inspec-core 2.2.55 → 2.2.61
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +24 -8
- data/docs/resources/aide_conf.md.erb +10 -0
- data/docs/resources/apache.md.erb +10 -0
- data/docs/resources/apache_conf.md.erb +10 -0
- data/docs/resources/apt.md.erb +10 -0
- data/docs/resources/audit_policy.md.erb +10 -0
- data/docs/resources/auditd.md.erb +10 -0
- data/docs/resources/auditd_conf.md.erb +10 -0
- data/docs/resources/bash.md.erb +10 -0
- data/docs/resources/bond.md.erb +10 -0
- data/docs/resources/bridge.md.erb +10 -0
- data/docs/resources/bsd_service.md.erb +10 -0
- data/docs/resources/chocolatey_package.md.erb +10 -0
- data/docs/resources/command.md.erb +10 -0
- data/docs/resources/cpan.md.erb +10 -0
- data/docs/resources/cran.md.erb +10 -0
- data/docs/resources/crontab.md.erb +10 -0
- data/docs/resources/csv.md.erb +10 -0
- data/docs/resources/dh_params.md.erb +10 -0
- data/docs/resources/directory.md.erb +10 -0
- data/docs/resources/docker.md.erb +21 -0
- data/docs/resources/docker_container.md.erb +10 -0
- data/docs/resources/docker_image.md.erb +10 -0
- data/docs/resources/docker_plugin.md.erb +80 -0
- data/docs/resources/docker_service.md.erb +10 -0
- data/docs/resources/elasticsearch.md.erb +10 -0
- data/docs/resources/etc_fstab.md.erb +10 -0
- data/docs/resources/etc_group.md.erb +10 -0
- data/docs/resources/etc_hosts.md.erb +10 -0
- data/docs/resources/etc_hosts_allow.md.erb +10 -0
- data/docs/resources/etc_hosts_deny.md.erb +10 -0
- data/docs/resources/file.md.erb +10 -0
- data/docs/resources/filesystem.md.erb +10 -0
- data/docs/resources/firewalld.md.erb +10 -0
- data/docs/resources/gem.md.erb +10 -0
- data/docs/resources/group.md.erb +10 -0
- data/docs/resources/grub_conf.md.erb +10 -0
- data/docs/resources/host.md.erb +10 -0
- data/docs/resources/http.md.erb +10 -0
- data/docs/resources/iis_app.md.erb +10 -0
- data/docs/resources/iis_site.md.erb +10 -0
- data/docs/resources/inetd_conf.md.erb +10 -0
- data/docs/resources/ini.md.erb +10 -0
- data/docs/resources/interface.md.erb +10 -0
- data/docs/resources/iptables.md.erb +10 -0
- data/docs/resources/json.md.erb +10 -0
- data/docs/resources/kernel_module.md.erb +10 -0
- data/docs/resources/kernel_parameter.md.erb +10 -0
- data/docs/resources/key_rsa.md.erb +10 -0
- data/docs/resources/launchd_service.md.erb +10 -0
- data/docs/resources/limits_conf.md.erb +10 -0
- data/docs/resources/login_defs.md.erb +10 -0
- data/docs/resources/mount.md.erb +10 -0
- data/docs/resources/mssql_session.md.erb +10 -0
- data/docs/resources/mysql_conf.md.erb +10 -0
- data/docs/resources/mysql_session.md.erb +10 -0
- data/docs/resources/nginx.md.erb +10 -0
- data/docs/resources/nginx_conf.md.erb +10 -0
- data/docs/resources/npm.md.erb +10 -0
- data/docs/resources/ntp_conf.md.erb +10 -0
- data/docs/resources/oneget.md.erb +10 -0
- data/docs/resources/oracledb_session.md.erb +10 -0
- data/docs/resources/os.md.erb +10 -0
- data/docs/resources/os_env.md.erb +10 -0
- data/docs/resources/package.md.erb +10 -0
- data/docs/resources/packages.md.erb +10 -0
- data/docs/resources/parse_config.md.erb +10 -0
- data/docs/resources/parse_config_file.md.erb +10 -0
- data/docs/resources/passwd.md.erb +10 -0
- data/docs/resources/pip.md.erb +10 -0
- data/docs/resources/port.md.erb +10 -0
- data/docs/resources/postgres_conf.md.erb +10 -0
- data/docs/resources/postgres_hba_conf.md.erb +10 -0
- data/docs/resources/postgres_ident_conf.md.erb +10 -0
- data/docs/resources/postgres_session.md.erb +10 -0
- data/docs/resources/powershell.md.erb +10 -0
- data/docs/resources/processes.md.erb +10 -0
- data/docs/resources/rabbitmq_config.md.erb +10 -0
- data/docs/resources/registry_key.md.erb +38 -2
- data/docs/resources/runit_service.md.erb +10 -0
- data/docs/resources/security_policy.md.erb +10 -0
- data/docs/resources/service.md.erb +10 -0
- data/docs/resources/shadow.md.erb +10 -0
- data/docs/resources/ssh_config.md.erb +10 -0
- data/docs/resources/sshd_config.md.erb +10 -0
- data/docs/resources/ssl.md.erb +10 -0
- data/docs/resources/sys_info.md.erb +10 -0
