inspec-core 2.1.84 → 2.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -55,58 +55,58 @@ end
55
55
 
56
56
  * Compare strings to numbers
57
57
 
58
- ```ruby
59
- describe sshd_config do
60
- its('Protocol') { should eq '2' }
58
+ ```ruby
59
+ describe sshd_config do
60
+ its('Protocol') { should eq '2' }
61
61
 
62
- its('Protocol') { should cmp '2' }
63
- its('Protocol') { should cmp 2 }
64
- end
65
- ```
62
+ its('Protocol') { should cmp '2' }
63
+ its('Protocol') { should cmp 2 }
64
+ end
65
+ ```
66
66
 
67
67
  * String comparisons are not case-sensitive
68
68
 
69
- ```ruby
70
- describe auditd_conf do
71
- its('log_format') { should cmp 'raw' }
72
- its('log_format') { should cmp 'RAW' }
73
- end
74
- ```
69
+ ```ruby
70
+ describe auditd_conf do
71
+ its('log_format') { should cmp 'raw' }
72
+ its('log_format') { should cmp 'RAW' }
73
+ end
74
+ ```
75
75
  * Recognize versions embedded in strings
76
76
 
77
- ```ruby
78
- describe package(curl) do
79
- its('version') { should cmp > '7.35.0-1ubuntu2.10' }
80
- end
81
- ```
77
+ ```ruby
78
+ describe package(curl) do
79
+ its('version') { should cmp > '7.35.0-1ubuntu2.10' }
80
+ end
81
+ ```
82
82
 
83
83
  * Compare arrays with only one entry to a value
84
84
 
85
- ```ruby
86
- describe passwd.uids(0) do
87
- its('users') { should cmp 'root' }
88
- its('users') { should cmp ['root'] }
89
- end
90
- ```
85
+ ```ruby
86
+ describe passwd.uids(0) do
87
+ its('users') { should cmp 'root' }
88
+ its('users') { should cmp ['root'] }
89
+ end
90
+ ```
91
91
 
92
92
  * Single-value arrays of strings may also be compared to a regex
93
93
 
94
- ```ruby
95
- describe auditd_conf do
96
- its('log_format') { should cmp /raw/i }
97
- end
98
- ```
94
+ ```ruby
95
+ describe auditd_conf do
96
+ its('log_format') { should cmp /raw/i }
97
+ end
98
+ ```
99
99
 
100
100
  * Improved printing of octal comparisons
101
101
 
102
- ```ruby
103
- describe file('/proc/cpuinfo') do
104
- its('mode') { should cmp '0345' }
105
- end
102
+ ```ruby
103
+ describe file('/proc/cpuinfo') do
104
+ its('mode') { should cmp '0345' }
105
+ end
106
106
 
107
- expected: 0345
108
- got: 0444
109
- ```
107
+ expected: 0345
108
+ got: 0444
109
+ ```
110
110
  <br>
111
111
 
112
112
  ## eq
@@ -29,7 +29,7 @@ where:
29
29
  * `files` is the directory with additional files that a profile can access (optional)
30
30
  * `README.md` should be used to explain the profile, its scope, and usage
31
31
 
32
- See a complete example profile in the InSpec open source repository: [https://github.com/chef/inspec/tree/master/examples/profile](https://github.com/chef/inspec/tree/master/examples/profile)
32
+ See a complete example profile in the InSpec open source repository: [Example InSpec Profile](https://github.com/chef/inspec/tree/master/examples/profile)
33
33
 
34
34
  Also check out [Explore InSpec resources](https://learn.chef.io/modules/explore-inspec-resources#/) on Learn Chef Rally to learn more about how profiles are structured with hands-on examples.
35
35
 
@@ -300,7 +300,7 @@ The following command runs the tests and applies the secrets specified in `profi
300
300
 
301
301
  $ inspec exec examples/profile-attribute --attrs examples/profile-attribute.yml
302
302
 
