inspec-core 2.3.10 → 2.3.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +34 -13
- data/etc/plugin_filters.json +25 -0
- data/inspec-core.gemspec +1 -1
- data/lib/bundles/inspec-compliance/api.rb +3 -0
- data/lib/bundles/inspec-compliance/configuration.rb +3 -0
- data/lib/bundles/inspec-compliance/http.rb +3 -0
- data/lib/bundles/inspec-compliance/support.rb +3 -0
- data/lib/bundles/inspec-compliance/target.rb +3 -0
- data/lib/inspec/objects/attribute.rb +3 -0
- data/lib/inspec/plugin/v2.rb +3 -0
- data/lib/inspec/plugin/v2/filter.rb +62 -0
- data/lib/inspec/plugin/v2/installer.rb +21 -1
- data/lib/inspec/plugin/v2/loader.rb +4 -0
- data/lib/inspec/profile.rb +3 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
- data/lib/resources/package.rb +1 -1
- metadata +4 -197
- data/docs/.gitignore +0 -2
- data/docs/README.md +0 -41
- data/docs/dev/control-eval.md +0 -62
- data/docs/dev/filtertable-internals.md +0 -353
- data/docs/dev/filtertable-usage.md +0 -533
- data/docs/dev/integration-testing.md +0 -31
- data/docs/dev/plugins.md +0 -323
- data/docs/dsl_inspec.md +0 -354
- data/docs/dsl_resource.md +0 -100
- data/docs/glossary.md +0 -381
- data/docs/habitat.md +0 -193
- data/docs/inspec_and_friends.md +0 -114
- data/docs/matchers.md +0 -161
- data/docs/migration.md +0 -293
- data/docs/platforms.md +0 -119
- data/docs/plugin_kitchen_inspec.md +0 -60
- data/docs/plugins.md +0 -57
- data/docs/profiles.md +0 -576
- data/docs/reporters.md +0 -170
- data/docs/resources/aide_conf.md.erb +0 -86
- data/docs/resources/apache.md.erb +0 -77
- data/docs/resources/apache_conf.md.erb +0 -78
- data/docs/resources/apt.md.erb +0 -81
- data/docs/resources/audit_policy.md.erb +0 -57
- data/docs/resources/auditd.md.erb +0 -89
- data/docs/resources/auditd_conf.md.erb +0 -78
- data/docs/resources/bash.md.erb +0 -85
- data/docs/resources/bond.md.erb +0 -100
- data/docs/resources/bridge.md.erb +0 -67
- data/docs/resources/bsd_service.md.erb +0 -77
- data/docs/resources/chocolatey_package.md.erb +0 -68
- data/docs/resources/command.md.erb +0 -176
- data/docs/resources/cpan.md.erb +0 -89
- data/docs/resources/cran.md.erb +0 -74
- data/docs/resources/crontab.md.erb +0 -103
- data/docs/resources/csv.md.erb +0 -64
- data/docs/resources/dh_params.md.erb +0 -221
- data/docs/resources/directory.md.erb +0 -40
- data/docs/resources/docker.md.erb +0 -240
- data/docs/resources/docker_container.md.erb +0 -113
- data/docs/resources/docker_image.md.erb +0 -104
- data/docs/resources/docker_plugin.md.erb +0 -80
- data/docs/resources/docker_service.md.erb +0 -124
- data/docs/resources/elasticsearch.md.erb +0 -252
- data/docs/resources/etc_fstab.md.erb +0 -135
- data/docs/resources/etc_group.md.erb +0 -85
- data/docs/resources/etc_hosts.md.erb +0 -88
- data/docs/resources/etc_hosts_allow.md.erb +0 -84
- data/docs/resources/etc_hosts_deny.md.erb +0 -84
- data/docs/resources/file.md.erb +0 -543
- data/docs/resources/filesystem.md.erb +0 -51
- data/docs/resources/firewalld.md.erb +0 -117
- data/docs/resources/gem.md.erb +0 -108
- data/docs/resources/group.md.erb +0 -71
- data/docs/resources/grub_conf.md.erb +0 -111
- data/docs/resources/host.md.erb +0 -96
- data/docs/resources/http.md.erb +0 -207
- data/docs/resources/iis_app.md.erb +0 -132
- data/docs/resources/iis_site.md.erb +0 -145
- data/docs/resources/inetd_conf.md.erb +0 -104
- data/docs/resources/ini.md.erb +0 -86
- data/docs/resources/interface.md.erb +0 -68
- data/docs/resources/iptables.md.erb +0 -74
- data/docs/resources/json.md.erb +0 -73
- data/docs/resources/kernel_module.md.erb +0 -130
- data/docs/resources/kernel_parameter.md.erb +0 -63
- data/docs/resources/key_rsa.md.erb +0 -95
