inspec-core 2.3.10 → 2.3.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +34 -13
- data/etc/plugin_filters.json +25 -0
- data/inspec-core.gemspec +1 -1
- data/lib/bundles/inspec-compliance/api.rb +3 -0
- data/lib/bundles/inspec-compliance/configuration.rb +3 -0
- data/lib/bundles/inspec-compliance/http.rb +3 -0
- data/lib/bundles/inspec-compliance/support.rb +3 -0
- data/lib/bundles/inspec-compliance/target.rb +3 -0
- data/lib/inspec/objects/attribute.rb +3 -0
- data/lib/inspec/plugin/v2.rb +3 -0
- data/lib/inspec/plugin/v2/filter.rb +62 -0
- data/lib/inspec/plugin/v2/installer.rb +21 -1
- data/lib/inspec/plugin/v2/loader.rb +4 -0
- data/lib/inspec/profile.rb +3 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
- data/lib/resources/package.rb +1 -1
- metadata +4 -197
- data/docs/.gitignore +0 -2
- data/docs/README.md +0 -41
- data/docs/dev/control-eval.md +0 -62
- data/docs/dev/filtertable-internals.md +0 -353
- data/docs/dev/filtertable-usage.md +0 -533
- data/docs/dev/integration-testing.md +0 -31
- data/docs/dev/plugins.md +0 -323
- data/docs/dsl_inspec.md +0 -354
- data/docs/dsl_resource.md +0 -100
- data/docs/glossary.md +0 -381
- data/docs/habitat.md +0 -193
- data/docs/inspec_and_friends.md +0 -114
- data/docs/matchers.md +0 -161
- data/docs/migration.md +0 -293
- data/docs/platforms.md +0 -119
- data/docs/plugin_kitchen_inspec.md +0 -60
- data/docs/plugins.md +0 -57
- data/docs/profiles.md +0 -576
- data/docs/reporters.md +0 -170
- data/docs/resources/aide_conf.md.erb +0 -86
- data/docs/resources/apache.md.erb +0 -77
- data/docs/resources/apache_conf.md.erb +0 -78
- data/docs/resources/apt.md.erb +0 -81
- data/docs/resources/audit_policy.md.erb +0 -57
- data/docs/resources/auditd.md.erb +0 -89
- data/docs/resources/auditd_conf.md.erb +0 -78
- data/docs/resources/bash.md.erb +0 -85
- data/docs/resources/bond.md.erb +0 -100
- data/docs/resources/bridge.md.erb +0 -67
- data/docs/resources/bsd_service.md.erb +0 -77
- data/docs/resources/chocolatey_package.md.erb +0 -68
- data/docs/resources/command.md.erb +0 -176
- data/docs/resources/cpan.md.erb +0 -89
- data/docs/resources/cran.md.erb +0 -74
- data/docs/resources/crontab.md.erb +0 -103
- data/docs/resources/csv.md.erb +0 -64
- data/docs/resources/dh_params.md.erb +0 -221
- data/docs/resources/directory.md.erb +0 -40
- data/docs/resources/docker.md.erb +0 -240
- data/docs/resources/docker_container.md.erb +0 -113
- data/docs/resources/docker_image.md.erb +0 -104
- data/docs/resources/docker_plugin.md.erb +0 -80
- data/docs/resources/docker_service.md.erb +0 -124
- data/docs/resources/elasticsearch.md.erb +0 -252
- data/docs/resources/etc_fstab.md.erb +0 -135
- data/docs/resources/etc_group.md.erb +0 -85
- data/docs/resources/etc_hosts.md.erb +0 -88
- data/docs/resources/etc_hosts_allow.md.erb +0 -84
- data/docs/resources/etc_hosts_deny.md.erb +0 -84
- data/docs/resources/file.md.erb +0 -543
- data/docs/resources/filesystem.md.erb +0 -51
- data/docs/resources/firewalld.md.erb +0 -117
- data/docs/resources/gem.md.erb +0 -108
- data/docs/resources/group.md.erb +0 -71
- data/docs/resources/grub_conf.md.erb +0 -111
- data/docs/resources/host.md.erb +0 -96
- data/docs/resources/http.md.erb +0 -207
- data/docs/resources/iis_app.md.erb +0 -132
- data/docs/resources/iis_site.md.erb +0 -145
- data/docs/resources/inetd_conf.md.erb +0 -104
- data/docs/resources/ini.md.erb +0 -86
- data/docs/resources/interface.md.erb +0 -68