303
- See the full example in the InSpec open source repository: https://github.com/chef/inspec/tree/master/examples/profile-attribute
303
+ See the full example in the InSpec open source repository: [Example InSpec Profile with Attributes](https://github.com/chef/inspec/tree/master/examples/profile-attribute)
304
304
 
305
305
  # Profile files
306
306
 
@@ -28,7 +28,7 @@ where
28
28
 
29
29
  ## Properties
30
30
 
31
- * 'service', 'conf_dir', 'conf_path', 'user'
31
+ * `service`, `conf_dir`, `conf_path`, `user`
32
32
 
33
33
  <br>
34
34
 
@@ -38,15 +38,19 @@ The following examples show how to use this InSpec audit resource.
38
38
 
39
39
  ### Test that the logged-in user's crontab has no tasks set to run on every hour and every minute
40
40
 
41
- describe crontab.where({'hour' => '*', 'minute' => '*'}) do
42
- its('entries.length') { should cmp '0' }
43
- end
41
+ ```ruby
42
+ describe crontab.where({'hour' => '*', 'minute' => '*'}) do
43
+ its('entries.length') { should cmp '0' }
44
+ end
45
+ ```
44
46
 
45
47
  ### Test that the logged-in user's crontab contains a single command that matches a pattern
46
48
 
47
- describe crontab.where { command =~ /a partial command string/ } do
48
- its('entries.length') { should cmp 1 }
49
- end
49
+ ```ruby
50
+ describe crontab.where { command =~ /a partial command string/ } do
51
+ its('entries.length') { should cmp 1 }
52
+ end
53
+ ```
50
54
 
51
55
  ### Test a special time string (i.e., @yearly /root/annual_report.sh)
52
56
 
@@ -51,31 +51,33 @@ Verify prime modulus used for the Diffie-Hellman operation:
51
51
 
52
52
  Example using multi-line string:
53
53
 
54
- describe dh_params('/path/to/file.dh_pem') do
55
- its('modulus') do
56
- # regex removes all whitespace
57
- should eq <<-EOF.gsub(/[[:space:]]+/, '')
58
- 00:91:a0:15:89:e5:bc:38:93:12:02:fc:91:a2:85:
59
- f7:f7:29:63:2e:d3:4e:7a:86:f7:ee:84:fe:42:d0:
60
- 48:bc:9c:91:d5:54:f8:78:1d:c0:41:78:a2:c4:ac:
61
- 1a:24:8b:9d:88:55:98:0b:ac:a7:23:eb:c2:aa:2b:
62
- 2e:a9:f9:af:d4:8e:4e:11:bc:7f:35:a2:ac:da:3a:
63
- ef:f0:25:6c:9a:a4:fd:00:28:76:86:2c:57:87:67:
64
- 30:5d:b1:d6:5b:22:8f:72:a1:ea:de:8b:ef:9e:33:
65
- 1a:40:92:68:85:02:54:02:09:fa:c0:60:c1:3c:4e:
66
- 28:26:db:ed:25:8e:38:21:56:40:dc:c0:c0:66:1f:
67
- 2b:32:c3:b4:78:a9:26:94:ea:f7:41:28:b2:f5:5b:
68
- 01:38:0c:46:09:85:26:4d:69:12:8d:95:0f:35:e2:
69
- e6:4e:47:3a:86:dd:8a:b2:fe:45:15:27:d8:59:c2:
70
- 3c:f4:62:ff:5f:74:e9:77:92:50:47:36:2b:05:57:
71
- 60:ee:7b:a1:60:cc:1c:7a:2b:77:18:8a:37:f7:c7:
72
- 31:3e:15:cb:15:7f:7b:66:96:fb:c6:be:7d:d6:03:
73
- 5e:0d:60:75:2b:5b:62:2a:a3:37:b6:34:f9:fe:96:
74
- 4c:f6:c5:e3:a1:52:af:01:c1:4f:c7:42:a0:be:ed:
75
- cd:13
76
- EOF
77
- end
78
- end
54
+ ```ruby
55
+ describe dh_params('/path/to/file.dh_pem') do
56
+ its('modulus') do
57
+ # regex removes all whitespace
58
+ should eq <<-EOF.gsub(/[[:space:]]+/, '')
59
+ 00:91:a0:15:89:e5:bc:38:93:12:02:fc:91:a2:85:
60
+ f7:f7:29:63:2e:d3:4e:7a:86:f7:ee:84:fe:42:d0:
61
+ 48:bc:9c:91:d5:54:f8:78:1d:c0:41:78:a2:c4:ac:
62
+ 1a:24:8b:9d:88:55:98:0b:ac:a7:23:eb:c2:aa:2b:
63
+ 2e:a9:f9:af:d4:8e:4e:11:bc:7f:35:a2:ac:da:3a:
64
+ ef:f0:25:6c:9a:a4:fd:00:28:76:86:2c:57:87:67:
65
+ 30:5d:b1:d6:5b:22:8f:72:a1:ea:de:8b:ef:9e:33:
66
+ 1a:40:92:68:85:02:54:02:09:fa:c0:60:c1:3c:4e:
67
+ 28:26:db:ed:25:8e:38:21:56:40:dc:c0:c0:66:1f:
68
+ 2b:32:c3:b4:78:a9:26:94:ea:f7:41:28:b2:f5:5b:
69
+ 01:38:0c:46:09:85:26:4d:69:12:8d:95:0f:35:e2:
70
+ e6:4e:47:3a:86:dd:8a:b2:fe:45:15:27:d8:59:c2:
71
+ 3c:f4:62:ff:5f:74:e9:77:92:50:47:36:2b:05:57:
72
+ 60:ee:7b:a1:60:cc:1c:7a:2b:77:18:8a:37:f7:c7:
73
+ 31:3e:15:cb:15:7f:7b:66:96:fb:c6:be:7d:d6:03:
74
+ 5e:0d:60:75:2b:5b:62:2a:a3:37:b6:34:f9:fe:96:
75
+ 4c:f6:c5:e3:a1:52:af:01:c1:4f:c7:42:a0:be:ed:
76
+ cd:13
77
+ EOF
78
+ end
79
+ end
80
+ ```
79
81
 
