inspec-core 2.3.10 → 2.3.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +34 -13
- data/etc/plugin_filters.json +25 -0
- data/inspec-core.gemspec +1 -1
- data/lib/bundles/inspec-compliance/api.rb +3 -0
- data/lib/bundles/inspec-compliance/configuration.rb +3 -0
- data/lib/bundles/inspec-compliance/http.rb +3 -0
- data/lib/bundles/inspec-compliance/support.rb +3 -0
- data/lib/bundles/inspec-compliance/target.rb +3 -0
- data/lib/inspec/objects/attribute.rb +3 -0
- data/lib/inspec/plugin/v2.rb +3 -0
- data/lib/inspec/plugin/v2/filter.rb +62 -0
- data/lib/inspec/plugin/v2/installer.rb +21 -1
- data/lib/inspec/plugin/v2/loader.rb +4 -0
- data/lib/inspec/profile.rb +3 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
- data/lib/resources/package.rb +1 -1
- metadata +4 -197
- data/docs/.gitignore +0 -2
- data/docs/README.md +0 -41
- data/docs/dev/control-eval.md +0 -62
- data/docs/dev/filtertable-internals.md +0 -353
- data/docs/dev/filtertable-usage.md +0 -533
- data/docs/dev/integration-testing.md +0 -31
- data/docs/dev/plugins.md +0 -323
- data/docs/dsl_inspec.md +0 -354
- data/docs/dsl_resource.md +0 -100
- data/docs/glossary.md +0 -381
- data/docs/habitat.md +0 -193
- data/docs/inspec_and_friends.md +0 -114
- data/docs/matchers.md +0 -161
- data/docs/migration.md +0 -293
- data/docs/platforms.md +0 -119
- data/docs/plugin_kitchen_inspec.md +0 -60
- data/docs/plugins.md +0 -57
- data/docs/profiles.md +0 -576
- data/docs/reporters.md +0 -170
- data/docs/resources/aide_conf.md.erb +0 -86
- data/docs/resources/apache.md.erb +0 -77
- data/docs/resources/apache_conf.md.erb +0 -78
- data/docs/resources/apt.md.erb +0 -81
- data/docs/resources/audit_policy.md.erb +0 -57
- data/docs/resources/auditd.md.erb +0 -89
- data/docs/resources/auditd_conf.md.erb +0 -78
- data/docs/resources/bash.md.erb +0 -85
- data/docs/resources/bond.md.erb +0 -100
- data/docs/resources/bridge.md.erb +0 -67
- data/docs/resources/bsd_service.md.erb +0 -77
- data/docs/resources/chocolatey_package.md.erb +0 -68
- data/docs/resources/command.md.erb +0 -176
- data/docs/resources/cpan.md.erb +0 -89
- data/docs/resources/cran.md.erb +0 -74
- data/docs/resources/crontab.md.erb +0 -103
- data/docs/resources/csv.md.erb +0 -64
- data/docs/resources/dh_params.md.erb +0 -221
- data/docs/resources/directory.md.erb +0 -40
- data/docs/resources/docker.md.erb +0 -240
- data/docs/resources/docker_container.md.erb +0 -113
- data/docs/resources/docker_image.md.erb +0 -104
- data/docs/resources/docker_plugin.md.erb +0 -80
- data/docs/resources/docker_service.md.erb +0 -124
- data/docs/resources/elasticsearch.md.erb +0 -252
- data/docs/resources/etc_fstab.md.erb +0 -135
- data/docs/resources/etc_group.md.erb +0 -85
- data/docs/resources/etc_hosts.md.erb +0 -88
- data/docs/resources/etc_hosts_allow.md.erb +0 -84
- data/docs/resources/etc_hosts_deny.md.erb +0 -84
- data/docs/resources/file.md.erb +0 -543
- data/docs/resources/filesystem.md.erb +0 -51
- data/docs/resources/firewalld.md.erb +0 -117
- data/docs/resources/gem.md.erb +0 -108
- data/docs/resources/group.md.erb +0 -71
- data/docs/resources/grub_conf.md.erb +0 -111
- data/docs/resources/host.md.erb +0 -96
- data/docs/resources/http.md.erb +0 -207
- data/docs/resources/iis_app.md.erb +0 -132
- data/docs/resources/iis_site.md.erb +0 -145
- data/docs/resources/inetd_conf.md.erb +0 -104
- data/docs/resources/ini.md.erb +0 -86
- data/docs/resources/interface.md.erb +0 -68
- data/docs/resources/iptables.md.erb +0 -74
- data/docs/resources/json.md.erb +0 -73
- data/docs/resources/kernel_module.md.erb +0 -130
