resources/mysql.rb +82 -0
data/lib/resources/mysql_conf.rb +127 -0
data/lib/resources/mysql_session.rb +85 -0
data/lib/resources/nginx.rb +96 -0
data/lib/resources/nginx_conf.rb +226 -0
data/lib/resources/npm.rb +48 -0
data/lib/resources/ntp_conf.rb +51 -0
data/lib/resources/oneget.rb +71 -0
data/lib/resources/oracledb_session.rb +139 -0
data/lib/resources/os.rb +36 -0
data/lib/resources/os_env.rb +86 -0
data/lib/resources/package.rb +370 -0
data/lib/resources/packages.rb +111 -0
data/lib/resources/parse_config.rb +112 -0
data/lib/resources/passwd.rb +76 -0
data/lib/resources/pip.rb +130 -0
data/lib/resources/platform.rb +109 -0
data/lib/resources/port.rb +771 -0
data/lib/resources/postgres.rb +131 -0
data/lib/resources/postgres_conf.rb +114 -0
data/lib/resources/postgres_hba_conf.rb +90 -0
data/lib/resources/postgres_ident_conf.rb +79 -0
data/lib/resources/postgres_session.rb +71 -0
data/lib/resources/powershell.rb +67 -0
data/lib/resources/processes.rb +204 -0
data/lib/resources/rabbitmq_conf.rb +51 -0
data/lib/resources/registry_key.rb +297 -0
data/lib/resources/security_policy.rb +180 -0
data/lib/resources/service.rb +794 -0
data/lib/resources/shadow.rb +159 -0
data/lib/resources/ssh_conf.rb +97 -0
data/lib/resources/ssl.rb +99 -0
data/lib/resources/sys_info.rb +28 -0
data/lib/resources/toml.rb +32 -0
data/lib/resources/users.rb +654 -0
data/lib/resources/vbscript.rb +68 -0
data/lib/resources/virtualization.rb +247 -0
data/lib/resources/windows_feature.rb +84 -0
data/lib/resources/windows_hotfix.rb +35 -0
data/lib/resources/windows_task.rb +102 -0
data/lib/resources/wmi.rb +110 -0
data/lib/resources/x509_certificate.rb +137 -0
data/lib/resources/xinetd.rb +106 -0
data/lib/resources/xml.rb +46 -0
data/lib/resources/yaml.rb +43 -0
data/lib/resources/yum.rb +180 -0
data/lib/resources/zfs_dataset.rb +60 -0
data/lib/resources/zfs_pool.rb +49 -0
data/lib/source_readers/flat.rb +39 -0
data/lib/source_readers/inspec.rb +75 -0
data/lib/utils/command_wrapper.rb +27 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/database_helpers.rb +77 -0
data/lib/utils/enumerable_delegation.rb +9 -0
data/lib/utils/erlang_parser.rb +192 -0
data/lib/utils/file_reader.rb +25 -0
data/lib/utils/filter.rb +273 -0
data/lib/utils/filter_array.rb +27 -0
data/lib/utils/find_files.rb +47 -0
data/lib/utils/hash.rb +41 -0
data/lib/utils/json_log.rb +18 -0
data/lib/utils/latest_version.rb +22 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/nginx_parser.rb +105 -0
data/lib/utils/object_traversal.rb +49 -0
data/lib/utils/parser.rb +274 -0
data/lib/utils/pkey_reader.rb +15 -0
data/lib/utils/plugin_registry.rb +93 -0
data/lib/utils/simpleconfig.rb +120 -0
data/lib/utils/spdx.rb +13 -0
data/lib/utils/spdx.txt +344 -0
metadata +713 -0

data/lib/resources/kernel_parameter.rb ADDED

@@ -0,0 +1,58 @@
+# encoding: utf-8
+module Inspec::Resources
+  class KernelParameter < Inspec.resource(1)
+    name 'kernel_parameter'
+    supports platform: 'unix'
+    desc 'Use the kernel_parameter InSpec audit resource to test kernel parameters on Linux platforms.'
+    example "
+      describe kernel_parameter('net.ipv4.conf.all.forwarding') do
+        its('value') { should eq 0 }
+      end
+    "
+    def initialize(parameter = nil)
+      @parameter = parameter
+      # this resource is only supported on Linux
+      return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
+    end
+    def value
+      cmd = inspec.command("/sbin/sysctl -q -n #{@parameter}")
+      return nil if cmd.exit_status != 0
+      # remove whitespace
+      cmd = cmd.stdout.chomp.strip
+      # convert to number if possible
+      cmd = cmd.to_i if cmd =~ /^\d+$/
+      cmd
+    end
+    def to_s
+      "Kernel Parameter #{@parameter}"
+    end
+  end
+  # for compatability with serverspec
+  # this is deprecated syntax and will be removed in future versions
+  class LinuxKernelParameter < KernelParameter
+    name 'linux_kernel_parameter'
+    def initialize(parameter)
+      super(parameter)
+    end
+    def value
+      deprecated
+      super()
+    end
+    def deprecated
+      warn '[DEPRECATION] `linux_kernel_parameter(parameter)` is deprecated.  Please use `kernel_parameter(parameter)` instead.'
+    end
+    def to_s
+      "Kernel Parameter #{@parameter}"
+    end
+  end
+end