80
82
  ### prime_length (Integer)
81
83
 
@@ -95,19 +97,21 @@ Verify `pem` output of DH parameters:
95
97
 
96
98
  Example using multi-line string:
97
99
 
98
- its('pem') do
99
- # regex removes all leading spaces
100
- should eq <<-EOF.gsub(/^[[:blank:]]+/, '')
101
- -----BEGIN DH PARAMETERS-----
102
- MIIBCAKCAQEAkaAVieW8OJMSAvyRooX39yljLtNOeob37oT+QtBIvJyR1VT4eB3A
103
- QXiixKwaJIudiFWYC6ynI+vCqisuqfmv1I5OEbx/NaKs2jrv8CVsmqT9ACh2hixX
104
- h2cwXbHWWyKPcqHq3ovvnjMaQJJohQJUAgn6wGDBPE4oJtvtJY44IVZA3MDAZh8r
105
- MsO0eKkmlOr3QSiy9VsBOAxGCYUmTWkSjZUPNeLmTkc6ht2Ksv5FFSfYWcI89GL/
106
- X3Tpd5JQRzYrBVdg7nuhYMwceit3GIo398cxPhXLFX97Zpb7xr591gNeDWB1K1ti
107
- KqM3tjT5/pZM9sXjoVKvAcFPx0Kgvu3NEwIBAg==
108
- -----END DH PARAMETERS-----
109
- EOF
110
- end
100
+ ```ruby
101
+ its('pem') do
102
+ # regex removes all leading spaces
103
+ should eq <<-EOF.gsub(/^[[:blank:]]+/, '')
104
+ -----BEGIN DH PARAMETERS-----
105
+ MIIBCAKCAQEAkaAVieW8OJMSAvyRooX39yljLtNOeob37oT+QtBIvJyR1VT4eB3A
106
+ QXiixKwaJIudiFWYC6ynI+vCqisuqfmv1I5OEbx/NaKs2jrv8CVsmqT9ACh2hixX
107
+ h2cwXbHWWyKPcqHq3ovvnjMaQJJohQJUAgn6wGDBPE4oJtvtJY44IVZA3MDAZh8r
108
+ MsO0eKkmlOr3QSiy9VsBOAxGCYUmTWkSjZUPNeLmTkc6ht2Ksv5FFSfYWcI89GL/
109
+ X3Tpd5JQRzYrBVdg7nuhYMwceit3GIo398cxPhXLFX97Zpb7xr591gNeDWB1K1ti
110
+ KqM3tjT5/pZM9sXjoVKvAcFPx0Kgvu3NEwIBAg==
111
+ -----END DH PARAMETERS-----
112
+ EOF
113
+ end
114
+ ```
111
115
 