- data/docs/resources/launchd_service.md.erb +0 -67
- data/docs/resources/limits_conf.md.erb +0 -85
- data/docs/resources/login_defs.md.erb +0 -81
- data/docs/resources/mount.md.erb +0 -79
- data/docs/resources/mssql_session.md.erb +0 -78
- data/docs/resources/mysql_conf.md.erb +0 -109
- data/docs/resources/mysql_session.md.erb +0 -84
- data/docs/resources/nginx.md.erb +0 -89
- data/docs/resources/nginx_conf.md.erb +0 -148
- data/docs/resources/npm.md.erb +0 -78
- data/docs/resources/ntp_conf.md.erb +0 -70
- data/docs/resources/oneget.md.erb +0 -63
- data/docs/resources/oracledb_session.md.erb +0 -103
- data/docs/resources/os.md.erb +0 -153
- data/docs/resources/os_env.md.erb +0 -101
- data/docs/resources/package.md.erb +0 -130
- data/docs/resources/packages.md.erb +0 -77
- data/docs/resources/parse_config.md.erb +0 -113
- data/docs/resources/parse_config_file.md.erb +0 -148
- data/docs/resources/passwd.md.erb +0 -151
- data/docs/resources/pip.md.erb +0 -77
- data/docs/resources/port.md.erb +0 -147
- data/docs/resources/postgres_conf.md.erb +0 -89
- data/docs/resources/postgres_hba_conf.md.erb +0 -103
- data/docs/resources/postgres_ident_conf.md.erb +0 -86
- data/docs/resources/postgres_session.md.erb +0 -79
- data/docs/resources/powershell.md.erb +0 -112
- data/docs/resources/processes.md.erb +0 -119
- data/docs/resources/rabbitmq_config.md.erb +0 -51
- data/docs/resources/registry_key.md.erb +0 -197
- data/docs/resources/runit_service.md.erb +0 -67
- data/docs/resources/security_policy.md.erb +0 -57
- data/docs/resources/service.md.erb +0 -131
- data/docs/resources/shadow.md.erb +0 -267
- data/docs/resources/ssh_config.md.erb +0 -83
- data/docs/resources/sshd_config.md.erb +0 -93
- data/docs/resources/ssl.md.erb +0 -129
- data/docs/resources/sys_info.md.erb +0 -52
- data/docs/resources/systemd_service.md.erb +0 -67
- data/docs/resources/sysv_service.md.erb +0 -67
- data/docs/resources/upstart_service.md.erb +0 -67
- data/docs/resources/user.md.erb +0 -150
- data/docs/resources/users.md.erb +0 -137
- data/docs/resources/vbscript.md.erb +0 -65
- data/docs/resources/virtualization.md.erb +0 -67
- data/docs/resources/windows_feature.md.erb +0 -69
- data/docs/resources/windows_hotfix.md.erb +0 -63
- data/docs/resources/windows_task.md.erb +0 -95
- data/docs/resources/wmi.md.erb +0 -91
- data/docs/resources/x509_certificate.md.erb +0 -161
- data/docs/resources/xinetd_conf.md.erb +0 -166
- data/docs/resources/xml.md.erb +0 -95
- data/docs/resources/yaml.md.erb +0 -79
- data/docs/resources/yum.md.erb +0 -108
- data/docs/resources/zfs_dataset.md.erb +0 -63
- data/docs/resources/zfs_pool.md.erb +0 -57
- data/docs/shared/matcher_be.md.erb +0 -1
- data/docs/shared/matcher_cmp.md.erb +0 -43
- data/docs/shared/matcher_eq.md.erb +0 -3
- data/docs/shared/matcher_include.md.erb +0 -1
- data/docs/shared/matcher_match.md.erb +0 -1
- data/docs/shell.md +0 -217
- data/docs/style.md +0 -178
- data/examples/README.md +0 -8
- data/examples/custom-resource/README.md +0 -3
- data/examples/custom-resource/controls/example.rb +0 -7
- data/examples/custom-resource/inspec.yml +0 -8
- data/examples/custom-resource/libraries/batsignal.rb +0 -20
- data/examples/custom-resource/libraries/gordon.rb +0 -21
- data/examples/inheritance/README.md +0 -65
- data/examples/inheritance/controls/example.rb +0 -14
- data/examples/inheritance/inspec.yml +0 -16
- data/examples/kitchen-ansible/.kitchen.yml +0 -25
- data/examples/kitchen-ansible/Gemfile +0 -19
- data/examples/kitchen-ansible/README.md +0 -53
- data/examples/kitchen-ansible/files/nginx.repo +0 -6
- data/examples/kitchen-ansible/tasks/main.yml +0 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
