inspec-core 2.1.67

data/docs/resources/aide_conf.md.erb

@@ -0,0 +1,76 @@
+---
+title: The aide_conf Resource
+platform: linux
+---
+
+# aide_conf
+
+Use the `aide_conf` InSpec audit resource to test the rules established for the file integrity tool AIDE. Controlled by the aide.conf file typically at /etc/aide.conf.
+
+<br>
+
+## Syntax
+
+An `aide_conf` resource block can be used to determine if the selection lines contain one (or more) directories whose files should be added to the aide database:
+
+    describe aide_conf('path') do
+      its('selection_lines') { should include '/sbin' }
+    end
+
+where
+
+* `'selection_lines'` refers to all selection lines found in the aide.conf file
+* `('path')` is the non-default path to the `aide.conf` file (optional)
+* `should include 'value'` is the value that is expected
+
+Use the where clause to match a selection_line to one rule or a particular set of rules found in the aide.conf file:
+
+    describe aide_conf.where { selection_line == '/bin' } do
+      its('rules.flatten') { should include 'r' }
+    end
+
+    describe aide_conf.where { selection_line == '/sbin' } do
+      its('rules') { should include ['p', 'i', 'l', 'n', 'u', 'g', 'sha512'] }
+    end
+
+<br>
+
+## Properties
+
+* `conf_path`, `content`, `rules`, `all_have_rule`
+
+<br>
+
+## Property Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if all selection lines contain the xattr rule
+
+    describe aide_conf.all_have_rule('xattr') do
+      it { should eq true }
+    end
+
+### Test whether selection line for /bin contains a particular rule
+
+    describe aide_conf.where { selection_line == '/bin' } do
+      its('rules.flatten') { should include 'r' }
+    end
+
+### Test whether selection line for /sbin consists of a particular set of rules
+
+    describe aide_conf.where { selection_line == '/sbin' } do
+      its('rules') { should include ['r', 'sha512'] }
+    end
+
+### The usage of all\_have\_rule will return whether or not all selection lines in audit.conf contain a particular rule:
+
+    describe aide_conf.all_have_rule('sha512') do
+      it { should eq true }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/apache.md.erb

@@ -0,0 +1,67 @@
+---
+title: About the apache Resource
+platform: linux
+---
+
+# apache
+
+Use the `apache` InSpec audit resource to test the state of the Apache server on Linux/Unix systems.
+
+<p class="warning">This resource is deprecated and should not be used. It will be removed in InSpec 3.0.</p>
+
+<br>
+
+## Syntax
+
+An `apache` InSpec audit resource block declares settings that should be tested:
+
+    describe apache do
+      its('setting_name') { should cmp 'value' }
+    end
+
+where
+
+* `'setting_name'` is description of the Apache configuration file
+* `{ should cmp 'value' }` is the value that is expected
+
+<br>
+
+## Properties
+
+* 'service', 'conf_dir', 'conf_path', 'user'
+
+<br>
+
+## Property Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test the service name.
+
+    describe apache do
+      its ('service') { should cmp 'apache2' }
+    end
+
+### Test the configuration location
+
+    describe apache do
+      its ('conf_dir') { should cmp '/etc/apache2' }
+    end
+
+### Test the path of the configuration file
+
+    describe apache do
+      its ('conf_path') { should cmp '/etc/apache2/apache2.conf' }
+    end
+
+### Test the apache user
+
+    describe apache do
+      its ('user') { should cmp 'www-data' }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/apache_conf.md.erb

