inspec-core 2.2.55 → 2.2.61
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +24 -8
- data/docs/resources/aide_conf.md.erb +10 -0
- data/docs/resources/apache.md.erb +10 -0
- data/docs/resources/apache_conf.md.erb +10 -0
- data/docs/resources/apt.md.erb +10 -0
- data/docs/resources/audit_policy.md.erb +10 -0
- data/docs/resources/auditd.md.erb +10 -0
- data/docs/resources/auditd_conf.md.erb +10 -0
- data/docs/resources/bash.md.erb +10 -0
- data/docs/resources/bond.md.erb +10 -0
- data/docs/resources/bridge.md.erb +10 -0
- data/docs/resources/bsd_service.md.erb +10 -0
- data/docs/resources/chocolatey_package.md.erb +10 -0
- data/docs/resources/command.md.erb +10 -0
- data/docs/resources/cpan.md.erb +10 -0
- data/docs/resources/cran.md.erb +10 -0
- data/docs/resources/crontab.md.erb +10 -0
- data/docs/resources/csv.md.erb +10 -0
- data/docs/resources/dh_params.md.erb +10 -0
- data/docs/resources/directory.md.erb +10 -0
- data/docs/resources/docker.md.erb +21 -0
- data/docs/resources/docker_container.md.erb +10 -0
- data/docs/resources/docker_image.md.erb +10 -0
- data/docs/resources/docker_plugin.md.erb +80 -0
- data/docs/resources/docker_service.md.erb +10 -0
- data/docs/resources/elasticsearch.md.erb +10 -0
- data/docs/resources/etc_fstab.md.erb +10 -0
- data/docs/resources/etc_group.md.erb +10 -0
- data/docs/resources/etc_hosts.md.erb +10 -0
- data/docs/resources/etc_hosts_allow.md.erb +10 -0
- data/docs/resources/etc_hosts_deny.md.erb +10 -0
- data/docs/resources/file.md.erb +10 -0
- data/docs/resources/filesystem.md.erb +10 -0
- data/docs/resources/firewalld.md.erb +10 -0
- data/docs/resources/gem.md.erb +10 -0
- data/docs/resources/group.md.erb +10 -0
- data/docs/resources/grub_conf.md.erb +10 -0
- data/docs/resources/host.md.erb +10 -0
- data/docs/resources/http.md.erb +10 -0
- data/docs/resources/iis_app.md.erb +10 -0
- data/docs/resources/iis_site.md.erb +10 -0
- data/docs/resources/inetd_conf.md.erb +10 -0
- data/docs/resources/ini.md.erb +10 -0
- data/docs/resources/interface.md.erb +10 -0
- data/docs/resources/iptables.md.erb +10 -0
- data/docs/resources/json.md.erb +10 -0
- data/docs/resources/kernel_module.md.erb +10 -0
- data/docs/resources/kernel_parameter.md.erb +10 -0
- data/docs/resources/key_rsa.md.erb +10 -0
- data/docs/resources/launchd_service.md.erb +10 -0
- data/docs/resources/limits_conf.md.erb +10 -0
- data/docs/resources/login_defs.md.erb +10 -0
- data/docs/resources/mount.md.erb +10 -0
- data/docs/resources/mssql_session.md.erb +10 -0
- data/docs/resources/mysql_conf.md.erb +10 -0
- data/docs/resources/mysql_session.md.erb +10 -0
- data/docs/resources/nginx.md.erb +10 -0
- data/docs/resources/nginx_conf.md.erb +10 -0
- data/docs/resources/npm.md.erb +10 -0
- data/docs/resources/ntp_conf.md.erb +10 -0
- data/docs/resources/oneget.md.erb +10 -0
- data/docs/resources/oracledb_session.md.erb +10 -0
- data/docs/resources/os.md.erb +10 -0
- data/docs/resources/os_env.md.erb +10 -0
- data/docs/resources/package.md.erb +10 -0
- data/docs/resources/packages.md.erb +10 -0
- data/docs/resources/parse_config.md.erb +10 -0
- data/docs/resources/parse_config_file.md.erb +10 -0
- data/docs/resources/passwd.md.erb +10 -0
- data/docs/resources/pip.md.erb +10 -0
- data/docs/resources/port.md.erb +10 -0
- data/docs/resources/postgres_conf.md.erb +10 -0
- data/docs/resources/postgres_hba_conf.md.erb +10 -0
- data/docs/resources/postgres_ident_conf.md.erb +10 -0
- data/docs/resources/postgres_session.md.erb +10 -0
- data/docs/resources/powershell.md.erb +10 -0
- data/docs/resources/processes.md.erb +10 -0
- data/docs/resources/rabbitmq_config.md.erb +10 -0
- data/docs/resources/registry_key.md.erb +38 -2
- data/docs/resources/runit_service.md.erb +10 -0
- data/docs/resources/security_policy.md.erb +10 -0
- data/docs/resources/service.md.erb +10 -0
- data/docs/resources/shadow.md.erb +10 -0