- data/docs/resources/iptables.md.erb +0 -74
- data/docs/resources/json.md.erb +0 -73
- data/docs/resources/kernel_module.md.erb +0 -130
- data/docs/resources/kernel_parameter.md.erb +0 -63
- data/docs/resources/key_rsa.md.erb +0 -95
- data/docs/resources/launchd_service.md.erb +0 -67
- data/docs/resources/limits_conf.md.erb +0 -85
- data/docs/resources/login_defs.md.erb +0 -81
- data/docs/resources/mount.md.erb +0 -79
- data/docs/resources/mssql_session.md.erb +0 -78
- data/docs/resources/mysql_conf.md.erb +0 -109
- data/docs/resources/mysql_session.md.erb +0 -84
- data/docs/resources/nginx.md.erb +0 -89
- data/docs/resources/nginx_conf.md.erb +0 -148
- data/docs/resources/npm.md.erb +0 -78
- data/docs/resources/ntp_conf.md.erb +0 -70
- data/docs/resources/oneget.md.erb +0 -63
- data/docs/resources/oracledb_session.md.erb +0 -103
- data/docs/resources/os.md.erb +0 -153
- data/docs/resources/os_env.md.erb +0 -101
- data/docs/resources/package.md.erb +0 -130
- data/docs/resources/packages.md.erb +0 -77
- data/docs/resources/parse_config.md.erb +0 -113
- data/docs/resources/parse_config_file.md.erb +0 -148
- data/docs/resources/passwd.md.erb +0 -151
- data/docs/resources/pip.md.erb +0 -77
- data/docs/resources/port.md.erb +0 -147
- data/docs/resources/postgres_conf.md.erb +0 -89
- data/docs/resources/postgres_hba_conf.md.erb +0 -103
- data/docs/resources/postgres_ident_conf.md.erb +0 -86
- data/docs/resources/postgres_session.md.erb +0 -79
- data/docs/resources/powershell.md.erb +0 -112
- data/docs/resources/processes.md.erb +0 -119
- data/docs/resources/rabbitmq_config.md.erb +0 -51
- data/docs/resources/registry_key.md.erb +0 -197
- data/docs/resources/runit_service.md.erb +0 -67
- data/docs/resources/security_policy.md.erb +0 -57
- data/docs/resources/service.md.erb +0 -131
- data/docs/resources/shadow.md.erb +0 -267
- data/docs/resources/ssh_config.md.erb +0 -83
- data/docs/resources/sshd_config.md.erb +0 -93
- data/docs/resources/ssl.md.erb +0 -129
- data/docs/resources/sys_info.md.erb +0 -52
- data/docs/resources/systemd_service.md.erb +0 -67
- data/docs/resources/sysv_service.md.erb +0 -67
- data/docs/resources/upstart_service.md.erb +0 -67
- data/docs/resources/user.md.erb +0 -150
- data/docs/resources/users.md.erb +0 -137
- data/docs/resources/vbscript.md.erb +0 -65
- data/docs/resources/virtualization.md.erb +0 -67
- data/docs/resources/windows_feature.md.erb +0 -69
- data/docs/resources/windows_hotfix.md.erb +0 -63
- data/docs/resources/windows_task.md.erb +0 -95
- data/docs/resources/wmi.md.erb +0 -91
- data/docs/resources/x509_certificate.md.erb +0 -161
- data/docs/resources/xinetd_conf.md.erb +0 -166
- data/docs/resources/xml.md.erb +0 -95
- data/docs/resources/yaml.md.erb +0 -79
- data/docs/resources/yum.md.erb +0 -108
- data/docs/resources/zfs_dataset.md.erb +0 -63
- data/docs/resources/zfs_pool.md.erb +0 -57
- data/docs/shared/matcher_be.md.erb +0 -1
- data/docs/shared/matcher_cmp.md.erb +0 -43
- data/docs/shared/matcher_eq.md.erb +0 -3
- data/docs/shared/matcher_include.md.erb +0 -1
- data/docs/shared/matcher_match.md.erb +0 -1
- data/docs/shell.md +0 -217
- data/docs/style.md +0 -178
- data/examples/README.md +0 -8
- data/examples/custom-resource/README.md +0 -3
- data/examples/custom-resource/controls/example.rb +0 -7
- data/examples/custom-resource/inspec.yml +0 -8
- data/examples/custom-resource/libraries/batsignal.rb +0 -20
- data/examples/custom-resource/libraries/gordon.rb +0 -21