data/lib/resources/key_rsa.rb ADDED

@@ -0,0 +1,63 @@
+# encoding: utf-8
+require 'openssl'
+require 'hashie/mash'
+require 'utils/file_reader'
+require 'utils/pkey_reader'
+module Inspec::Resources
+  class RsaKey < Inspec.resource(1)
+    name 'key_rsa'
+    supports platform: 'unix'
+    supports platform: 'windows'
+    desc 'public/private RSA key pair test'
+    example "
+      describe key_rsa('/etc/pki/www.mywebsite.com.key') do
+        its('public_key') { should match /BEGIN RSA PUBLIC KEY/ }
+      end
+      describe key_rsa('/etc/pki/www.mywebsite.com.key', 'passphrase') do
+        it { should be_private }
+        it { should be_public }
+      end
+    "
+    include FileReader
+    include PkeyReader
+    def initialize(keypath, passphrase = nil)
+      @key_path = keypath
+      @passphrase = passphrase
+      @key = read_pkey(read_file_content(@key_path, allow_empty: true), @passphrase)
+    end
+    def public?
+      return if @key.nil?
+      @key.public?
+    end
+    def public_key
+      return if @key.nil?
+      @key.public_key.to_s
+    end
+    def private?
+      return if @key.nil?
+      @key.private?
+    end
+    def private_key
+      return if @key.nil?
+      @key.to_s
+    end
+    def key_length
+      return if @key.nil?
+      @key.public_key.n.num_bytes * 8
+    end
+    def to_s
+      "rsa_key #{@key_path}"
+    end
+  end
+end

data/lib/resources/limits_conf.rb ADDED

@@ -0,0 +1,46 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+require 'utils/simpleconfig'
+require 'utils/file_reader'
+module Inspec::Resources
+  class LimitsConf < Inspec.resource(1)
+    name 'limits_conf'
+    supports platform: 'unix'
+    desc 'Use the limits_conf InSpec audit resource to test configuration settings in the /etc/security/limits.conf file. The limits.conf defines limits for processes (by user and/or group names) and helps ensure that the system on which those processes are running remains stable. Each process may be assigned a hard or soft limit.'
+    example "
+      describe limits_conf do
+        its('*') { should include ['hard','core','0'] }
+      end
+    "
+    include FileReader
+    def initialize(path = nil)
+      @conf_path = path || '/etc/security/limits.conf'
+      @content = read_file_content(@conf_path)
+    end
+    def method_missing(name)
+      read_params[name.to_s]
+    end
+    def read_params
+      return @params if defined?(@params)
+      # parse the file
+      conf = SimpleConfig.new(
+        @content,
+        assignment_regex: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
+        key_values: 3,
+        multiple_values: true,
+      )
+      @params = conf.params
+    end
+    def to_s
+      'limits.conf'
+    end
+  end
+end

data/lib/resources/login_def.rb ADDED

@@ -0,0 +1,57 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+require 'utils/simpleconfig'
+require 'utils/file_reader'
+# Usage:
+#
+# describe login_def do
+#   its('UMASK') {
+#     should eq '077'
+#   }
+#
+#   its('PASS_MAX_DAYS.to_i') {
+#     should be <= 90
+#   }
+# end
+module Inspec::Resources
+  class LoginDef < Inspec.resource(1)
+    name 'login_defs'
+    supports platform: 'unix'
+    desc 'Use the login_defs InSpec audit resource to test configuration settings in the /etc/login.defs file. The logins.defs file defines site-specific configuration for the shadow password suite on Linux and UNIX platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.'
+    example "
+      describe login_defs do
+        its('ENCRYPT_METHOD') { should eq 'SHA512' }
+      end
+    "
+    include FileReader
+    def initialize(path = nil)
+      @conf_path = path || '/etc/login.defs'
+      @content = read_file_content(@conf_path)
+    end
+    def method_missing(name)
+      read_params[name.to_s]
+    end
+    def read_params
+      return @params if defined?(@params)
+      # parse the file
+      conf = SimpleConfig.new(
+        @content,
+        assignment_regex: /^\s*(\S+)\s+(\S*)\s*$/,
+        multiple_values: false,
+      )
+      @params = conf.params
+    end
+    def to_s
+      'login.defs'
+    end
+  end
+end