- data/examples/kitchen-chef/.kitchen.yml +0 -20
- data/examples/kitchen-chef/Berksfile +0 -3
- data/examples/kitchen-chef/Gemfile +0 -19
- data/examples/kitchen-chef/README.md +0 -27
- data/examples/kitchen-chef/metadata.rb +0 -7
- data/examples/kitchen-chef/recipes/default.rb +0 -6
- data/examples/kitchen-chef/recipes/nginx.rb +0 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
- data/examples/kitchen-puppet/.kitchen.yml +0 -23
- data/examples/kitchen-puppet/Gemfile +0 -20
- data/examples/kitchen-puppet/Puppetfile +0 -25
- data/examples/kitchen-puppet/README.md +0 -53
- data/examples/kitchen-puppet/manifests/site.pp +0 -33
- data/examples/kitchen-puppet/metadata.json +0 -11
- data/examples/kitchen-puppet/modules/.gitkeep +0 -0
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
- data/examples/meta-profile/README.md +0 -37
- data/examples/meta-profile/controls/example.rb +0 -13
- data/examples/meta-profile/inspec.yml +0 -13
- data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
- data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
- data/examples/plugins/inspec-resource-lister/README.md +0 -62
- data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
- data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
- data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
- data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
- data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
- data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
- data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
- data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
- data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
- data/examples/profile-attribute.yml +0 -2
- data/examples/profile-attribute/README.md +0 -14
- data/examples/profile-attribute/controls/example.rb +0 -11
- data/examples/profile-attribute/inspec.yml +0 -8
- data/examples/profile-sensitive/README.md +0 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
- data/examples/profile-sensitive/controls/sensitive.rb +0 -9
- data/examples/profile-sensitive/inspec.yml +0 -8
- data/examples/profile/README.md +0 -48
- data/examples/profile/controls/example.rb +0 -24
- data/examples/profile/controls/gordon.rb +0 -36
- data/examples/profile/controls/meta.rb +0 -36
- data/examples/profile/inspec.yml +0 -11
- data/examples/profile/libraries/gordon_config.rb +0 -59
data/docs/reporters.md
DELETED
@@ -1,170 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: InSpec Reporters
|
3
|
-
---
|
4
|
-
|
5
|
-
# InSpec Reporters
|
6
|
-
|
7
|
-
Introduced in InSpec 1.51.6
|
8
|
-
|
9
|
-
InSpec allows you to output your test results to one or more reporters. You can configure the reporter(s) using either the `--json-config` option or the `--reporter` option. While you can configure multiple reporters to write to different files, only one reporter can output to the screen(stdout).
|
10
|
-
|
11
|
-
## Syntax
|
12
|
-
|
13
|
-
You can specify one or more reporters using the `--reporter` cli flag. You can also specify a output by appending a path separated by a colon.
|
14
|
-
|
15
|
-
Output json to screen.
|
16
|
-
|
17
|
-
```bash
|
18
|
-
inspec exec --reporter json
|
19
|
-
or
|
20
|
-
inspec exec --reporter json:-
|
21
|
-
```
|
22
|
-
|
23
|
-
Output yaml to screen
|
24
|
-
|
25
|
-
```bash
|
26
|
-
inspec exec --reporter yaml
|
27
|
-
or
|
28
|
-
inspec exec --reporter yaml:-
|
29
|
-
```
|
30
|
-
|
31
|
-
Output cli to screen and write json to a file.
|
32
|
-
|
33
|
-
```bash
|
34
|
-
inspec exec --reporter cli json:/tmp/output.json
|
35
|
-
```
|
36
|
-
|
37
|
-
Output nothing to screen and write junit and html to a file.