- data/examples/inheritance/README.md +0 -65
- data/examples/inheritance/controls/example.rb +0 -14
- data/examples/inheritance/inspec.yml +0 -16
- data/examples/kitchen-ansible/.kitchen.yml +0 -25
- data/examples/kitchen-ansible/Gemfile +0 -19
- data/examples/kitchen-ansible/README.md +0 -53
- data/examples/kitchen-ansible/files/nginx.repo +0 -6
- data/examples/kitchen-ansible/tasks/main.yml +0 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
- data/examples/kitchen-chef/.kitchen.yml +0 -20
- data/examples/kitchen-chef/Berksfile +0 -3
- data/examples/kitchen-chef/Gemfile +0 -19
- data/examples/kitchen-chef/README.md +0 -27
- data/examples/kitchen-chef/metadata.rb +0 -7
- data/examples/kitchen-chef/recipes/default.rb +0 -6
- data/examples/kitchen-chef/recipes/nginx.rb +0 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
- data/examples/kitchen-puppet/.kitchen.yml +0 -23
- data/examples/kitchen-puppet/Gemfile +0 -20
- data/examples/kitchen-puppet/Puppetfile +0 -25
- data/examples/kitchen-puppet/README.md +0 -53
- data/examples/kitchen-puppet/manifests/site.pp +0 -33
- data/examples/kitchen-puppet/metadata.json +0 -11
- data/examples/kitchen-puppet/modules/.gitkeep +0 -0
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
- data/examples/meta-profile/README.md +0 -37
- data/examples/meta-profile/controls/example.rb +0 -13
- data/examples/meta-profile/inspec.yml +0 -13
- data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
- data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
- data/examples/plugins/inspec-resource-lister/README.md +0 -62
- data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
- data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
- data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
- data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
- data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
- data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
- data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
- data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
- data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
- data/examples/profile-attribute.yml +0 -2
- data/examples/profile-attribute/README.md +0 -14
- data/examples/profile-attribute/controls/example.rb +0 -11
- data/examples/profile-attribute/inspec.yml +0 -8
- data/examples/profile-sensitive/README.md +0 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
- data/examples/profile-sensitive/controls/sensitive.rb +0 -9
- data/examples/profile-sensitive/inspec.yml +0 -8
- data/examples/profile/README.md +0 -48
- data/examples/profile/controls/example.rb +0 -24
- data/examples/profile/controls/gordon.rb +0 -36
- data/examples/profile/controls/meta.rb +0 -36
- data/examples/profile/inspec.yml +0 -11
- data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,51 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the rabbitmq_config Resource
|
3
|
-
platform: linux
|
4
|
-
---
|
5
|
-
|
6
|
-
# rabbitmq_config
|
7
|
-
|
8
|
-
Use the `rabbitmq_config` InSpec audit resource to test configuration data for the RabbitMQ daemon located at `/etc/rabbitmq/rabbitmq.config` on Linux and Unix platforms.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Availability
|
13
|
-
|
14
|
-
### Installation
|
15
|
-
|
16
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
-
|
18
|
-
### Version
|
19
|
-
|
20
|
-
This resource first became available in v1.20.0 of InSpec.