- data/docs/resources/ssh_config.md.erb +10 -0
- data/docs/resources/sshd_config.md.erb +10 -0
- data/docs/resources/ssl.md.erb +10 -0
- data/docs/resources/sys_info.md.erb +10 -0
- data/docs/resources/systemd_service.md.erb +10 -0
- data/docs/resources/sysv_service.md.erb +10 -0
- data/docs/resources/upstart_service.md.erb +10 -0
- data/docs/resources/user.md.erb +10 -0
- data/docs/resources/users.md.erb +10 -0
- data/docs/resources/vbscript.md.erb +10 -0
- data/docs/resources/virtualization.md.erb +10 -0
- data/docs/resources/windows_feature.md.erb +10 -0
- data/docs/resources/windows_hotfix.md.erb +10 -0
- data/docs/resources/windows_task.md.erb +10 -0
- data/docs/resources/wmi.md.erb +10 -0
- data/docs/resources/x509_certificate.md.erb +10 -0
- data/docs/resources/xinetd_conf.md.erb +10 -0
- data/docs/resources/xml.md.erb +10 -0
- data/docs/resources/yaml.md.erb +10 -0
- data/docs/resources/yum.md.erb +10 -0
- data/docs/resources/zfs_dataset.md.erb +10 -0
- data/docs/resources/zfs_pool.md.erb +10 -0
- data/lib/inspec/base_cli.rb +2 -2
- data/lib/inspec/cli.rb +3 -2
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/runner.rb +2 -4
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/docker.rb +34 -0
- data/lib/resources/docker_plugin.rb +63 -0
- data/lib/resources/iis_app_pool.rb +116 -0
- metadata +5 -2
@@ -9,6 +9,16 @@ Use the `docker_image` InSpec audit resource to verify a Docker image.
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.21.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `docker_image` resource block declares the image:
|
@@ -0,0 +1,80 @@
|
|
1
|
+
---
|
2
|
+
title: About the docker_plugin Resource
|
3
|
+
platform: linux
|
4
|
+
---
|
5
|
+
|
6
|
+
# docker_plugin
|
7
|
+
|
8
|
+
Use the `docker_plugin` InSpec audit resource to verify a Docker plugin.
|
9
|
+
|
10
|
+
<br>
|
11
|
+
|
12
|
+
## Syntax
|
13
|
+
|
14
|
+
A `docker_plugin` resource block declares the plugin:
|
15
|
+
|
16
|
+
describe docker_plugin('rexray/ebs') do
|
17
|
+
it { should exist }
|
18
|
+
its('id') { should_not eq '0ac30b93ad40' }
|
19
|
+
its('version') { should eq '0.11.1' }
|
20
|
+
it { should be_enabled }
|
21
|
+
end
|
22
|
+
|
23
|
+
<br>
|
24
|
+
|
25
|
+
## Resource Parameter Examples
|
26
|
+
|
27
|
+
The resource allows you to pass in an plugin id:
|
28
|
+
|
29
|
+
describe docker_plugin(id: plugin_id) do
|
30
|
+
it { should be_enabled }
|
31
|
+
end
|
32
|
+
|
33
|
+
<br>
|
34
|
+
|
35
|
+
## Properties
|
36
|
+
|
37
|
+
### id
|
38
|
+
|
39
|
+
The `id` property returns the full plugin id:
|
40
|
+
|
41
|
+
describe docker_plugin('cloudstor/aws') do
|
42
|
+
its('id') { should eq '0ac30b93ad40' }
|
43
|
+
end
|
44
|
+
|
45
|
+
### version
|
46
|
+
|
47
|
+
The `version` property tests the value of plugin version:
|
48
|
+
|
49
|
+
describe docker_plugin('cloudstor/aws') do
|
50
|
+
its('version') { should eq '0.11.0' }
|
51
|
+
end
|
52
|
+
|
53
|
+
## Examples
|
54
|
+
|
55
|
+
### Test a Docker plugin
|
56
|
+
|
57
|
+
describe docker_plugin('rexray/ebs') do
|
58
|
+
it { should exist }
|
59
|
+
its('id') { should_not eq '0ac30b93ad40' }
|
60
|
+
its('version') { should eq '0.11.1' }
|
61
|
+
it { should be_enabled }
|
62
|
+
end
|
63
|
+
|
64
|
+
<br>
|
65
|
+
|
66
|
+
## Matchers
|
67
|
+
|
68
|
+
For a full list of available matchers, please visit our [Universal Matchers](https://www.inspec.io/docs/reference/matchers/).
|
69
|
+
|
70
|
+
### exist
|
71
|
+
|
72
|
+
The `exist` matcher tests if the plugin is available on the node:
|
73
|
+
|
74
|
+
describe docker_plugin('rexray/ebs') do
|
75
|
+
it { should exist }
|
76
|
+
end
|
77
|
+
|
78
|
+
### enabled
|
79
|
+
|
80
|
+
The `be_enabled` matches tests if the plugin is enabled
|
@@ -9,6 +9,16 @@ Use the `docker_service` InSpec audit resource to verify a docker swarm service.