- data/docs/resources/kernel_parameter.md.erb +0 -63
- data/docs/resources/key_rsa.md.erb +0 -95
- data/docs/resources/launchd_service.md.erb +0 -67
- data/docs/resources/limits_conf.md.erb +0 -85
- data/docs/resources/login_defs.md.erb +0 -81
- data/docs/resources/mount.md.erb +0 -79
- data/docs/resources/mssql_session.md.erb +0 -78
- data/docs/resources/mysql_conf.md.erb +0 -109
- data/docs/resources/mysql_session.md.erb +0 -84
- data/docs/resources/nginx.md.erb +0 -89
- data/docs/resources/nginx_conf.md.erb +0 -148
- data/docs/resources/npm.md.erb +0 -78
- data/docs/resources/ntp_conf.md.erb +0 -70
- data/docs/resources/oneget.md.erb +0 -63
- data/docs/resources/oracledb_session.md.erb +0 -103
- data/docs/resources/os.md.erb +0 -153
- data/docs/resources/os_env.md.erb +0 -101
- data/docs/resources/package.md.erb +0 -130
- data/docs/resources/packages.md.erb +0 -77
- data/docs/resources/parse_config.md.erb +0 -113
- data/docs/resources/parse_config_file.md.erb +0 -148
- data/docs/resources/passwd.md.erb +0 -151
- data/docs/resources/pip.md.erb +0 -77
- data/docs/resources/port.md.erb +0 -147
- data/docs/resources/postgres_conf.md.erb +0 -89
- data/docs/resources/postgres_hba_conf.md.erb +0 -103
- data/docs/resources/postgres_ident_conf.md.erb +0 -86
- data/docs/resources/postgres_session.md.erb +0 -79
- data/docs/resources/powershell.md.erb +0 -112
- data/docs/resources/processes.md.erb +0 -119
- data/docs/resources/rabbitmq_config.md.erb +0 -51
- data/docs/resources/registry_key.md.erb +0 -197
- data/docs/resources/runit_service.md.erb +0 -67
- data/docs/resources/security_policy.md.erb +0 -57
- data/docs/resources/service.md.erb +0 -131
- data/docs/resources/shadow.md.erb +0 -267
- data/docs/resources/ssh_config.md.erb +0 -83
- data/docs/resources/sshd_config.md.erb +0 -93
- data/docs/resources/ssl.md.erb +0 -129
- data/docs/resources/sys_info.md.erb +0 -52
- data/docs/resources/systemd_service.md.erb +0 -67
- data/docs/resources/sysv_service.md.erb +0 -67
- data/docs/resources/upstart_service.md.erb +0 -67
- data/docs/resources/user.md.erb +0 -150
- data/docs/resources/users.md.erb +0 -137
- data/docs/resources/vbscript.md.erb +0 -65
- data/docs/resources/virtualization.md.erb +0 -67
- data/docs/resources/windows_feature.md.erb +0 -69
- data/docs/resources/windows_hotfix.md.erb +0 -63
- data/docs/resources/windows_task.md.erb +0 -95
- data/docs/resources/wmi.md.erb +0 -91
- data/docs/resources/x509_certificate.md.erb +0 -161
- data/docs/resources/xinetd_conf.md.erb +0 -166
- data/docs/resources/xml.md.erb +0 -95
- data/docs/resources/yaml.md.erb +0 -79
- data/docs/resources/yum.md.erb +0 -108
- data/docs/resources/zfs_dataset.md.erb +0 -63
- data/docs/resources/zfs_pool.md.erb +0 -57
- data/docs/shared/matcher_be.md.erb +0 -1
- data/docs/shared/matcher_cmp.md.erb +0 -43
- data/docs/shared/matcher_eq.md.erb +0 -3
- data/docs/shared/matcher_include.md.erb +0 -1
- data/docs/shared/matcher_match.md.erb +0 -1
- data/docs/shell.md +0 -217
- data/docs/style.md +0 -178
- data/examples/README.md +0 -8
- data/examples/custom-resource/README.md +0 -3
- data/examples/custom-resource/controls/example.rb +0 -7
- data/examples/custom-resource/inspec.yml +0 -8
- data/examples/custom-resource/libraries/batsignal.rb +0 -20
- data/examples/custom-resource/libraries/gordon.rb +0 -21
- data/examples/inheritance/README.md +0 -65
- data/examples/inheritance/controls/example.rb +0 -14
- data/examples/inheritance/inspec.yml +0 -16
- data/examples/kitchen-ansible/.kitchen.yml +0 -25
- data/examples/kitchen-ansible/Gemfile +0 -19
- data/examples/kitchen-ansible/README.md +0 -53