|
21
|
-
|
22
|
-
## Syntax
|
23
|
-
|
24
|
-
A `rabbitmq_config` resource block declares the RabbitMQ configuration data to be tested:
|
25
|
-
|
26
|
-
describe rabbitmq_config.params('rabbit', 'ssl_listeners') do
|
27
|
-
it { should cmp 5671 }
|
28
|
-
end
|
29
|
-
|
30
|
-
where
|
31
|
-
|
32
|
-
* `params` is the list of parameters configured in the RabbitMQ config file
|
33
|
-
* `{ should cmp 5671 }` tests the value of `rabbit.ssl_listeners` as read from `rabbitmq.config` versus the value declared in the test
|
34
|
-
|
35
|
-
<br>
|
36
|
-
|
37
|
-
## Examples
|
38
|
-
|
39
|
-
The following examples show how to use this InSpec audit resource.
|
40
|
-
|
41
|
-
### Test the list of TCP listeners
|
42
|
-
|
43
|
-
describe rabbitmq_config.params('rabbit', 'tcp_listeners') do
|
44
|
-
it { should eq [5672] }
|
45
|
-
end
|
46
|
-
|
47
|
-
<br>
|
48
|
-
|
49
|
-
## Matchers
|
50
|
-
|
51
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
@@ -1,197 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the registry_key Resource
|
3
|
-
platform: windows
|
4
|
-
---
|
5
|
-
|
6
|
-
# registry_key
|
7
|
-
|
8
|
-
Use the `registry_key` InSpec audit resource to test key values in the Windows registry.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Availability
|
13
|
-
|
14
|
-
### Installation
|
15
|
-
|
16
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
-
|
18
|
-
### Version
|
19
|
-
|
20
|
-
This resource first became available in v1.0.0 of InSpec.
|
21
|
-
|
22
|
-
## Syntax
|
23
|
-
|
24
|
-
A `registry_key` resource block declares the item in the Windows registry, the path to a setting under that item, and then one (or more) name/value pairs to be tested.
|
25
|
-
|
26
|
-
Use a registry key name and path:
|
27
|
-
|
28
|
-
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do
|
29
|
-
its('Start') { should eq 2 }
|
30
|
-
end
|
31
|
-
|
32
|
-
Use only a registry key path:
|
33
|
-
|
34
|
-
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do
|
35
|
-
its('Start') { should eq 2 }
|
36
|
-
end
|
37
|
-
|
38
|
-
Or use a Ruby Hash:
|
39
|
-
|
40
|
-
describe registry_key({
|
41
|
-
name: 'Task Scheduler',
|
42
|
-
hive: 'HKEY_LOCAL_MACHINE',
|
43
|
-
key: '\SYSTEM\CurrentControlSet\services\Schedule'
|
44
|
-
}) do
|
45
|
-
its('Start') { should eq 2 }
|
46
|
-
end
|
47
|
-
|
48
|
-
|
49
|
-
### Registry Key Path Separators
|
50
|
-
|
51
|
-
A Windows registry key can be used as a string in Ruby code, such as when a registry key is used as the name of a recipe. In Ruby, when a registry key is enclosed in a double-quoted string (`" "`), the same backslash character (`\`) that is used to define the registry key path separator is also used in Ruby to define an escape character. Therefore, the registry key path separators must be escaped when they are enclosed in a double-quoted string. For example, the following registry key:
|
52
|
-
|
53
|
-
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Themes
|
54
|
-
|
55
|
-
may be enclosed in a single-quoted string with a single backslash:
|
56
|
-
|
57
|
-
'HKCU\SOFTWARE\path\to\key\Themes'
|
58
|
-
|
59
|
-
or may be enclosed in a double-quoted string with an extra backslash as an escape character:
|
60
|
-
|
61
|
-
"HKCU\\SOFTWARE\\path\\to\\key\\Themes"
|
62
|
-
|
63
|
-
|
64
|
-
<p class="warning">
|
65
|
-
Please make sure that you use backslashes instead of forward slashes. Forward slashes will not work for registry keys.