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.51.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `docker_service` resource block declares the service by name:
|
@@ -12,6 +12,16 @@ a variety of settings and statuses.
|
|
12
12
|
|
13
13
|
<br>
|
14
14
|
|
15
|
+
## Availability
|
16
|
+
|
17
|
+
### Installation
|
18
|
+
|
19
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
20
|
+
|
21
|
+
### Version
|
22
|
+
|
23
|
+
This resource first became available in v1.43.5 of InSpec.
|
24
|
+
|
15
25
|
## Syntax
|
16
26
|
|
17
27
|
describe elasticsearch do
|
@@ -9,6 +9,16 @@ Use the `etc_fstab` InSpec audit resource to test information about all partitio
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.37.6 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An etc_fstab rule specifies a device name, its mount point, its mount type, the options its mounted with,
|
@@ -9,6 +9,16 @@ Use the `etc_group` InSpec audit resource to test groups that are defined on Lin
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `etc_group` resource block declares a collection of properties to be tested:
|
@@ -9,6 +9,16 @@ Use the `etc_hosts` InSpec audit resource to test rules set to match IP addresse
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.37.6 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An etc/hosts rule specifies an IP address and what its hostname is along with optional aliases it can have.
|
@@ -9,6 +9,16 @@ Use the `etc_hosts_allow` InSpec audit resource to test rules defined for accept
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.39.1 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An etc/hosts.allow rule specifies one or more daemons mapped to one or more clients, with zero or more options to for accepting traffic when found.
|
@@ -9,6 +9,16 @@ Use the `etc_hosts_deny` InSpec audit resource to test rules for rejecting daemo
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.39.1 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An etc/hosts.deny rule specifies one or more daemons mapped to one or more clients, with zero or more options for rejecting traffic when found.
|
data/docs/resources/file.md.erb
CHANGED
@@ -9,6 +9,16 @@ Use the `file` InSpec audit resource to test all system file types, including fi
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `file` resource block declares the location of the file type to be tested, the expected file type (if required), and one (or more) resource properties.
|
@@ -9,6 +9,16 @@ Use the `filesystem` InSpec resource to audit filesystem disk space usage.
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.51.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `filesystem` resource block declares tests for disk space in a partition:
|
@@ -11,6 +11,16 @@ A firewalld has a number of zones that can be configured to allow and deny acces
|
|
11
11
|
|
12
12
|
<br>
|
13
13
|
|
14
|
+
## Availability
|
15
|
+
|
16
|
+
### Installation
|
17
|
+
|
18
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
19
|
+
|
20
|
+
### Version
|
21
|
+
|
22
|
+
This resource first became available in v1.40.0 of InSpec.
|
23
|
+
|
14
24
|
## Syntax
|
15
25
|
|
16
26
|
describe firewalld do
|
data/docs/resources/gem.md.erb
CHANGED
@@ -9,6 +9,16 @@ Use the `gem` InSpec audit resource to test if a global Gem package is installed
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `gem` resource block declares a package and (optionally) a package version:
|
data/docs/resources/group.md.erb
CHANGED
@@ -9,6 +9,16 @@ Use the `group` InSpec audit resource to test groups on the system.
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `group` resource block declares a group, and then the details to be tested, such as if the group is a local group, the group identifier, or if the group exists:
|
@@ -9,6 +9,16 @@ Grub is a boot loader on the Linux platform used to load and then transfer contr
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `grub_conf` resource block declares a list of settings in a `grub.conf` file:
|
data/docs/resources/host.md.erb
CHANGED
@@ -9,6 +9,16 @@ Use the `host` InSpec audit resource to test the name used to refer to a specifi
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `host` resource block declares a host name, and then (depending on what is to be tested) a port and/or a protocol:
|
data/docs/resources/http.md.erb
CHANGED
@@ -9,6 +9,16 @@ Use the `http` InSpec audit resource to test an http endpoint.
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.10.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An `http` resource block declares the configuration settings to be tested:
|
@@ -9,6 +9,16 @@ Use the `iis_app` InSpec audit resource to test the state of IIS on Windows Serv
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.28.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An `iis_app` resource block declares details about the named site:
|
@@ -9,6 +9,16 @@ Use the `iis_site` InSpec audit resource to test the state of IIS on Windows Ser
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An `iis_site` resource block declares details about the named site:
|
@@ -9,6 +9,16 @@ Use the `inetd_conf` InSpec audit resource to test if a service is listed in the
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An `inetd_conf` resource block declares the list of services that are enabled in the `inetd.conf` file:
|
data/docs/resources/ini.md.erb
CHANGED
@@ -9,6 +9,16 @@ Use the `ini` InSpec audit resource to test settings in an INI file.
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An `ini` resource block declares the configuration settings to be tested:
|
@@ -12,6 +12,16 @@ Use the `interface` InSpec audit resource to test basic network adapter properti
|
|
12
12
|
|
13
13
|
<br>
|
14
14
|
|
15
|
+
## Availability
|
16
|
+
|
17
|
+
### Installation
|
18
|
+
|
19
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
20
|
+
|
21
|
+
### Version
|
22
|
+
|
23
|
+
This resource first became available in v1.0.0 of InSpec.
|
24
|
+
|
15
25
|
## Syntax
|
16
26
|
|
17
27
|
An `interface` resource block declares network interface properties to be tested:
|