inspec-core 2.3.10 → 2.3.23

data/docs/resources/kernel_parameter.md.erb

@@ -1,63 +0,0 @@
----
-title: About the kernel_parameter Resource
-platform: linux
----
-
-# kernel_parameter
-
-Use the `kernel_parameter` InSpec audit resource to test kernel parameters on Linux platforms.
- These parameters are located under `/proc/cmdline`.
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-A `kernel_parameter` resource block declares a parameter and then a value to be tested:
-
-    describe kernel_parameter('path.to.parameter') do
-      its('value') { should eq 0 }
-    end
-
-where
-
-* `'kernel.parameter'` must specify a kernel parameter, such as `'net.ipv4.conf.all.forwarding'`
-* `{ should eq 0 }` states the value to be tested
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test if global forwarding is enabled for an IPv4 address
-
-    describe kernel_parameter('net.ipv4.conf.all.forwarding') do
-      its('value') { should eq 1 }
-    end
-
-### Test if global forwarding is disabled for an IPv6 address
-
-    describe kernel_parameter('net.ipv6.conf.all.forwarding') do
-      its('value') { should eq 0 }
-    end
-
-### Test if an IPv6 address accepts redirects
-
-    describe kernel_parameter('net.ipv6.conf.interface.accept_redirects') do
-      its('value') { should cmp 'true' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/key_rsa.md.erb

@@ -1,95 +0,0 @@
----
-title: The key_rsa Resource
-platform: os
----
-
-# key_rsa
-
-Use the `key_rsa` InSpec audit resource to test RSA public/private keypairs.
-
-This resource is mainly useful when used in conjunction with the x509_certificate resource but it can also be used for checking SSH keys.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.18.0 of InSpec.
-
-## Syntax
-
-An `key_rsa` resource block declares a `key file` to be tested.
-
-    describe key_rsa('mycertificate.key') do
-      it { should be_private }
-      it { should be_public }
-      its('public_key') { should match "-----BEGIN PUBLIC KEY-----\n3597459df9f3982" }
-      its('key_length') { should eq 2048 }
-    end
-
-You can use an optional passphrase with `key_rsa`
-
-    describe key_rsa('mycertificate.key', 'passphrase') do
-      it { should be_private }
-    end
-
-<br>
-
-## Properties
-
-  * `public_key`, `private_key`, `key_length`
-
-<br>
-
-## Property Examples
-
-### public_key (String)
-
-The `public_key` property returns the public part of the RSA key pair
-
-    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
-      its('public_key') { should match "-----BEGIN PUBLIC KEY-----\n3597459df9f3982......" }
-    end
-
-### private_key (String)
-
-The `private_key` property returns the private key or the RSA key pair.
-
-    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
-      its('private_key') { should match "-----BEGIN RSA PRIVATE KEY-----\nMIIJJwIBAAK......" }
-    end
-
-### key_length
-
-The `key_length` property allows testing the number of bits in the key pair.
-
-    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
-      its('key_length') { should eq 2048 }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### public?
-
-To verify if a key is public use the following:
-
-    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
-      it { should be_public }
-    end
-
-### private?
-
-This property verifies that the key includes a private key:
-
-    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
-      it { should be_private }
-    end

data/docs/resources/launchd_service.md.erb

@@ -1,67 +0,0 @@
----
-title: About the launchd_service Resource
-platform: linux
----
-
-# launchd_service
-
-Use the ``launchd_service`` InSpec audit resource to test a service using Launchd.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-A ``launchd_service`` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
-
-    describe launchd_service('service_name') do
-      it { should be_installed }
-      it { should be_enabled }
-      it { should be_running }
-    end
-
-where
-
-* ``('service_name')`` must specify a service name
-* `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
-
-The path to the service manager's control may be specified for situations where the path isn't available in the current ``PATH``. For example:
-
-    describe launchd_service('service_name', '/path/to/control') do
-      it { should be_enabled }
-      it { should be_installed }
-      it { should be_running }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### be_enabled
-
-The `be_enabled` matcher tests if the named service is enabled:
-
-    it { should be_enabled }
-
-### be_installed
-
-The `be_installed` matcher tests if the named service is installed:
-
-    it { should be_installed }
-
-### be_running
-
-The `be_running` matcher tests if the named service is running:
-
-    it { should be_running }