- data/docs/resources/systemd_service.md.erb +10 -0
- data/docs/resources/sysv_service.md.erb +10 -0
- data/docs/resources/upstart_service.md.erb +10 -0
- data/docs/resources/user.md.erb +10 -0
- data/docs/resources/users.md.erb +10 -0
- data/docs/resources/vbscript.md.erb +10 -0
- data/docs/resources/virtualization.md.erb +10 -0
- data/docs/resources/windows_feature.md.erb +10 -0
- data/docs/resources/windows_hotfix.md.erb +10 -0
- data/docs/resources/windows_task.md.erb +10 -0
- data/docs/resources/wmi.md.erb +10 -0
- data/docs/resources/x509_certificate.md.erb +10 -0
- data/docs/resources/xinetd_conf.md.erb +10 -0
- data/docs/resources/xml.md.erb +10 -0
- data/docs/resources/yaml.md.erb +10 -0
- data/docs/resources/yum.md.erb +10 -0
- data/docs/resources/zfs_dataset.md.erb +10 -0
- data/docs/resources/zfs_pool.md.erb +10 -0
- data/lib/inspec/base_cli.rb +2 -2
- data/lib/inspec/cli.rb +3 -2
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/runner.rb +2 -4
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/docker.rb +34 -0
- data/lib/resources/docker_plugin.rb +63 -0
- data/lib/resources/iis_app_pool.rb +116 -0
- metadata +5 -2
data/docs/resources/pip.md.erb
CHANGED
@@ -9,6 +9,16 @@ Use the `pip` InSpec audit resource to test packages that are installed using th
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `pip` resource block declares a package and (optionally) a package version:
|
data/docs/resources/port.md.erb
CHANGED
@@ -9,6 +9,16 @@ Use the `port` InSpec audit resource to test basic port properties, such as port
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `port` resource block declares a port, and then depending on what needs to be tested, a process, protocol, process identifier, and its state (is it listening?):
|
@@ -9,6 +9,16 @@ Use the `postgres_conf` InSpec audit resource to test the contents of the config
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `postgres_conf` resource block declares one (or more) settings in the `postgresql.conf` file, and then compares the setting in the configuration file to the value stated in the test:
|
@@ -9,6 +9,16 @@ Use the `postgres_hba_conf` InSpec audit resource to test the client authenticat
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.31.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An `postgres_hba_conf` InSpec audit resource block declares client authentication data that should be tested:
|
@@ -9,6 +9,16 @@ Use the `postgres_ident_conf` InSpec audit resource to test the client authentic
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.31.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An `postgres_ident_conf` InSpec audit resource block declares client authentication data that should be tested:
|
@@ -9,6 +9,16 @@ Use the `postgres_session` InSpec audit resource to test SQL commands run agains
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:
|
@@ -9,6 +9,16 @@ Use the `powershell` InSpec audit resource to test a Powershell script on the Wi
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `powershell` resource block declares a Powershell script to be tested, and then compares the output of that command to the matcher in the test:
|
@@ -9,6 +9,16 @@ Use the `processes` InSpec audit resource to test properties for programs that a
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `processes` resource block declares the name of the process to be tested, and then declares one (or more) property/value pairs:
|
@@ -9,6 +9,16 @@ Use the `rabbitmq_config` InSpec audit resource to test configuration data for t
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.20.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `rabbitmq_config` resource block declares the RabbitMQ configuration data to be tested:
|
@@ -9,6 +9,16 @@ Use the `registry_key` InSpec audit resource to test key values in the Windows r
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `registry_key` resource block declares the item in the Windows registry, the path to a setting under that item, and then one (or more) name/value pairs to be tested.