- data/examples/kitchen-ansible/files/nginx.repo +0 -6
- data/examples/kitchen-ansible/tasks/main.yml +0 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
- data/examples/kitchen-chef/.kitchen.yml +0 -20
- data/examples/kitchen-chef/Berksfile +0 -3
- data/examples/kitchen-chef/Gemfile +0 -19
- data/examples/kitchen-chef/README.md +0 -27
- data/examples/kitchen-chef/metadata.rb +0 -7
- data/examples/kitchen-chef/recipes/default.rb +0 -6
- data/examples/kitchen-chef/recipes/nginx.rb +0 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
- data/examples/kitchen-puppet/.kitchen.yml +0 -23
- data/examples/kitchen-puppet/Gemfile +0 -20
- data/examples/kitchen-puppet/Puppetfile +0 -25
- data/examples/kitchen-puppet/README.md +0 -53
- data/examples/kitchen-puppet/manifests/site.pp +0 -33
- data/examples/kitchen-puppet/metadata.json +0 -11
- data/examples/kitchen-puppet/modules/.gitkeep +0 -0
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
- data/examples/meta-profile/README.md +0 -37
- data/examples/meta-profile/controls/example.rb +0 -13
- data/examples/meta-profile/inspec.yml +0 -13
- data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
- data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
- data/examples/plugins/inspec-resource-lister/README.md +0 -62
- data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
- data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
- data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
- data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
- data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
- data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
- data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
- data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
- data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
- data/examples/profile-attribute.yml +0 -2
- data/examples/profile-attribute/README.md +0 -14
- data/examples/profile-attribute/controls/example.rb +0 -11
- data/examples/profile-attribute/inspec.yml +0 -8
- data/examples/profile-sensitive/README.md +0 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
- data/examples/profile-sensitive/controls/sensitive.rb +0 -9
- data/examples/profile-sensitive/inspec.yml +0 -8
- data/examples/profile/README.md +0 -48
- data/examples/profile/controls/example.rb +0 -24
- data/examples/profile/controls/gordon.rb +0 -36
- data/examples/profile/controls/meta.rb +0 -36
- data/examples/profile/inspec.yml +0 -11
- data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,51 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the filesystem Resource
|
3
|
-
platform: linux
|
4
|
-
---
|
5
|
-
|
6
|
-
# filesystem
|
7
|
-
|
8
|
-
Use the `filesystem` InSpec resource to audit filesystem disk space usage.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Availability
|
13
|
-
|
14
|
-
### Installation
|
15
|
-
|
16
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
-
|
18
|
-
### Version
|
19
|
-
|
20
|
-
This resource first became available in v1.51.0 of InSpec.
|
21
|
-
|
22
|
-
## Syntax
|
23
|
-
|
24
|
-
A `filesystem` resource block declares tests for disk space in a partition:
|
25
|
-
|
26
|
-
describe filesystem('/') do
|
27
|
-
its('size') { should be >= 32000 }
|
28
|
-
end
|
29
|
-
|
30
|
-
where
|
31
|
-
|
32
|
-
* `filesystem('/')` states that the resource will look at the root (/) partition.
|
33
|
-
* `size` is measured in kilobytes (KB).
|
34
|
-
|
35
|
-
<br>
|
36
|
-
|
37
|
-
## Resource Property Examples
|
38
|
-
|
39
|
-
The following examples show how to use this InSpec audit resource.