|
38
|
-
|
39
|
-
```bash
|
40
|
-
inspec exec --reporter junit:/tmp/junit.xml html:www/index.html
|
41
|
-
```
|
42
|
-
|
43
|
-
Output json to screen and write to a file. Write junit to a file.
|
44
|
-
|
45
|
-
```bash
|
46
|
-
inspec exec --reporter json junit:/tmp/junit.xml | tee out.json
|
47
|
-
```
|
48
|
-
|
49
|
-
If you are using the cli option `--json-config` you can also set reporters.
|
50
|
-
|
51
|
-
Output cli to screen.
|
52
|
-
|
53
|
-
```json
|
54
|
-
{
|
55
|
-
"reporter": {
|
56
|
-
"cli" : {
|
57
|
-
"stdout" : true
|
58
|
-
}
|
59
|
-
}
|
60
|
-
}
|
61
|
-
```
|
62
|
-
|
63
|
-
Output cli to screen and write json to a file.
|
64
|
-
|
65
|
-
```json
|
66
|
-
{
|
67
|
-
"reporter": {
|
68
|
-
"cli" : {
|
69
|
-
"stdout" : true
|
70
|
-
},
|
71
|
-
"json" : {
|
72
|
-
"file" : "/tmp/output.json",
|
73
|
-
"stdout" : false
|
74
|
-
}
|
75
|
-
}
|
76
|
-
}
|
77
|
-
```
|
78
|
-
|
79
|
-
## Supported Reporters
|
80
|
-
|
81
|
-
The following are the current supported reporters:
|
82
|
-
|
83
|
-
### cli
|
84
|
-
|
85
|
-
This is the basic text base report. It includes details about which tests passed and failed and includes an overall summary at the end.
|
86
|
-
|
87
|
-
### json
|
88
|
-
|
89
|
-
This reporter includes all information about the profiles and test results in standard json format.
|
90
|
-
|
91
|
-
### json-min
|
92
|
-
|
93
|
-
This reporter is a redacted version of the json and only includes test results.
|
94
|
-
|
95
|
-
### yaml
|
96
|
-
|
97
|
-
This reporter includes all information about the profiles and test results in standard yaml format.
|
98
|
-
|
99
|
-
### documentation
|
100
|
-
|
101
|
-
This reporter is a very minimal text base report. It shows you which tests passed by name and has a small summary at the end.
|
102
|
-
|
103
|
-
### junit
|
104
|
-
|
105
|
-
This reporter outputs the standard junit spec in xml format.
|
106
|
-
|
107
|
-
### progress
|
108
|
-
|
109
|
-
This reporter is very condensed and gives you a `.`(pass), `f`(fail), or `*`(skip) character per test and a small summary at the end.
|
110
|
-
|
111
|
-
### json-rspec
|
112
|
-
|
113
|
-
This reporter includes all information from the rspec runner. Unlike the json reporter this includes rspec specific details.
|
114
|
-
|
115
|
-
### html
|
116
|
-
|
117
|
-
This renders html code to view your tests in a browser. It includes all the test and summary information.
|
118
|
-
|
119
|
-
## Automate Reporter
|
120
|
-
|
121
|
-
The automate reporter type is a special reporter used with the Automate 2 suite. To use this reporter you must pass in the correct configuration via a json config `--json-config`.
|
122
|
-
|
123
|
-
Example config:
|
124
|
-
|
125
|
-
```json
|
126
|
-
"reporter": {
|
127
|
-
"automate" : {
|
128
|
-
"stdout" : false,
|
129
|
-
"url" : "https://YOUR_A2_URL/data-collector/v0/",
|
130
|
-
"token" : "YOUR_A2_ADMIN_TOKEN",
|
131
|
-
"insecure" : true,
|
132
|
-
"node_name" : "inspec_test_node",
|
133
|
-
"environment" : "prod"
|
134
|
-
}
|
135
|
-
}
|
136
|
-
```
|
137
|
-
|
138
|
-
### Mandatory fields
|
139
|
-
|
140
|
-
#### stdout
|
141
|
-
|
142
|
-
This will either suppress or show the automate report in the CLI screen on completion
|
143
|
-
|
144
|
-
#### url
|
145
|
-
|
146
|
-
This is your Automate 2 url. Append `data-collector/v0/` at the end.
|
147
|
-
|
148
|
-
#### token
|
149
|
-
|
150
|
-
This is your Automate 2 token. You can generate this token by navigating to the admin tab of A2 and then api keys.