data/lib/resources/mount.rb ADDED

@@ -0,0 +1,88 @@
+# encoding: utf-8
+require 'utils/simpleconfig'
+module Inspec::Resources
+  class Mount < Inspec.resource(1)
+    name 'mount'
+    supports platform: 'unix'
+    desc 'Use the mount InSpec audit resource to test if mount points.'
+    example "
+      describe mount('/') do
+        it { should be_mounted }
+        its('count') { should eq 1 }
+        its('device') { should eq  '/dev/mapper/VolGroup-lv_root' }
+        its('type') { should eq  'ext4' }
+        its('options') { should eq ['rw', 'mode=620'] }
+        its('options') { should include 'nodev' }
+      end
+    "
+    attr_reader :file
+    def initialize(path)
+      @path = path
+      @mount_manager = mount_manager_for_os
+      return skip_resource 'The `mount` resource is not supported on your OS yet.' if @mount_manager.nil?
+      @file = inspec.backend.file(@path)
+    end
+    def mounted?
+      file.mounted?
+    end
+    def count
+      mounted = file.mounted
+      return nil if mounted.nil? || mounted.stdout.nil?
+      mounted.stdout.lines.count
+    end
+    def method_missing(name)
+      return nil if !file.mounted?
+      mounted = file.mounted
+      return nil if mounted.nil? || mounted.stdout.nil?
+      line = mounted.stdout
+      # if we got multiple lines, only use the last entry
+      line = mounted.stdout.lines.to_a.last if mounted.stdout.lines.count > 1
+      # parse content if we are on linux
+      @mount_options ||= @mount_manager.parse_mount_options(line)
+      @mount_options[name]
+    end
+    def to_s
+      "Mount #{@path}"
+    end
+    private
+    def mount_manager_for_os
+      os = inspec.os
+      if os.linux?
+        LinuxMounts.new(inspec)
+      elsif ['freebsd'].include?(os[:family])
+        BsdMounts.new(inspec)
+      end
+    end
+  end
+  class MountsInfo
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
+    def parse_mount_options(_mount_line, _compatibility = false)
+      raise NotImplementedError
+    end
+  end
+  class LinuxMounts < MountsInfo
+    include LinuxMountParser
+  end
+  class BsdMounts < MountsInfo
+    include BsdMountParser
+  end
+end