|
40
|
-
|
41
|
-
### Test if the root partition is greater than 32000 KB
|
42
|
-
|
43
|
-
describe filesystem('/') do
|
44
|
-
its('size') { should be >= 32000 }
|
45
|
-
end
|
46
|
-
|
47
|
-
<br>
|
48
|
-
|
49
|
-
## Matchers
|
50
|
-
|
51
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
@@ -1,117 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the firewalld Resource
|
3
|
-
platform: linux
|
4
|
-
---
|
5
|
-
|
6
|
-
# firewalld
|
7
|
-
|
8
|
-
Use the `firewalld` InSpec audit resource to test that firewalld is configured to allow and deny access to specific hosts, services and ports on a system.
|
9
|
-
|
10
|
-
A firewalld has a number of zones that can be configured to allow and deny access to specific hosts, services, and ports.
|
11
|
-
|
12
|
-
<br>
|
13
|
-
|
14
|
-
## Availability
|
15
|
-
|
16
|
-
### Installation
|
17
|
-
|
18
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
19
|
-
|
20
|
-
### Version
|
21
|
-
|
22
|
-
This resource first became available in v1.40.0 of InSpec.
|
23
|
-
|
24
|
-
## Syntax
|
25
|
-
|
26
|
-
describe firewalld do
|
27
|
-
it { should be_running }
|
28
|
-
its('default_zone') { should eq 'public' }
|
29
|
-
it { should have_service_enabled_in_zone('ssh', 'public') }
|
30
|
-
it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') }
|
31
|
-
end
|
32
|
-
|
33
|
-
Use the where clause to test open interfaces, sources, and services in active zones.
|
34
|
-
|
35
|
-
describe firewalld.where { zone == 'public' } do
|
36
|
-
its('interfaces') { should cmp ['enp0s3', 'eno2'] }
|
37
|
-
its('sources') { should cmp ['192.168.1.0/24', '192.168.1.2'] }
|
38
|
-
its('services') { should cmp ['ssh', 'icmp'] }
|
39
|
-
end
|
40
|
-
|
41
|
-
<br>
|
42
|
-
|
43
|
-
## Properties
|
44
|
-
|
45
|
-
### interfaces
|
46
|
-
|
47
|
-
The `interfaces` property is used in conjunction with the where class to display open interfaces in an active zone.
|
48
|
-
|
49
|
-
describe firewalld.where { zone == 'public' } do
|
50
|
-
its('interfaces') { should cmp ['enp0s3', 'eno2'] }
|
51
|
-
end
|
52
|
-
|
53
|
-
### sources
|
54
|
-
|
55
|
-
The `sources` property is used in conjunction with the where class to display open sources in an active zone.
|
56
|
-
|
57
|
-
describe firewalld.where { zone == 'public' } do
|
58
|
-
its('sources') { should cmp ['192.168.1.0/24', '192.168.1.2'] }
|
59
|
-
end
|
60
|
-
|
61
|
-
### services
|
62
|
-
|
63
|
-
The `services` property is used in conjunction with the where class to display open services in an active zone.
|
64
|
-
|
65
|
-
describe firewalld.where { zone == 'public' } do
|
66
|
-
its('services') { should cmp ['ssh', 'icmp'] }
|
67
|
-
end
|
68
|
-
|
69
|
-
### default_zone
|
70
|
-
|
71
|
-
The `default_zone` property displays the default active zone to be used.
|
72
|
-
|
73
|
-
its('default_zone') { should eq 'public' }
|
74
|
-
|
75
|
-
<br>
|
76
|
-
|
77
|
-
## Matchers
|
78
|
-
|
79
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
80
|
-
|
81
|
-
### `be_installed`
|
82
|
-
|
83
|
-
The `be_installed` matcher tests if the firewalld service is installed:
|
84
|
-
|
85
|
-
it { should be_installed }
|
86
|
-
|
87
|
-
### `be_running`
|
88
|
-
|
89
|
-
The `be_running` matcher tests if the firewalld service is running:
|
90
|
-
|
91
|
-
it { should be_running }
|
92
|
-
|
93
|
-
### `have_zone`
|
94
|
-
|
95
|
-
`have_zone` returns true or false if the zone is set on firewalld. It does not mean the zone is active.
|
96
|
-
|
97
|
-
it { should have_zone('public') }
|
98
|
-
|
99
|
-
### `have_service_enabled_in_zone`
|
100
|
-
|
101
|
-
`have_service_enabled_in_zone` returns true or false if the service is allowed in the specified zone.