|
@@ -157,5 +167,31 @@ Any name with a dot will not work as expected: <code>its('explorer.exe') { shoul
|
|
157
167
|
# either use have_property_value...
|
158
168
|
it { should have_property_value('explorer.exe', :string, 'test') }
|
159
169
|
|
160
|
-
# ...or provide the
|
161
|
-
its(['explorer
|
170
|
+
# ...or provide the name in an array
|
171
|
+
its(['explorer.exe']) { should eq 'test' }
|
172
|
+
|
173
|
+
The latter workaround may be preferable because upon failure, Inspec will present the expected and actual values:
|
174
|
+
|
175
|
+
inspec> describe registry_key('HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop') do
|
176
|
+
inspec> its(["SCRNSAVE.EXE"]) { should eq "FlyingToasters.scr" }
|
177
|
+
inspec> end
|
178
|
+
|
179
|
+
Profile: inspec-shell
|
180
|
+
Version: (not specified)
|
181
|
+
|
182
|
+
Registry Key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop
|
183
|
+
× ["SCRNSAVE.EXE"] should eq "FlyingToasters.scr"
|
184
|
+
|
185
|
+
expected: "FlyingToasters.scr"
|
186
|
+
got: "scrnsave.scr"
|
187
|
+
|
188
|
+
(compared using ==)
|
189
|
+
|
190
|
+
|
191
|
+
Test Summary: 0 successful, 1 failure, 0 skipped
|
192
|
+
|
193
|
+
`have_property_value` only presents a false assertion:
|
194
|
+
|
195
|
+
Registry Key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop
|
196
|
+
× should have property value "SCRNSAVE.EXE", "FlyingToasters.scr"
|
197
|
+
expected #has_property_value?("SCRNSAVE.EXE", "FlyingToasters.scr") to return true, got false
|
@@ -9,6 +9,16 @@ Use the `runit_service` InSpec audit resource to test a service using runit.
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `runit_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
|
@@ -9,6 +9,16 @@ Use the `security_policy` InSpec audit resource to test security policies on the
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `security_policy` resource block declares the name of a security policy and the value to be tested:
|
@@ -11,6 +11,16 @@ Under some circumstances, it may be necessary to specify the service manager by
|
|
11
11
|
|
12
12
|
<br>
|
13
13
|
|
14
|
+
## Availability
|
15
|
+
|
16
|
+
### Installation
|
17
|
+
|
18
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
19
|
+
|
20
|
+
### Version
|
21
|
+
|
22
|
+
This resource first became available in v1.0.0 of InSpec.
|
23
|
+
|
14
24
|
## Syntax
|
15
25
|
|
16
26
|
A `service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
|
@@ -26,6 +26,16 @@ The `shadow` resource understands this format, allows you to search on the field
|
|
26
26
|
|
27
27
|
<br>
|
28
28
|
|
29
|
+
## Availability
|
30
|
+
|
31
|
+
### Installation
|
32
|
+
|
33
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
34
|
+
|
35
|
+
### Version
|
36
|
+
|
37
|
+
This resource first became available in v1.0.0 of InSpec.
|
38
|
+
|
29
39
|
## Resource Parameters
|
30
40
|
|
31
41
|
The `shadow` resource takes one optional parameter: the path to the shadow file. If omitted, `/etc/shadow` is assumed.
|
@@ -9,6 +9,16 @@ Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An `ssh_config` resource block declares the client OpenSSH configuration data to be tested:
|
@@ -9,6 +9,16 @@ Use the `sshd_config` InSpec audit resource to test configuration data for the O
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An `sshd_config` resource block declares the client OpenSSH configuration data to be tested:
|
data/docs/resources/ssl.md.erb
CHANGED
@@ -9,6 +9,16 @@ Use the `ssl` InSpec audit resource to test SSL settings for the named port.
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An `ssl` resource block declares an SSL port, and then other properties of the test like cipher and/or protocol:
|
@@ -9,6 +9,16 @@ Use the `sys_info` InSpec audit resource to test for operating system properties
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An `sys_info` resource block declares the hostname to be tested:
|
@@ -9,6 +9,16 @@ Use the `systemd_service` InSpec audit resource to test a service using SystemD.
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `systemd_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
|
@@ -9,6 +9,16 @@ Use the `sysv_service` InSpec audit resource to test a service using SystemV.
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `sysv_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
|
@@ -9,6 +9,16 @@ Use the `upstart_service` InSpec audit resource to test a service using Upstart.
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
An `upstart_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
|
data/docs/resources/user.md.erb
CHANGED
@@ -9,6 +9,16 @@ Use the `user` InSpec audit resource to test user profiles for a single, known/e
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `user` resource block declares a user name, and then one (or more) matchers:
|
data/docs/resources/users.md.erb
CHANGED
@@ -9,6 +9,16 @@ Use the `users` InSpec audit resource to look up all local users available on th
|
|
9
9
|
|
10
10
|
<br>
|
11
11
|
|
12
|
+
## Availability
|
13
|
+
|
14
|
+
### Installation
|
15
|
+
|
16
|
+
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
+
|
18
|
+
### Version
|
19
|
+
|
20
|
+
This resource first became available in v1.0.0 of InSpec.
|
21
|
+
|
12
22
|
## Syntax
|
13
23
|
|
14
24
|
A `users` resource block declares a user name, and then one (or more) matchers:
|