|
66
|
-
</p>
|
67
|
-
|
68
|
-
# The following will not work:
|
69
|
-
# describe registry_key('HKLM/SOFTWARE/Microsoft/NET Framework Setup/NDP/v4/Full/1033') do
|
70
|
-
# its('Release') { should eq 378675 }
|
71
|
-
# end
|
72
|
-
# You should use:
|
73
|
-
describe registry_key('HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\1033') do
|
74
|
-
its('Release') { should eq 378675 }
|
75
|
-
end
|
76
|
-
|
77
|
-
<br>
|
78
|
-
|
79
|
-
## Examples
|
80
|
-
|
81
|
-
The following examples show how to use this InSpec audit resource.
|
82
|
-
|
83
|
-
### Test the start time for the Schedule service
|
84
|
-
|
85
|
-
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\...\Schedule') do
|
86
|
-
its('Start') { should eq 2 }
|
87
|
-
end
|
88
|
-
|
89
|
-
where `'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule'` is the full path to the setting.
|
90
|
-
|
91
|
-
### Use a regular expression in responses
|
92
|
-
|
93
|
-
describe registry_key({
|
94
|
-
hive: 'HKEY_LOCAL_MACHINE',
|
95
|
-
key: 'SOFTWARE\Microsoft\Windows NT\CurrentVersion'
|
96
|
-
}) do
|
97
|
-
its('ProductName') { should match /^[a-zA-Z0-9\(\)\s]*2012\s[rR]2[a-zA-Z0-9\(\)\s]*$/ }
|
98
|
-
end
|
99
|
-
|
100
|
-
<br>
|
101
|
-
|
102
|
-
## Matchers
|
103
|
-
|
104
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
105
|
-
|
106
|
-
### children
|
107
|
-
|
108
|
-
The `children` matcher return all of the child items of a registry key. A regular expression may be used to filter child items:
|
109
|
-
|
110
|
-
describe registry_key('Key Name', '\path\to\key').children(regex)
|
111
|
-
...
|
112
|
-
end
|
113
|
-
|
114
|
-
For example, to get all child items for a registry key:
|
115
|
-
|
116
|
-
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet').children do
|
117
|
-
it { should_not eq [] }
|
118
|
-
end
|
119
|
-
|
120
|
-
The following example shows how find a property that may exist against multiple registry keys, and then test that property for every registry key in which that property is located:
|
121
|
-
|
122
|
-
describe registry_key({
|
123
|
-
hive: 'HKEY_USERS'
|
124
|
-
}).children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}\\Software\\Policies\\Microsoft\\Windows\\Installer/).each { |key|
|
125
|
-
describe registry_key(key) do
|
126
|
-
its('AlwaysInstallElevated') { should eq 'value' }
|
127
|
-
end
|
128
|
-
}
|
129
|
-
|
130
|
-
### exist
|
131
|
-
|
132
|
-
The `exist` matcher tests if the registry key is present:
|
133
|
-
|
134
|
-
it { should exist }
|
135
|
-
|
136
|
-
### have_property
|
137
|
-
|
138
|
-
The `have_property` matcher tests if a property exists for a registry key:
|
139
|
-
|
140
|
-
it { should have_property 'value' }
|
141
|
-
|
142
|
-
### have\_property\_value
|
143
|
-
|
144
|
-
The `have_property_value` matcher tests if a property value exists for a registry key:
|
145
|
-
|
146
|
-
it { should have_property_value 'value' }
|
147
|
-
|
148
|
-
### have_value
|
149
|
-
|
150
|
-
The `have_value` matcher tests if a value exists for a registry key:
|
151
|
-
|
152
|
-
it { should have_value 'value' }
|
153
|
-
|
154
|
-
### name
|
155
|
-
|
156
|
-
The `name` matcher tests the value for the specified registry setting:
|
157
|
-
|
158
|
-
its('name') { should eq 'value' }
|
159
|
-
|
160
|
-
|
161
|
-
<p class="warning">
|
162
|
-
Any name with a dot will not work as expected: <code>its('explorer.exe') { should eq 'test' }</code>. For details, see <a href="https://github.com/inspec/inspec/issues/1281">https://github.com/inspec/inspec/issues/1281</a>