112
116
  Verify via `openssl dhparam` command:
113
117
 
@@ -131,32 +135,34 @@ Verify human-readable text output of DH parameters:
131
135
 
132
136
  Example using multi-line string:
133
137
 
134
- its('text') do
135
- # regex removes 2 leading spaces
136
- should eq <<-EOF.gsub(/^[[:blank:]]{2}/, '')
137
- PKCS#3 DH Parameters: (2048 bit)
138
- prime:
139
- 00:91:a0:15:89:e5:bc:38:93:12:02:fc:91:a2:85:
140
- f7:f7:29:63:2e:d3:4e:7a:86:f7:ee:84:fe:42:d0:
141
- 48:bc:9c:91:d5:54:f8:78:1d:c0:41:78:a2:c4:ac:
142
- 1a:24:8b:9d:88:55:98:0b:ac:a7:23:eb:c2:aa:2b:
143
- 2e:a9:f9:af:d4:8e:4e:11:bc:7f:35:a2:ac:da:3a:
144
- ef:f0:25:6c:9a:a4:fd:00:28:76:86:2c:57:87:67:
145
- 30:5d:b1:d6:5b:22:8f:72:a1:ea:de:8b:ef:9e:33:
146
- 1a:40:92:68:85:02:54:02:09:fa:c0:60:c1:3c:4e:
147
- 28:26:db:ed:25:8e:38:21:56:40:dc:c0:c0:66:1f:
148
- 2b:32:c3:b4:78:a9:26:94:ea:f7:41:28:b2:f5:5b:
149
- 01:38:0c:46:09:85:26:4d:69:12:8d:95:0f:35:e2:
150
- e6:4e:47:3a:86:dd:8a:b2:fe:45:15:27:d8:59:c2:
151
- 3c:f4:62:ff:5f:74:e9:77:92:50:47:36:2b:05:57:
152
- 60:ee:7b:a1:60:cc:1c:7a:2b:77:18:8a:37:f7:c7:
153
- 31:3e:15:cb:15:7f:7b:66:96:fb:c6:be:7d:d6:03:
154
- 5e:0d:60:75:2b:5b:62:2a:a3:37:b6:34:f9:fe:96:
155
- 4c:f6:c5:e3:a1:52:af:01:c1:4f:c7:42:a0:be:ed:
156
- cd:13
157
- generator: 2 (0x2)
158
- EOF
159
- end
138
+ ```ruby
139
+ its('text') do
140
+ # regex removes 2 leading spaces
141
+ should eq <<-EOF.gsub(/^[[:blank:]]{2}/, '')
142
+ PKCS#3 DH Parameters: (2048 bit)
143
+ prime:
144
+ 00:91:a0:15:89:e5:bc:38:93:12:02:fc:91:a2:85:
145
+ f7:f7:29:63:2e:d3:4e:7a:86:f7:ee:84:fe:42:d0:
146
+ 48:bc:9c:91:d5:54:f8:78:1d:c0:41:78:a2:c4:ac:
147
+ 1a:24:8b:9d:88:55:98:0b:ac:a7:23:eb:c2:aa:2b:
148
+ 2e:a9:f9:af:d4:8e:4e:11:bc:7f:35:a2:ac:da:3a:
149
+ ef:f0:25:6c:9a:a4:fd:00:28:76:86:2c:57:87:67:
150
+ 30:5d:b1:d6:5b:22:8f:72:a1:ea:de:8b:ef:9e:33:
151
+ 1a:40:92:68:85:02:54:02:09:fa:c0:60:c1:3c:4e:
152
+ 28:26:db:ed:25:8e:38:21:56:40:dc:c0:c0:66:1f:
153
+ 2b:32:c3:b4:78:a9:26:94:ea:f7:41:28:b2:f5:5b:
154
+ 01:38:0c:46:09:85:26:4d:69:12:8d:95:0f:35:e2:
155
+ e6:4e:47:3a:86:dd:8a:b2:fe:45:15:27:d8:59:c2:
156
+ 3c:f4:62:ff:5f:74:e9:77:92:50:47:36:2b:05:57:
157
+ 60:ee:7b:a1:60:cc:1c:7a:2b:77:18:8a:37:f7:c7:
158
+ 31:3e:15:cb:15:7f:7b:66:96:fb:c6:be:7d:d6:03:
159
+ 5e:0d:60:75:2b:5b:62:2a:a3:37:b6:34:f9:fe:96:
160
+ 4c:f6:c5:e3:a1:52:af:01:c1:4f:c7:42:a0:be:ed:
161
+ cd:13
162
+ generator: 2 (0x2)
163
+ EOF
164
+ end
165
+ ```
160
166
 