|
151
|
-
|
152
|
-
### Optional fields
|
153
|
-
|
154
|
-
#### insecure
|
155
|
-
|
156
|
-
This will disable or enable the ssl check when accessing the Automate 2 instance.
|
157
|
-
|
158
|
-
PLEASE NOTE: These fields are ONLY needed if you do not have chef-client attached to a chef server running on your node. The fields below will be automatically pulled from the chef server.
|
159
|
-
|
160
|
-
#### node_name
|
161
|
-
|
162
|
-
This will be the node name which shows up in Automate 2.
|
163
|
-
|
164
|
-
#### node_uuid
|
165
|
-
|
166
|
-
This overrides the node uuid sent up to Automate 2. On non-chef nodes we will try to generate a static node uuid for you from your hardware. This will almost never be needed unless your working with a unique virtual setup.
|
167
|
-
|
168
|
-
#### environment
|
169
|
-
|
170
|
-
This will set the environment metadata for Automate 2.
|
@@ -1,86 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: The aide_conf Resource
|
3
|
-
platform: linux
|
4
|
-
---
|
5
|
-
|
6
|
-
# aide_conf
|
7
|
-
|
8
|
-
Use the `aide_conf` InSpec audit resource to test the rules established for the file integrity tool AIDE. Controlled by the aide.conf file typically at /etc/aide.conf.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Availability
|
13
|
-
|
14
|
-
### Installation
|
15
|
-
|
16
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
-
|
18
|
-
### Version
|
19
|
-
|
20
|
-
This resource first became available in v1.37.6 of InSpec.
|
21
|
-
|
22
|
-
## Syntax
|
23
|
-
|
24
|
-
An `aide_conf` resource block can be used to determine if the selection lines contain one (or more) directories whose files should be added to the aide database:
|
25
|
-
|
26
|
-
describe aide_conf('path') do
|
27
|
-
its('selection_lines') { should include '/sbin' }
|
28
|
-
end
|
29
|
-
|
30
|
-
where
|
31
|
-
|
32
|
-
* `'selection_lines'` refers to all selection lines found in the aide.conf file
|
33
|
-
* `('path')` is the non-default path to the `aide.conf` file (optional)
|
34
|
-
* `should include 'value'` is the value that is expected
|
35
|
-
|
36
|
-
Use the where clause to match a selection_line to one rule or a particular set of rules found in the aide.conf file:
|
37
|
-
|
38
|
-
describe aide_conf.where { selection_line == '/bin' } do
|
39
|
-
its('rules.flatten') { should include 'r' }
|
40
|
-
end
|
41
|
-
|
42
|
-
describe aide_conf.where { selection_line == '/sbin' } do
|
43
|
-
its('rules') { should include ['p', 'i', 'l', 'n', 'u', 'g', 'sha512'] }
|
44
|
-
end
|
45
|
-
|
46
|
-
<br>
|
47
|
-
|
48
|
-
## Properties
|
49
|
-
|
50
|
-
* `conf_path`, `content`, `rules`, `all_have_rule`
|
51
|
-
|
52
|
-
<br>
|
53
|
-
|
54
|
-
## Property Examples
|
55
|
-
|
56
|
-
The following examples show how to use this InSpec audit resource.
|
57
|
-
|
58
|
-
### Test if all selection lines contain the xattr rule
|
59
|
-
|
60
|
-
describe aide_conf.all_have_rule('xattr') do
|
61
|
-
it { should eq true }
|
62
|
-
end
|
63
|
-
|
64
|
-
### Test whether selection line for /bin contains a particular rule
|
65
|
-
|
66
|
-
describe aide_conf.where { selection_line == '/bin' } do
|
67
|
-
its('rules.flatten') { should include 'r' }
|
68
|
-
end
|
69
|
-
|
70
|
-
### Test whether selection line for /sbin consists of a particular set of rules
|
71
|
-
|
72
|
-
describe aide_conf.where { selection_line == '/sbin' } do
|
73
|
-
its('rules') { should include ['r', 'sha512'] }
|
74
|
-
end
|
75
|
-
|
76
|
-
### The usage of all\_have\_rule will return whether or not all selection lines in audit.conf contain a particular rule:
|
77
|
-
|
78
|
-
describe aide_conf.all_have_rule('sha512') do
|
79
|
-
it { should eq true }
|
80
|
-
end
|
81
|
-
|
82
|
-
<br>
|
83
|
-
|
84
|
-
## Matchers
|
85
|
-
|
86
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
@@ -1,77 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the apache Resource
|
3
|
-
platform: linux
|
4
|
-
---
|
5
|
-
|
6
|
-
# apache
|
7
|
-
|
8
|
-
Use the `apache` InSpec audit resource to test the state of the Apache server on Linux/Unix systems.