|
163
|
-
</p>
|
164
|
-
|
165
|
-
# instead of:
|
166
|
-
# its('explorer.exe') { should eq 'test' }
|
167
|
-
# either use have_property_value...
|
168
|
-
it { should have_property_value('explorer.exe', :string, 'test') }
|
169
|
-
|
170
|
-
# ...or provide the name in an array
|
171
|
-
its(['explorer.exe']) { should eq 'test' }
|
172
|
-
|
173
|
-
The latter workaround may be preferable because upon failure, Inspec will present the expected and actual values:
|
174
|
-
|
175
|
-
inspec> describe registry_key('HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop') do
|
176
|
-
inspec> its(["SCRNSAVE.EXE"]) { should eq "FlyingToasters.scr" }
|
177
|
-
inspec> end
|
178
|
-
|
179
|
-
Profile: inspec-shell
|
180
|
-
Version: (not specified)
|
181
|
-
|
182
|
-
Registry Key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop
|
183
|
-
× ["SCRNSAVE.EXE"] should eq "FlyingToasters.scr"
|
184
|
-
|
185
|
-
expected: "FlyingToasters.scr"
|
186
|
-
got: "scrnsave.scr"
|
187
|
-
|
188
|
-
(compared using ==)
|
189
|
-
|
190
|
-
|
191
|
-
Test Summary: 0 successful, 1 failure, 0 skipped
|
192
|
-
|
193
|
-
`have_property_value` only presents a false assertion:
|
194
|
-
|
195
|
-
Registry Key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop
|
196
|
-
× should have property value "SCRNSAVE.EXE", "FlyingToasters.scr"
|
197
|
-
expected #has_property_value?("SCRNSAVE.EXE", "FlyingToasters.scr") to return true, got false
|
@@ -1,67 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the runit_service Resource
|
3
|
-
platform: linux
|
4
|
-
---
|
5
|
-
|
6
|
-
# runit_service
|
7
|
-
|
8
|
-
Use the `runit_service` InSpec audit resource to test a service using runit.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Availability
|
13
|
-
|
14
|
-
### Installation
|
15
|
-
|
16
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
-
|
18
|
-
### Version
|
19
|
-
|
20
|
-
This resource first became available in v1.0.0 of InSpec.