|
102
|
-
|
103
|
-
it { should have_service_enabled_in_zone('ssh', 'public') }
|
104
|
-
|
105
|
-
### `have_port_enabled_in_zone`
|
106
|
-
|
107
|
-
`have_port_enabled_in_zone` returns true or false if the port is allowed in the specified zone.
|
108
|
-
|
109
|
-
it { should have_port_enabled_in_zone('22/tcp', 'public') }
|
110
|
-
|
111
|
-
### `have_rule_enabled`
|
112
|
-
|
113
|
-
`have_rule_enabled` returns true or false if the rich-rule has been specified in the zone.
|
114
|
-
|
115
|
-
it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') }
|
116
|
-
|
117
|
-
It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action
|
data/docs/resources/gem.md.erb
DELETED
@@ -1,108 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the gem Resource
|
3
|
-
platform: os
|
4
|
-
---
|
5
|
-
|
6
|
-
# gem
|
7
|
-
|
8
|
-
Use the `gem` InSpec audit resource to test if a global Gem package is installed.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Availability
|
13
|
-
|
14
|
-
### Installation
|
15
|
-
|
16
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
-
|
18
|
-
### Version
|
19
|
-
|
20
|
-
This resource first became available in v1.0.0 of InSpec.
|
21
|
-
|
22
|
-
## Syntax
|
23
|
-
|
24
|
-
A `gem` resource block declares a package and (optionally) a package version:
|
25
|
-
|
26
|
-
describe gem('gem_package_name', 'gem_binary') do
|
27
|
-
it { should be_installed }
|
28
|
-
end
|
29
|
-
|
30
|
-
where
|
31
|
-
|
32
|
-
* `('gem_package_name')` must specify a Gem package, such as `'rubocop'`
|
33
|
-
* `('gem_binary')` can specify the path to a non-default gem binary, defaults to `'gem'`
|
34
|
-
* `be_installed` is a valid matcher for this resource
|
35
|
-
|
36
|
-
<br>
|
37
|
-
|
38
|
-
## Resource Property Examples
|
39
|
-
|
40
|
-
The following examples show how to use this InSpec audit resource.
|
41
|
-
|
42
|
-
### Verify that a gem package is installed, with a specific version
|
43
|
-
|
44
|
-
describe gem('rubocop') do
|
45
|
-
it { should be_installed }
|
46
|
-
its('version') { should eq '0.33.0' }
|
47
|
-
end
|
48
|
-
|
49
|
-
### Verify that a particular version is installed when there are multiple versions installed
|
50
|
-
|
51
|
-
describe gem('rubocop') do
|
52
|
-
it { should be_installed }
|
53
|
-
its('versions') { should include /0.51.0/ }
|
54
|
-
its('versions.count') { should_not be > 3 }
|
55
|
-
end
|
56
|
-
|
57
|
-
|
58
|
-
### Verify that a gem package is not installed
|
59
|
-
|
60
|
-
describe gem('rubocop') do
|
61
|
-
it { should_not be_installed }
|
62
|
-
end
|
63
|
-
|
64
|
-
### Verify that a gem package is installed in an omnibus environment
|
65
|
-
|
66
|
-
describe gem('pry', '/opt/ruby-2.3.1/embedded/bin/gem') do
|
67
|
-
it { should be_installed }
|
68
|
-
end
|
69
|
-
|
70
|
-
### Verify that a gem package is installed in a chef omnibus environment
|
71
|
-
|
72
|
-
describe gem('chef-sugar', :chef) do
|
73
|
-
it { should be_installed }
|
74
|
-
end
|
75
|
-
|
76
|
-
### Verify that a gem package is installed in a chef-server omnibus environment
|
77
|
-
|
78
|
-
describe gem('knife-backup', :chef_server) do
|
79
|
-
it { should be_installed }
|
80
|
-
end
|
81
|
-
|
82
|
-
<br>
|
83
|
-
|
84
|
-
## Properties
|
85
|
-
|
86
|
-
### version (String)
|
87
|
-
|
88
|
-
The `version` property returns a string of the default version on the system:
|
89
|
-
|
90
|
-
its('version') { should eq '0.33.0' }
|
91
|
-
|
92
|
-
### versions
|
93
|
-
|
94
|
-
The `versions` property returns an array of strings of all the versions of the gem installed on the system:
|
95
|
-
|
96
|
-
its('versions') { should include /0.33/ }
|
97
|
-
|
98
|
-
|
99
|
-
## Matchers
|
100
|
-
|
101
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
102
|
-
|
103
|
-
### be_installed
|
104
|
-
|
105
|
-
The `be_installed` matcher tests if the named Gem package is installed:
|
106
|
-
|
107
|
-
it { should be_installed }
|
108
|
-
|
data/docs/resources/group.md.erb
DELETED
@@ -1,71 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the group Resource
|
3
|
-
platform: os
|
4
|
-
---
|
5
|
-
|
6
|
-
# group
|
7
|
-
|
8
|
-
Use the `group` InSpec audit resource to test groups on the system.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Availability
|
13
|
-
|
14
|
-
### Installation
|
15
|
-
|
16
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
-
|
18
|
-
### Version
|
19
|
-
|
20
|
-
This resource first became available in v1.0.0 of InSpec.