|
9
|
-
|
10
|
-
<p class="warning">This resource is deprecated and should not be used. It will be removed in InSpec 3.0.</p>
|
11
|
-
|
12
|
-
<br>
|
13
|
-
|
14
|
-
## Availability
|
15
|
-
|
16
|
-
### Installation
|
17
|
-
|
18
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
19
|
-
|
20
|
-
### Version
|
21
|
-
|
22
|
-
This resource first became available in v1.51.15 of InSpec.
|
23
|
-
|
24
|
-
## Syntax
|
25
|
-
|
26
|
-
An `apache` InSpec audit resource block declares settings that should be tested:
|
27
|
-
|
28
|
-
describe apache do
|
29
|
-
its('setting_name') { should cmp 'value' }
|
30
|
-
end
|
31
|
-
|
32
|
-
where
|
33
|
-
|
34
|
-
* `'setting_name'` is description of the Apache configuration file
|
35
|
-
* `{ should cmp 'value' }` is the value that is expected
|
36
|
-
|
37
|
-
<br>
|
38
|
-
|
39
|
-
## Properties
|
40
|
-
|
41
|
-
* `service`, `conf_dir`, `conf_path`, `user`
|
42
|
-
|
43
|
-
<br>
|
44
|
-
|
45
|
-
## Property Examples
|
46
|
-
|
47
|
-
The following examples show how to use this InSpec audit resource.
|
48
|
-
|
49
|
-
### Test the service name.
|
50
|
-
|
51
|
-
describe apache do
|
52
|
-
its ('service') { should cmp 'apache2' }
|
53
|
-
end
|
54
|
-
|
55
|
-
### Test the configuration location
|
56
|
-
|
57
|
-
describe apache do
|
58
|
-
its ('conf_dir') { should cmp '/etc/apache2' }
|
59
|
-
end
|
60
|
-
|
61
|
-
### Test the path of the configuration file
|
62
|
-
|
63
|
-
describe apache do
|
64
|
-
its ('conf_path') { should cmp '/etc/apache2/apache2.conf' }
|
65
|
-
end
|
66
|
-
|
67
|
-
### Test the apache user
|
68
|
-
|
69
|
-
describe apache do
|
70
|
-
its ('user') { should cmp 'www-data' }
|
71
|
-
end
|
72
|
-
|
73
|
-
<br>
|
74
|
-
|
75
|
-
## Matchers
|
76
|
-
|
77
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
@@ -1,78 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the apache_conf Resource
|
3
|
-
platform: linux
|
4
|
-
---
|
5
|
-
|
6
|
-
# apache_conf
|
7
|
-
|
8
|
-
Use the `apache_conf` InSpec audit resource to test the configuration settings for Apache. This file is typically located under `/etc/apache2` on the Debian and Ubuntu platforms and under `/etc/httpd` on the Fedora, CentOS, RedHat Enterprise Linux, and ArchLinux platforms. The configuration settings may vary significantly from platform to platform.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Availability
|
13
|
-
|
14
|
-
### Installation
|
15
|
-
|
16
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
-
|
18
|
-
### Version
|
19
|
-
|
20
|
-
This resource first became available in v1.0.0 of InSpec.
|
21
|
-
|
22
|
-
## Syntax
|
23
|
-
|
24
|
-
An `apache_conf` InSpec audit resource block declares configuration settings that should be tested:
|
25
|
-
|
26
|
-
describe apache_conf('path') do
|
27
|
-
its('setting_name') { should eq 'value' }
|
28
|
-
end
|
29
|
-
|
30
|
-
where
|
31
|
-
|
32
|
-
* `'setting_name'` is a configuration setting defined in the Apache configuration file
|
33
|
-
* `('path')` is the non-default path to the Apache configuration file
|
34
|
-
* `{ should eq 'value' }` is the value that is expected
|
35
|
-
|
36
|
-
<br>
|
37
|
-
|
38
|
-
## Examples
|
39
|
-
|
40
|
-
The following examples show how to use this InSpec audit resource.