|
21
|
-
|
22
|
-
## Syntax
|
23
|
-
|
24
|
-
A `runit_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
|
25
|
-
|
26
|
-
describe runit_service('service_name') do
|
27
|
-
it { should be_installed }
|
28
|
-
it { should be_enabled }
|
29
|
-
it { should be_running }
|
30
|
-
end
|
31
|
-
|
32
|
-
where
|
33
|
-
|
34
|
-
* `('service_name')` must specify a service name
|
35
|
-
* `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
|
36
|
-
|
37
|
-
The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example:
|
38
|
-
|
39
|
-
describe runit_service('service_name', '/path/to/control') do
|
40
|
-
it { should be_enabled }
|
41
|
-
it { should be_installed }
|
42
|
-
it { should be_running }
|
43
|
-
end
|
44
|
-
|
45
|
-
<br>
|
46
|
-
|
47
|
-
## Matchers
|
48
|
-
|
49
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
50
|
-
|
51
|
-
### be_enabled
|
52
|
-
|
53
|
-
The `be_enabled` matcher tests if the named service is enabled:
|
54
|
-
|
55
|
-
it { should be_enabled }
|
56
|
-
|
57
|
-
### be_installed
|
58
|
-
|
59
|
-
The `be_installed` matcher tests if the named service is installed:
|
60
|
-
|
61
|
-
it { should be_installed }
|
62
|
-
|
63
|
-
### be_running
|
64
|
-
|
65
|
-
The `be_running` matcher tests if the named service is running:
|
66
|
-
|
67
|
-
it { should be_running }
|
@@ -1,57 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the security_policy Resource
|
3
|
-
platform: windows
|
4
|
-
---
|
5
|
-
|
6
|
-
# security_policy
|
7
|
-
|
8
|
-
Use the `security_policy` InSpec audit resource to test security policies on the Windows platform.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Availability
|
13
|
-
|
14
|
-
### Installation
|
15
|
-
|
16
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
-
|
18
|
-
### Version
|
19
|
-
|
20
|
-
This resource first became available in v1.0.0 of InSpec.
|
21
|
-
|
22
|
-
## Syntax
|
23
|
-
|
24
|
-
A `security_policy` resource block declares the name of a security policy and the value to be tested:
|
25
|
-
|
26
|
-
describe security_policy do
|
27
|
-
its('policy_name') { should eq 'value' }
|
28
|
-
end
|
29
|
-
|
30
|
-
where
|
31
|
-
|
32
|
-
* `'policy_name'` must specify a security policy
|
33
|
-
* `{ should eq 'value' }` tests the value of `policy_name` against the value declared in the test
|
34
|
-
|
35
|
-
<br>
|
36
|
-
|
37
|
-
## Examples
|
38
|
-
|
39
|
-
The following examples show how to use this InSpec audit resource.
|
40
|
-
|
41
|
-
### Verify that only the Administrators group has remote access
|
42
|
-
|
43
|
-
describe security_policy do
|
44
|
-
its('SeRemoteInteractiveLogonRight') { should eq '*S-1-5-32-544' }
|
45
|
-
end
|
46
|
-
|
47
|
-
<br>
|
48
|
-
|
49
|
-
## Matchers
|
50
|
-
|
51
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
52
|
-
|
53
|
-
### policy_name
|
54
|
-
|
55
|
-
The `policy_name` matcher must be the name of a security policy:
|
56
|
-
|
57
|
-
its('SeNetworkLogonRight') { should eq '*S-1-5-11' }
|
@@ -1,131 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the service Resource
|
3
|
-
platform: os
|
4
|
-
---
|
5
|
-
|
6
|
-
# service
|
7
|
-
|
8
|
-
Use the `service` InSpec audit resource to test if the named service is installed, running and/or enabled.
|
9
|
-
|
10
|
-
Under some circumstances, it may be necessary to specify the service manager by using one of the following service manager-specific resources: `bsd_service`, `launchd_service`, `runit_service`, `systemd_service`, `sysv_service`, or `upstart_service`. These resources are based on the `service` resource.
|
11
|
-
|
12
|
-
<br>
|
13
|
-
|
14
|
-
## Availability
|
15
|
-
|
16
|
-
### Installation
|
17
|
-
|
18
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
19
|
-
|
20
|
-
### Version
|
21
|
-
|
22
|
-
This resource first became available in v1.0.0 of InSpec.