@@ -0,0 +1,68 @@
+---
+title: About the apache_conf Resource
+platform: linux
+---
+
+# apache_conf
+
+Use the `apache_conf` InSpec audit resource to test the configuration settings for Apache. This file is typically located under `/etc/apache2` on the Debian and Ubuntu platforms and under `/etc/httpd` on the Fedora, CentOS, RedHat Enterprise Linux, and ArchLinux platforms. The configuration settings may vary significantly from platform to platform.
+
+<br>
+
+## Syntax
+
+An `apache_conf` InSpec audit resource block declares configuration settings that should be tested:
+
+    describe apache_conf('path') do
+      its('setting_name') { should eq 'value' }
+    end
+
+where
+
+* `'setting_name'` is a configuration setting defined in the Apache configuration file
+* `('path')` is the non-default path to the Apache configuration file
+* `{ should eq 'value' }` is the value that is expected
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test for blocking .htaccess files on CentOS
+
+    describe apache_conf do
+      its('AllowOverride') { should cmp 'None' }
+    end
+
+### Test ports for SSL
+
+    describe apache_conf do
+      its('Listen') { should cmp '443' }
+    end
+
+### Test multiple ports are listening
+
+    describe apache_conf do
+      its('Listen') { should =~ [ '80', '443' ] }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+This InSpec audit resource matches any service that is listed in the Apache configuration file:
+
+    its('PidFile') { should_not eq '/var/run/httpd.pid' }
+
+or:
+
+    its('Timeout') { should cmp '300' }
+
+For example:
+
+    describe apache_conf do
+      its('MaxClients') { should cmp '100' }
+      its('Listen') { should cmp '443' }
+    end

data/docs/resources/apt.md.erb

@@ -0,0 +1,71 @@
+---
+title: About the apt Resource
+platform: linux
+---
+
+# apt
+
+Use the `apt` InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform.
+
+<br>
+
+## Syntax
+
+An `apt` resource block tests the contents of Apt and PPA repositories:
+
+    describe apt('path') do
+      it { should exist }
+      it { should be_enabled }
+    end
+
+where
+
+* `apt('path')` must specify an Apt or PPA repository
+* `('path')` may be an `http://` address, a `ppa:` address, or a short `repo-name/ppa` address
+* `exist` and `be_enabled` are a valid matchers for this resource
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if apt repository exists and is enabled
+
+    describe apt('http://ppa.launchpad.net/juju/stable/ubuntu') do
+      it { should exist }
+      it { should be_enabled }
+    end
+
+### Verify that a PPA repository exists and is enabled
+
+    describe apt('ppa:nginx/stable') do
+      it { should exist }
+      it { should be_enabled }
+    end
+
+### Verify that a repository is not present
+
+    describe apt('ubuntu-wine/ppa') do
+      it { should_not exist }
+      it { should_not be_enabled }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+
+### be_enabled
+
+The `be_enabled` matcher tests if a package exists in the repository:
+
+    it { should be_enabled }
+
+### exist
+
+The `exist` matcher tests if a package exists on the system:
+
+    it { should exist }

data/docs/resources/audit_policy.md.erb

@@ -0,0 +1,47 @@
+---
+title: About the audit_policy Resource
+platform: linux
+---
+
+# audit_policy
+
+Use the `audit_policy` InSpec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
+
+<br>
+
+## Syntax
+
+An `audit_policy` resource block declares a parameter that belongs to an audit policy category or subcategory:
+
+    describe audit_policy do
+      its('parameter') { should eq 'value' }
+    end
+
+where
+
+* `'parameter'` must specify a parameter
+* `'value'` must be one of `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that a parameter is not set to "No Auditing"
+
+    describe audit_policy do
+      its('Other Account Logon Events') { should_not eq 'No Auditing' }
+    end
+
+### Test that a parameter is set to "Success"
+
+    describe audit_policy do
+      its('User Account Management') { should eq 'Success' }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/auditd.md.erb