|
21
|
-
|
22
|
-
## Syntax
|
23
|
-
|
24
|
-
A `group` resource block declares a group, and then the details to be tested, such as if the group is a local group, the group identifier, or if the group exists:
|
25
|
-
|
26
|
-
describe group('group_name') do
|
27
|
-
it { should exist }
|
28
|
-
its('gid') { should eq 0 }
|
29
|
-
end
|
30
|
-
|
31
|
-
where
|
32
|
-
|
33
|
-
* `'group_name'` must specify the name of a group on the system
|
34
|
-
* `exist` and `'gid'` are valid matchers for this resource
|
35
|
-
|
36
|
-
<br>
|
37
|
-
|
38
|
-
## Examples
|
39
|
-
|
40
|
-
The following examples show how to use this InSpec audit resource.
|
41
|
-
|
42
|
-
### Test the group identifier for the root group
|
43
|
-
|
44
|
-
describe group('root') do
|
45
|
-
it { should exist }
|
46
|
-
its('gid') { should eq 0 }
|
47
|
-
end
|
48
|
-
|
49
|
-
<br>
|
50
|
-
|
51
|
-
## Matchers
|
52
|
-
|
53
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
54
|
-
|
55
|
-
### be_local
|
56
|
-
|
57
|
-
The `be_local` matcher tests if the group is a local group:
|
58
|
-
|
59
|
-
it { should be_local }
|
60
|
-
|
61
|
-
### exist
|
62
|
-
|
63
|
-
The `exist` matcher tests if the named user exists:
|
64
|
-
|
65
|
-
it { should exist }
|
66
|
-
|
67
|
-
### gid
|
68
|
-
|
69
|
-
The `gid` matcher tests the named group identifier:
|
70
|
-
|
71
|
-
its('gid') { should eq 1234 }
|
@@ -1,111 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the grub_conf Resource
|
3
|
-
platform: linux
|
4
|
-
---
|
5
|
-
|
6
|
-
# grub_conf
|
7
|
-
|
8
|
-
Grub is a boot loader on the Linux platform used to load and then transfer control to an operating system kernel, after which that kernel initializes the rest of the operating system. Use the `grub_conf` InSpec audit resource to test boot loader configuration settings that are defined in the `grub.conf` configuration file.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Availability
|
13
|
-
|
14
|
-
### Installation
|
15
|
-
|
16
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
-
|
18
|
-
### Version
|
19
|
-
|
20
|
-
This resource first became available in v1.0.0 of InSpec.
|
21
|
-
|
22
|
-
## Syntax
|
23
|
-
|
24
|
-
A `grub_conf` resource block declares a list of settings in a `grub.conf` file:
|
25
|
-
|
26
|
-
describe grub_conf('path', 'kernel') do
|
27
|
-
its('setting') { should eq 'value' }
|
28
|
-
end
|
29
|
-
|
30
|
-
or:
|
31
|
-
|
32
|
-
describe grub_conf('path') do
|
33
|
-
its('default') { should eq '0' } #
|
34
|
-
its('setting') { should eq 'value' }
|
35
|
-
end
|
36
|
-
|
37
|
-
where
|
38
|
-
|
39
|
-
* `'service_name'` is a service listed in the `grub.conf` file
|
40
|
-
* `'path'` is the path to the `grub.conf` file
|
41
|
-
* `'kernel'` specifies the default kernel (by using `'default'`) or a specific kernel; `'default'` defines the position in the list of kernels at which the default kernel is defined, i.e. `should eq '0'` for the first kernel listed or `'path', 'default'` to use the default kernel as specified in the `grub.conf` file
|
42
|
-
* `'value'` is the value that is expected
|
43
|
-
|
44
|
-
<br>
|
45
|
-
|
46
|
-
## Examples
|
47
|
-
|
48
|
-
The following examples show how to use this InSpec audit resource.