data/docs/resources/limits_conf.md.erb

@@ -1,85 +0,0 @@
----
-title: About the limits_conf Resource
-platform: linux
----
-
-# limits_conf
-
-Use the `limits_conf` InSpec audit resource to test configuration settings in the `/etc/security/limits.conf` file. The `limits.conf` defines limits for processes (by user and/or group names) and helps ensure that the system running those processes remains stable. Each process may be assigned a hard or soft limit.
-
-* Soft limits are maintained by the shell and defines the number of file handles (or open files) available to the user or group after login
-* Hard limits are maintained by the kernel and defines the maximum number of allowed file handles
-
-Entries in the `limits.conf` file are similar to:
-
-    grantmc     soft   nofile   4096
-    grantmc     hard   nofile   63536
-
-    ^^^^^^^^^   ^^^^   ^^^^^^   ^^^^^
-    domain      type    item    value
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-A `limits_conf` resource block declares a domain to be tested, along with associated type, item, and value:
-
-    describe limits_conf('path') do
-      its('domain') { should include ['type', 'item', 'value'] }
-      its('domain') { should eq ['type', 'item', 'value'] }
-    end
-
-where
-
-* `('path')` is the non-default path to the `inetd.conf` file
-* `'domain'` is a user or group name, such as `grantmc`
-* `'type'` is either `hard` or `soft`
-* `'item'` is the item for which limits are defined, such as `core`, `nofile`, `stack`, `nproc`, `priority`, or `maxlogins`
-* `'value'` is the value associated with the `item`
-
-<br>
-
-## Properties
-
-* `domain`
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### domain
-
-The `domain` property tests the domain in the `limits.conf` file, along with associated type, item, and value:
-
-    its('domain') { should include ['type', 'item', 'value'] }
-`
-For example:
-
-    its('grantmc') { should include ['hard', 'nofile', '63536'] }
-
-### Test limits
-
-    describe limits_conf('path') do
-      its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
-      its('ftp') { should eq ['hard', 'nproc', '0'] }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-

data/docs/resources/login_defs.md.erb

@@ -1,81 +0,0 @@
----
-title: About the login_defs Resource
-platform: linux
----
-
-# login_defs
-
-Use the `login_defs` InSpec audit resource to test configuration settings in the `/etc/login.defs` file. The `logins.defs` file defines site-specific configuration for the shadow password suite on Linux and Unix platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-A `login_defs` resource block declares the `login.defs` configuration data to be tested:
-
-    describe login_defs do
-      its('name') { should include('foo') }
-    end
-
-where
-
-* `name` is a configuration setting in `login.defs`
-* `{ should include('foo') }` tests the value of `name` as read from `login.defs` versus the value declared in the test
-
-<br>
-
-## Properties
-
-This resource supports the properties found in the `login.defs` configuration settings.
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### name
-
-The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test:
-
-    its('name') { should eq 'foo' }
-
-### Test password expiration settings
-
-    describe login_defs do
-      its('PASS_MAX_DAYS') { should eq '180' }
-      its('PASS_MIN_DAYS') { should eq '1' }
-      its('PASS_MIN_LEN') { should eq '15' }
-      its('PASS_WARN_AGE') { should eq '30' }
-    end
-
-### Test the encryption method
-
-    describe login_defs do
-      its('ENCRYPT_METHOD') { should eq 'SHA512' }
-    end
-
-### Test umask setting
-
-    describe login_def do
-      its('UMASK') { should eq '077' }
-      its('PASS_MAX_DAYS') { should eq '90' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-

data/docs/resources/mount.md.erb

@@ -1,79 +0,0 @@
----
-title: About the mount Resource
-platform: linux
----
-
-# mount
-
-Use the `mount` InSpec audit resource to test the mount points on FreeBSD and Linux systems.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-An `mount` resource block declares the synchronization settings that should be tested:
-
-    describe mount('path') do
-      it { should MATCHER 'value' }
-    end
-
-where
-
-* `('path')` is the path to the mounted directory
-* `MATCHER` is a valid matcher for this resource
-* `'value'` is the value to be tested
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test a the mount point on '/'
-
-    describe mount('/') do
-      it { should be_mounted }
-      its('device') { should eq  '/dev/mapper/VolGroup-lv_root' }
-      its('type') { should eq  'ext4' }
-      its('options') { should eq ['rw', 'mode=620'] }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### be_mounted
-
-The `be_mounted` matcher tests if the file is accessible from the file system:
-
-    it { should be_mounted }
-
-### device
-
-The `device` matcher tests the device from the `fstab` table:
-
-    its('device') { should eq  '/dev/mapper/VolGroup-lv_root' }
-
-### options
-
-The `options` matcher tests the mount options for the file system from the `fstab` table:
-
-    its('options') { should eq ['rw', 'mode=620'] }
-
-### type
-
-The `type` matcher tests the file system type:
-
-    its('type') { should eq  'ext4' }