@@ -0,0 +1,79 @@
+---
+title: About the auditd Resource
+platform: linux
+---
+
+# auditd
+
+Use the `auditd` InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditctl -l command. This resource supports versions of `audit` >= 2.3.
+
+<br>
+
+## Syntax
+
+An `auditd` resource block declares one (or more) rules to be tested, and then what that rule should do:
+
+    describe auditd do
+      its('lines') { should include %r(-w /etc/ssh/sshd_config) }
+    end
+
+or test that multiple individual rules are defined:
+
+    describe auditd do
+      its('lines') { should include %r(-a always,exit -F arch=.* -S init_module,delete_module -F key=modules) }
+      its('lines') { should include %r(-a always,exit -F arch=.* -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=-1 -F key=.+) }
+    end
+
+where each test must declare one (or more) rules to be tested.
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if a rule contains a matching element that is identified by a regular expression
+
+For `audit` >= 2.3:
+
+    describe auditd do
+      its('lines') { should include %r(-a always,exit -F arch=.* -S chown.* -F auid>=1000 -F auid!=-1 -F key=perm_mod) }
+    end
+
+### Query the audit daemon status
+
+    describe auditd.status('backlog') do
+      it { should cmp 0 }
+    end
+
+### Query properties of rules targeting specific syscalls or files - uniq is used to handle multiple rules for the same syscall with redundant field values
+
+    describe auditd.syscall('open') do
+      its('action.uniq') { should eq ['always'] }
+      its('list.uniq') { should eq ['exit'] }
+    end
+
+    describe auditd.file('/etc/sudoers') do
+      its('permissions') { should include ['x'] }
+    end
+
+The where accessor can be used to filter on fields. For example:
+
+    describe auditd.syscall('chown').where { arch == "b32" } do
+      its('action') { should eq ['always'] }
+      its('list') { should eq ['exit'] }
+      its('exit') { should include ['-EACCES'] }
+      its('exit') { should include ['-EPERM'] }
+    end
+
+The key filter may be useful in evaluating rules with particular key values:
+
+    describe auditd.where { key == "privileged" } do
+      its('permissions') { should include ['x'] }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/auditd_conf.md.erb

@@ -0,0 +1,68 @@
+---
+title: About the auditd_conf Resource
+platform: linux
+---
+
+# auditd_conf
+
+Use the `auditd_conf` InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under `/etc/audit/auditd.conf'` on Unix and Linux platforms.
+
+<br>
+
+## Syntax
+
+A `auditd_conf` resource block declares configuration settings that should be tested:
+
+    describe auditd_conf('path') do
+      its('keyword') { should cmp 'value' }
+    end
+
+where
+
+* `'keyword'` is a configuration setting defined in the `auditd.conf` configuration file
+* `('path')` is the non-default path to the `auditd.conf` configuration file
+* `{ should cmp 'value' }` is the value that is expected
+
+<br>
+
+## Properties
+
+This matcher will match any property listed in the `auditd.conf` configuration file. Property names and expected values are case-insensitive:
+
+* `admin_space_left`, `admin_space_left_action`, `action_mail_acct`, `disk_error_action`, `disk_full_action`, `flush`, `freq`, `log_file`, `log_format`, `max_log_file`, `max_log_file_action`, `num_logs`, `space_left`, `space_left_action`
+
+## Property Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test the auditd.conf file
+
+    describe auditd_conf do
+      its('log_file') { should cmp '/full/path/to/file' }
+      its('log_format') { should cmp 'raw' }
+      its('flush') { should cmp 'none' }
+      its('freq') { should cmp 1 }
+      its('num_logs') { should cmp 0 }
+      its('max_log_file') { should cmp 6 }
+      its('max_log_file_action') { should cmp 'email' }
+      its('space_left') { should cmp 2 }
+      its('action_mail_acct') { should cmp 'root' }
+      its('space_left_action') { should cmp 'email' }
+      its('admin_space_left') { should cmp 1 }
+      its('admin_space_left_action') { should cmp 'halt' }
+      its('disk_full_action') { should cmp 'halt' }
+      its('disk_error_action') { should cmp 'halt' }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### `cmp`
+
+The `cmp` matcher compares values across types.
+
+    its('freq') { should cmp 1 }
+