|
41
|
-
|
42
|
-
### Test for blocking .htaccess files on CentOS
|
43
|
-
|
44
|
-
describe apache_conf do
|
45
|
-
its('AllowOverride') { should cmp 'None' }
|
46
|
-
end
|
47
|
-
|
48
|
-
### Test ports for SSL
|
49
|
-
|
50
|
-
describe apache_conf do
|
51
|
-
its('Listen') { should cmp '443' }
|
52
|
-
end
|
53
|
-
|
54
|
-
### Test multiple ports are listening
|
55
|
-
|
56
|
-
describe apache_conf do
|
57
|
-
its('Listen') { should =~ [ '80', '443' ] }
|
58
|
-
end
|
59
|
-
|
60
|
-
<br>
|
61
|
-
|
62
|
-
## Matchers
|
63
|
-
|
64
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
65
|
-
This InSpec audit resource matches any service that is listed in the Apache configuration file:
|
66
|
-
|
67
|
-
its('PidFile') { should_not eq '/var/run/httpd.pid' }
|
68
|
-
|
69
|
-
or:
|
70
|
-
|
71
|
-
its('Timeout') { should cmp '300' }
|
72
|
-
|
73
|
-
For example:
|
74
|
-
|
75
|
-
describe apache_conf do
|
76
|
-
its('MaxClients') { should cmp '100' }
|
77
|
-
its('Listen') { should cmp '443' }
|
78
|
-
end
|
data/docs/resources/apt.md.erb
DELETED
@@ -1,81 +0,0 @@
|
|
1
|
-
---
|
2
|
-
title: About the apt Resource
|
3
|
-
platform: linux
|
4
|
-
---
|
5
|
-
|
6
|
-
# apt
|
7
|
-
|
8
|
-
Use the `apt` InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Availability
|
13
|
-
|
14
|
-
### Installation
|
15
|
-
|
16
|
-
This resource is distributed along with InSpec itself. You can use it automatically.
|
17
|
-
|
18
|
-
### Version
|
19
|
-
|
20
|
-
This resource first became available in v1.0.0 of InSpec.
|
21
|
-
|
22
|
-
## Syntax
|
23
|
-
|
24
|
-
An `apt` resource block tests the contents of Apt and PPA repositories:
|
25
|
-
|
26
|
-
describe apt('path') do
|
27
|
-
it { should exist }
|
28
|
-
it { should be_enabled }
|
29
|
-
end
|
30
|
-
|
31
|
-
where
|
32
|
-
|
33
|
-
* `apt('path')` must specify an Apt or PPA repository
|
34
|
-
* `('path')` may be an `http://` address, a `ppa:` address, or a short `repo-name/ppa` address
|
35
|
-
* `exist` and `be_enabled` are a valid matchers for this resource
|
36
|
-
|
37
|
-
<br>
|
38
|
-
|
39
|
-
## Examples
|
40
|
-
|
41
|
-
The following examples show how to use this InSpec audit resource.
|
42
|
-
|
43
|
-
### Test if apt repository exists and is enabled
|
44
|
-
|
45
|
-
describe apt('http://ppa.launchpad.net/juju/stable/ubuntu') do
|
46
|
-
it { should exist }
|
47
|
-
it { should be_enabled }
|
48
|
-
end
|
49
|
-
|
50
|
-
### Verify that a PPA repository exists and is enabled
|
51
|
-
|
52
|
-
describe apt('ppa:nginx/stable') do
|
53
|
-
it { should exist }
|
54
|
-
it { should be_enabled }
|
55
|
-
end
|
56
|
-
|
57
|
-
### Verify that a repository is not present
|
58
|
-
|
59
|
-
describe apt('ubuntu-wine/ppa') do
|
60
|
-
it { should_not exist }
|
61
|
-
it { should_not be_enabled }
|
62
|
-
end
|
63
|
-
|
64
|
-
<br>
|
65
|
-
|
66
|
-
## Matchers
|
67
|
-
|
68
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
69
|
-
|
70
|
-
|
71
|
-
### be_enabled
|
72
|
-
|
73
|
-
The `be_enabled` matcher tests if a package exists in the repository:
|
74
|
-
|
75
|
-
it { should be_enabled }
|
76
|
-
|
77
|
-
### exist
|
78
|
-
|
79
|
-
The `exist` matcher tests if a package exists on the system:
|
80
|
-
|
81
|
-
it { should exist }
|