data/lib/resources/mssql_session.rb ADDED

@@ -0,0 +1,101 @@
+# encoding: utf-8
+require 'hashie/mash'
+require 'utils/database_helpers'
+module Inspec::Resources
+  # STABILITY: Experimental
+  # This resource needs further testing and refinement
+  #
+  # This requires the `sqlcmd` tool available on platform
+  # @see https://docs.microsoft.com/en-us/sql/relational-databases/scripting/sqlcmd-use-the-utility
+  # @see https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-connect-and-query-sqlcmd
+  class MssqlSession < Inspec.resource(1)
+    name 'mssql_session'
+    supports platform: 'windows'
+    desc 'Use the mssql_session InSpec audit resource to test SQL commands run against a MS Sql Server database.'
+    example "
+      # Using SQL authentication
+      sql = mssql_session(user: 'myuser', pass: 'mypassword')
+      describe sql.query('SELECT * FROM table').row(0).column('columnname') do
+        its('value') { should cmp == 1 }
+      end
+      # Passing no credentials to mssql_session forces it to use Windows authentication
+      sql_windows_auth = mssql_session
+      describe sql_windows_auth.query(\"SELECT SERVERPROPERTY('IsIntegratedSecurityOnly') as \\\"login_mode\\\";\").row(0).column('login_mode') do
+        its('value') { should_not be_empty }
+        its('value') { should cmp == 1 }
+      end
+    "
+    attr_reader :user, :password, :host, :port, :instance
+    def initialize(opts = {})
+      @user = opts[:user]
+      @password = opts[:password] || opts[:pass]
+      if opts[:pass]
+        warn '[DEPRECATED] use `password` option to supply password instead of `pass`'
+      end
+      @host = opts[:host] || 'localhost'
+      @port = opts[:port] || '1433'
+      @instance = opts[:instance]
+      # check if sqlcmd is available
+      raise Inspec::Exceptions::ResourceSkipped, 'sqlcmd is missing' unless inspec.command('sqlcmd').exist?
+      # check that database is reachable
+      raise Inspec::Exceptions::ResourceSkipped, "Can't connect to the MS SQL Server." unless test_connection
+    end
+    def query(q)
+      escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
+      # surpress 'x rows affected' in SQLCMD with 'set nocount on;'
+      cmd_string = "sqlcmd -Q \"set nocount on; #{escaped_query}\" -W -w 1024 -s ','"
+      cmd_string += " -U '#{@user}' -P '#{@password}'" unless @user.nil? || @password.nil?
+      if @instance.nil?
+        cmd_string += " -S '#{@host},#{@port}'"
+      else
+        cmd_string += " -S '#{@host},#{@port}\\#{@instance}'"
+      end
+      cmd = inspec.command(cmd_string)
+      out = cmd.stdout + "\n" + cmd.stderr
+      if cmd.exit_status != 0 || out =~ /Sqlcmd: Error/
+        # TODO: we need to throw an exception here
+        # change once https://github.com/chef/inspec/issues/1205 is in
+        warn "Could not execute the sql query #{out}"
+        DatabaseHelper::SQLQueryResult.new(cmd, Hashie::Mash.new({}))
+      else
+        DatabaseHelper::SQLQueryResult.new(cmd, parse_csv_result(cmd))
+      end
+    end
+    def to_s
+      'MSSQL session'
+    end
+    private
+    def test_connection
+      !query('select getdate()').empty?
+    end
+    def parse_csv_result(cmd)
+      require 'csv'
+      table = CSV.parse(cmd.stdout, { headers: true })
+      # remove first row, since it will be a seperator line
+      table.delete(0)
+      # convert to hash
+      headers = table.headers
+      results = table.map { |row|
+        res = {}
+        headers.each { |header|
+          res[header.downcase] = row[header]
+        }
+        Hashie::Mash.new(res)
+      }
+      results
+    end
+  end
+end

data/lib/resources/mysql.rb ADDED

@@ -0,0 +1,82 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+module Inspec::Resources
+  class Mysql < Inspec.resource(1)
+    name 'mysql'
+    supports platform: 'unix'
+    desc 'The \'mysql\' resource is a helper for the \'mysql_conf\' & \'mysql_session\' resources.  Please use those instead.'
+    attr_reader :package, :service, :conf_dir, :conf_path, :data_dir, :log_dir, :log_path, :log_group, :log_dir_group
+    def initialize
+      # set OS-dependent filenames and paths
+      case inspec.os[:family]
+      when 'debian'
+        init_ubuntu
+      when 'redhat', 'fedora'
+        init_redhat
+      when 'arch'
+        init_arch
+      else
+        # TODO: could not detect
+        init_default
+      end
+    end
+    def init_ubuntu
+      @package = 'mysql-server'
+      @service = 'mysql'
+      @conf_path = '/etc/mysql/my.cnf'
+      @conf_dir = '/etc/mysql/'
+      @data_dir = '/var/lib/mysql/'
+      @log_dir = '/var/log/'
+      @log_path = '/var/log/mysql.log'
+      @log_group = 'adm'
+      case inspec.os[:release]
+      when '14.04'
+        @log_dir_group = 'syslog'
+      else
+        @log_dir_group = 'root'
+      end
+    end
+    def init_redhat
+      @package = 'mysql-server'
+      @service = 'mysqld'
+      @conf_path = '/etc/my.cnf'
+      @conf_dir = '/etc/'
+      @data_dir = '/var/lib/mysql/'
+      @log_dir = '/var/log/'
+      @log_path = '/var/log/mysqld.log'
+      @log_group = 'mysql'
+      @log_dir_group = 'root'
+    end
+    def init_arch
+      @package = 'mariadb'
+      @service = 'mysql'
+      @conf_path = '/etc/mysql/my.cnf'
+      @conf_dir = '/etc/mysql/'
+      @data_dir = '/var/lib/mysql/'
+      @log_dir = '/var/log/'
+      @log_path = '/var/log/mysql.log'
+      @log_group = 'mysql'
+      @log_dir_group = 'root'
+    end
+    def init_default
+      @service = 'mysqld'
+      @conf_path = '/etc/my.cnf'
+      @conf_dir = '/etc/'
+      @data_dir = '/var/lib/mysql/'
+      @log_dir = '/var/log/'
+      @log_path = '/var/log/mysqld.log'
+      @log_group = 'mysql'
+      @log_dir_group = 'root'
+    end
+    def to_s
+      'MySQL'
+    end
+  end
+end