|
49
|
-
|
50
|
-
### Test a grub.conf file
|
51
|
-
|
52
|
-
A Grub configuration file located at `/etc/grub.conf` is similar to the following:
|
53
|
-
|
54
|
-
# grub.conf generated by anaconda
|
55
|
-
#
|
56
|
-
# Note: You do not need to rerun grub after making changes to this file
|
57
|
-
# NOTICE: You have a /boot partition. This means that
|
58
|
-
# all kernel and initrd paths are relative to /boot/, eg.
|
59
|
-
# root (hd0,0)
|
60
|
-
# kernel /vmlinuz-version ro root=/dev/hda6
|
61
|
-
# initrd /initrd-version.img
|
62
|
-
#boot=/dev/hda
|
63
|
-
default=0
|
64
|
-
timeout=10
|
65
|
-
splashimage=(hd0,0)/grub/splash.xpm.gz
|
66
|
-
title Red Hat Enterprise Linux ES (2.6.32-573.7.1.el6.x86_64)
|
67
|
-
root (hd0,0)
|
68
|
-
kernel /vmlinuz-2.6.32-573.7.1.el6.x86_64 ro root=/dev/hda6
|
69
|
-
initrd /initrd-2.6.32-573.7.1.el6.x86_64.img
|
70
|
-
title Red Hat Enterprise Linux ES (2.6.32-358.14.1.el6.x86_64)
|
71
|
-
root (hd0,0)
|
72
|
-
kernel /vmlinuz-2.6.32-358.14.1.el6.x86_64 ro root=/dev/hda6 ramdisk_size=400000
|
73
|
-
initrd /initrd-2.6.32-358.14.1.el6.x86_64.img
|
74
|
-
|
75
|
-
This file defines two versions of RedHat Enterprise Linux, with version `2.6.32-573.7.1.el6.x86_64` specified as the default.
|
76
|
-
|
77
|
-
The following test verifies the kernel, ensures that kernel is the default kernel, its initial RAM disk (`initrd`), and the timeout:
|
78
|
-
|
79
|
-
describe grub_conf('/etc/grub.conf', 'default') do
|
80
|
-
its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
|
81
|
-
its('initrd') { should include '/initrd-2.6.32-573.7.1.el6.x86_64.img' }
|
82
|
-
its('default') { should_not eq '1' }
|
83
|
-
its('timeout') { should eq '10' }
|
84
|
-
end
|
85
|
-
|
86
|
-
The following test verifies the `ramdisk_size` for the non-default kernel:
|
87
|
-
|
88
|
-
describe grub_conf('/etc/grub.conf', 'Red Hat Enterprise Linux ES (2.6.32-358.14.1.el6.x86_64)') do
|
89
|
-
its('kernel') { should include 'ramdisk_size=400000' }
|
90
|
-
end
|
91
|
-
|
92
|
-
### Test a configuration file and boot configuration
|
93
|
-
|
94
|
-
describe grub_conf('/etc/grub.conf', 'default') do
|
95
|
-
its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
|
96
|
-
its('initrd') { should include '/initramfs-2.6.32-573.el6.x86_64.img=1' }
|
97
|
-
its('default') { should_not eq '1' }
|
98
|
-
its('timeout') { should eq '5' }
|
99
|
-
end
|
100
|
-
|
101
|
-
### Test a specific kernel
|
102
|
-
|
103
|
-
grub_conf('/etc/grub.conf', 'CentOS (2.6.32-573.12.1.el6.x86_64)') do
|
104
|
-
its('kernel') { should include 'audit=1' }
|
105
|
-
end
|
106
|
-
|
107
|
-
<br>
|
108
|
-
|
109
|
-
## Matchers
|
110
|
-
|
111
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|