161
167
  Verify via `openssl dhparam` command:
162
168
 
@@ -189,7 +195,7 @@ Verify via `openssl dhparam` command:
189
195
 
190
196
  For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
191
197
 
192
- ### valid?
198
+ ### be_valid
193
199
 
194
200
  Verify whether DH parameters are valid:
195
201
 
@@ -50,7 +50,7 @@ The `id` property returns the service id:
50
50
 
51
51
  ### image
52
52
 
53
- The `image` property tests the value of the image. It is a combination of `repository:tag`:
53
+ The `image` property is a combination of `repository:tag` it tests the value of the image:
54
54
 
55
55
  its('image') { should eq 'alpine:latest' }
56
56
 
@@ -89,7 +89,7 @@ Use the optional constructor parameter to give an alternative path to fstab file
89
89
  its('dump_options') { should cmp 0 }
90
90
  end
91
91
 
92
- ### file_system_options
92
+ ### file\_system\_options
93
93
 
94
94
  `file_system_options` returns a integer array of each partitions file system option.
95
95
 
@@ -80,7 +80,7 @@ The `be_running` matcher tests if the firewalld service is running:
80
80
 
81
81
  it { should be_running }
82
82
 
83
- ### have_zone
83
+ ### `have_zone`
84
84
 
85
85
  `have_zone` returns true or false if the zone is set on firewalld. It does not mean the zone is active.
86
86
 
@@ -172,7 +172,7 @@ In InSpec 2.0, the HTTP test will automatically execute remotely whenever InSpec
172
172
 
173
173
  The `body` matcher tests body content of http response:
174
174
 
175
- its('body') { should eq 'hello\n' }
175
+ its('body') { should eq 'hello\n' }
176
176
 
177
177
  ### headers
178
178
 
@@ -28,7 +28,7 @@ where
28
28
  * `'site_name'` is the name of the site, such as `'Default Web Site'`
29
29
  * `('application_pool')` is the name of the application pool in which the site's root application is run, such as `'DefaultAppPool'`
30
30
  * `('protocols')` is a binding for the site, such as `'http'`. A site may have multiple bindings; therefore, use a `have_protocol` matcher for each site protocol to be tested
31
- * `('physical_path') is the physical path to the application, such as `'C:\\inetpub\\wwwroot\\myapp'`
31
+ * `('physical_path')` is the physical path to the application, such as `'C:\\inetpub\\wwwroot\\myapp'`
32
32
 