|
23
|
-
|
24
|
-
## Syntax
|
25
|
-
|
26
|
-
A `service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
|
27
|
-
|
28
|
-
describe service('service_name') do
|
29
|
-
it { should be_installed }
|
30
|
-
it { should be_enabled }
|
31
|
-
it { should be_running }
|
32
|
-
end
|
33
|
-
|
34
|
-
where
|
35
|
-
|
36
|
-
* `('service_name')` must specify a service name
|
37
|
-
* `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource
|
38
|
-
|
39
|
-
<br>
|
40
|
-
|
41
|
-
## Examples
|
42
|
-
|
43
|
-
The following examples show how to use this InSpec audit resource.
|
44
|
-
|
45
|
-
### Test if the postgresql service is both running and enabled
|
46
|
-
|
47
|
-
describe service('postgresql') do
|
48
|
-
it { should be_enabled }
|
49
|
-
it { should be_running }
|
50
|
-
end
|
51
|
-
|
52
|
-
### Test if the mysql service is both running and enabled
|
53
|
-
|
54
|
-
describe service('mysqld') do
|
55
|
-
it { should be_enabled }
|
56
|
-
it { should be_running }
|
57
|
-
end
|
58
|
-
|
59
|
-
### Test if ClamAV (an antivirus engine) is installed and running
|
60
|
-
|
61
|
-
describe package('clamav') do
|
62
|
-
it { should be_installed }
|
63
|
-
its('version') { should eq '0.98.7' }
|
64
|
-
end
|
65
|
-
|
66
|
-
describe service('clamd') do
|
67
|
-
it { should_not be_enabled }
|
68
|
-
it { should_not be_installed }
|
69
|
-
it { should_not be_running }
|
70
|
-
end
|
71
|
-
|
72
|
-
### Test Unix System V run levels
|
73
|
-
|
74
|
-
On targets that are using SystemV services, the existing run levels can also be checked:
|
75
|
-
|
76
|
-
describe service('sshd').runlevels do
|
77
|
-
its('keys') { should include(2) }
|
78
|
-
end
|
79
|
-
|
80
|
-
describe service('sshd').runlevels(2,4) do
|
81
|
-
it { should be_enabled }
|
82
|
-
end
|
83
|
-
|
84
|
-
### Override the service manager
|
85
|
-
|
86
|
-
Under some circumstances, it may be required to override the logic in place to select the right service manager. For example, to check a service managed by Upstart:
|
87
|
-
|
88
|
-
describe upstart_service('service') do
|
89
|
-
it { should_not be_enabled }
|
90
|
-
it { should be_installed }
|
91
|
-
it { should be_running }
|
92
|
-
end
|
93
|
-
|
94
|
-
This is also possible with `systemd_service`, `runit_service`, `sysv_service`, `bsd_service`, and `launchd_service`. Provide the control command when it is not to be found at the default location. For example, if the `sv` command for services managed by runit is not in the `PATH`:
|
95
|
-
|
96
|
-
describe runit_service('service', '/opt/chef/embedded/sbin/sv') do
|
97
|
-
it { should be_enabled }
|
98
|
-
it { should be_installed }
|
99
|
-
it { should be_running }
|
100
|
-
end
|
101
|
-
|
102
|
-
### Verify that IIS is running
|
103
|
-
|
104
|
-
describe service('W3SVC') do
|
105
|
-
it { should be_installed }
|
106
|
-
it { should be_running }
|
107
|
-
end
|
108
|
-
|
109
|
-
<br>
|
110
|
-
|
111
|
-
## Matchers
|
112
|
-
|
113
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
114
|
-
|
115
|
-
### be_enabled
|
116
|
-
|
117
|
-
The `be_enabled` matcher tests if the named service is enabled:
|
118
|
-
|
119
|
-
it { should be_enabled }
|
120
|
-
|
121
|
-
### be_installed
|
122
|
-
|
123
|
-
The `be_installed` matcher tests if the named service is installed:
|
124
|
-
|
125
|
-
it { should be_installed }
|
126
|
-
|
127
|
-
### be_running
|
128
|
-
|
129
|
-
The `be_running` matcher tests if the named service is running:
|
130
|
-
|
131
|
-
it { should be_running }
|