33
33
  For example:
34
34
 
@@ -5,7 +5,7 @@ platform: linux
5
5
 
6
6
  # inetd_conf
7
7
 
8
- Use the `inetd_conf` InSpec audit resource to test if a service is listed in the `inetd.conf` file on Linux and Unix platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The `inetd.conf` file is typically located at `/etc/inetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.`
8
+ Use the `inetd_conf` InSpec audit resource to test if a service is listed in the `inetd.conf` file on Linux and Unix platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The `inetd.conf` file is typically located at `/etc/inetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.
9
9
 
10
10
  <br>
11
11
 
@@ -32,7 +32,7 @@ where
32
32
 
33
33
  ## Properties
34
34
 
35
- * 'compiler_info', 'error_log_path', 'http_client_body_temp_path', 'http_fastcgi_temp_path', 'http_log_path', 'http_proxy_temp_path', 'http_scgi_temp_path', 'http_uwsgi_temp_path', 'lock_path', 'modules', 'modules_path', 'openssl_version', 'prefix', 'sbin_path', 'service', 'support_info', 'version'
35
+ * `compiler_info`, `error_log_path`, `http_client_body_temp_path`, `http_fastcgi_temp_path`, `http_log_path`, `http_proxy_temp_path`, `http_scgi_temp_path`, `http_uwsgi_temp_path`, `lock_path`, `modules`, `modules_path`, `openssl_version`, `prefix`, `sbin_path`, `service`, `support_info`, `version`
36
36
 
37
37
  <br>
38
38
 
@@ -5,7 +5,7 @@ platform: os
5
5
 
6
6
  # npm
7
7
 
8
- Use the `npm` InSpec audit resource to test if a global NPM package is installed. NPM is the the package manager for Node.js packages (https://docs.npmjs.com), such as Bower and StatsD.
8
+ Use the `npm` InSpec audit resource to test if a global NPM package is installed. NPM is the the package manager for [Node.js packages](https://docs.npmjs.com), such as Bower and StatsD.
9
9
 
10
10
  <br>
11
11
 
@@ -22,6 +22,14 @@ where
22
22
  * `('npm_package_name')` must specify an NPM package, such as `'bower'` or `'statsd'`
23
23
  * `be_installed` is a valid matcher for this resource
24
24
 
25
+ You can also specify additional options:
26
+
27
+ describe npm('npm_package_name', path: '/path/to/project') do
28
+ it { should be_installed }
29
+ end
30
+
31
+ The `path` specifies a folder, that contains a `node_modules` subdirectory. It emulates running `npm` inside the specified folder. This way you can inspect local NPM installations as well as global ones.
32
+
25
33
  <br>
26
34
 
27
35
  ## Examples
@@ -120,22 +120,24 @@ Use `os.family` to enable more granular testing of platforms, platform names, ar
120
120
 
121
121
  For example, both of the following tests should have the same result:
122
122
 
123
- if os.family == 'debian'
124
- describe port(69) do
125
- its('processes') { should include 'in.tftpd' }
126
- end
127
- elsif os.family == 'redhat'
128
- describe port(69) do
129
- its('processes') { should include 'xinetd' }
130
- end
131
- end
132
-
133
- if os.debian?
134
- describe port(69) do
135
- its('processes') { should include 'in.tftpd' }
136
- end
137
- elsif os.redhat?
138
- describe port(69) do
139
- its('processes') { should include 'xinetd' }
140
- end
141
- end
123
+ ```ruby
124
+ if os.family == 'debian'
125
+ describe port(69) do
126
+ its('processes') { should include 'in.tftpd' }
127
+ end
128
+ elsif os.family == 'redhat'
129
+ describe port(69) do
130
+ its('processes') { should include 'xinetd' }
131
+ end
132
+ end
133
+
134
+ if os.debian?
135
+ describe port(69) do
136
+ its('processes') { should include 'in.tftpd' }
137
+ end
138
+ elsif os.redhat?
139
+ describe port(69) do
140
+ its('processes') { should include 'xinetd' }
141
+ end
142
+ end
143
+ ```