inspec-core 3.7.1 → 3.7.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/inspec/config.rb +12 -0
- data/lib/inspec/shell.rb +2 -15
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-habitat/Berksfile +5 -0
- data/lib/plugins/inspec-habitat/README.md +150 -0
- data/lib/plugins/inspec-habitat/kitchen.yml +28 -0
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +9 -9
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +164 -280
- data/lib/plugins/inspec-habitat/templates/habitat/config/inspec_exec_config.json.erb +25 -0
- data/lib/plugins/inspec-habitat/templates/habitat/default.toml.erb +9 -0
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +32 -0
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +85 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +2 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/files/hab_setup.exp +28 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +9 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +61 -0
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +38 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +40 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +7 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +188 -132
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +12 -0
- data/lib/resources/aide_conf.rb +2 -2
- data/lib/resources/apache.rb +2 -2
- data/lib/resources/apache_conf.rb +2 -2
- data/lib/resources/apt.rb +2 -2
- data/lib/resources/audit_policy.rb +2 -2
- data/lib/resources/auditd.rb +2 -2
- data/lib/resources/auditd_conf.rb +2 -2
- data/lib/resources/bash.rb +2 -2
- data/lib/resources/bond.rb +2 -2
- data/lib/resources/bridge.rb +2 -2
- data/lib/resources/chocolatey_package.rb +2 -2
- data/lib/resources/command.rb +2 -2
- data/lib/resources/cpan.rb +2 -2
- data/lib/resources/cran.rb +2 -2
- data/lib/resources/crontab.rb +2 -2
- data/lib/resources/csv.rb +2 -2
- data/lib/resources/dh_params.rb +2 -2
- data/lib/resources/directory.rb +2 -2
- data/lib/resources/docker.rb +2 -2
- data/lib/resources/docker_container.rb +2 -2
- data/lib/resources/docker_image.rb +2 -2
- data/lib/resources/docker_plugin.rb +2 -2
- data/lib/resources/docker_service.rb +2 -2
- data/lib/resources/elasticsearch.rb +2 -2
- data/lib/resources/etc_fstab.rb +2 -2
- data/lib/resources/etc_group.rb +2 -2
- data/lib/resources/etc_hosts.rb +2 -2
- data/lib/resources/etc_hosts_allow_deny.rb +4 -4
- data/lib/resources/file.rb +2 -2
- data/lib/resources/filesystem.rb +2 -2
- data/lib/resources/firewalld.rb +2 -2
- data/lib/resources/gem.rb +2 -2
- data/lib/resources/groups.rb +4 -4
- data/lib/resources/grub_conf.rb +2 -2
- data/lib/resources/host.rb +2 -2
- data/lib/resources/http.rb +25 -5
- data/lib/resources/iis_app.rb +2 -2
- data/lib/resources/iis_app_pool.rb +6 -3
- data/lib/resources/iis_site.rb +4 -4
- data/lib/resources/inetd_conf.rb +2 -2
- data/lib/resources/ini.rb +2 -2
- data/lib/resources/interface.rb +2 -2
- data/lib/resources/iptables.rb +2 -2
- data/lib/resources/json.rb +2 -3
- data/lib/resources/kernel_module.rb +17 -18
- data/lib/resources/kernel_parameter.rb +2 -2
- data/lib/resources/key_rsa.rb +2 -2
- data/lib/resources/ksh.rb +2 -2
- data/lib/resources/limits_conf.rb +2 -2
- data/lib/resources/login_def.rb +2 -2
- data/lib/resources/mount.rb +2 -2
- data/lib/resources/mssql_session.rb +2 -2
- data/lib/resources/mysql_conf.rb +2 -2
- data/lib/resources/mysql_session.rb +2 -2
- data/lib/resources/nginx.rb +2 -2
- data/lib/resources/nginx_conf.rb +2 -2
- data/lib/resources/npm.rb +2 -2
- data/lib/resources/ntp_conf.rb +2 -2
- data/lib/resources/oneget.rb +2 -2
- data/lib/resources/oracledb_session.rb +2 -2
- data/lib/resources/os.rb +2 -2
- data/lib/resources/os_env.rb +2 -2
- data/lib/resources/package.rb +2 -2
- data/lib/resources/packages.rb +2 -2
- data/lib/resources/parse_config.rb +4 -4
- data/lib/resources/passwd.rb +2 -2
- data/lib/resources/pip.rb +2 -2
- data/lib/resources/platform.rb +2 -2
- data/lib/resources/port.rb +2 -2
- data/lib/resources/postgres_conf.rb +2 -2
- data/lib/resources/postgres_hba_conf.rb +2 -2
- data/lib/resources/postgres_ident_conf.rb +2 -2
- data/lib/resources/postgres_session.rb +2 -2
- data/lib/resources/powershell.rb +2 -2
- data/lib/resources/processes.rb +2 -2
- data/lib/resources/rabbitmq_conf.rb +2 -2
- data/lib/resources/registry_key.rb +2 -2
- data/lib/resources/security_identifier.rb +2 -2
- data/lib/resources/security_policy.rb +2 -2
- data/lib/resources/service.rb +14 -14
- data/lib/resources/shadow.rb +2 -2
- data/lib/resources/ssh_conf.rb +4 -4
- data/lib/resources/ssl.rb +2 -2
- data/lib/resources/sys_info.rb +2 -2
- data/lib/resources/toml.rb +2 -2
- data/lib/resources/users.rb +4 -4
- data/lib/resources/vbscript.rb +2 -2
- data/lib/resources/virtualization.rb +2 -2
- data/lib/resources/windows_feature.rb +2 -2
- data/lib/resources/windows_hotfix.rb +2 -2
- data/lib/resources/windows_task.rb +2 -2
- data/lib/resources/wmi.rb +2 -2
- data/lib/resources/x509_certificate.rb +2 -2
- data/lib/resources/xinetd.rb +2 -2
- data/lib/resources/xml.rb +2 -2
- data/lib/resources/yaml.rb +2 -2
- data/lib/resources/yum.rb +2 -2
- data/lib/resources/zfs_dataset.rb +2 -2
- data/lib/resources/zfs_pool.rb +2 -2
- metadata +36 -4
@@ -74,6 +74,18 @@ class InitCli < MiniTest::Test
|
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
77
|
+
def test_generating_inspec_profile_azure
|
78
|
+
Dir.mktmpdir do |dir|
|
79
|
+
profile = File.join(dir, 'test-azure-profile')
|
80
|
+
out = run_inspec_process("init profile --platform azure test-azure-profile", prefix: "cd #{dir} &&")
|
81
|
+
assert_equal 0, out.exit_status
|
82
|
+
assert_includes out.stdout, 'Creating new profile at'
|
83
|
+
assert_includes out.stdout, profile
|
84
|
+
assert_includes Dir.entries(profile).join, 'inspec.yml'
|
85
|
+
assert_includes Dir.entries(profile).join, 'README.md'
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
77
89
|
def test_generating_inspec_profile_os
|
78
90
|
Dir.mktmpdir do |dir|
|
79
91
|
profile = File.join(dir, 'test-os-profile')
|
data/lib/resources/aide_conf.rb
CHANGED
@@ -9,7 +9,7 @@ module Inspec::Resources
|
|
9
9
|
supports platform: 'unix'
|
10
10
|
desc 'Use the aide_conf InSpec audit resource to test the rules established for
|
11
11
|
the file integrity tool AIDE. Controlled by the aide.conf file typically at /etc/aide.conf.'
|
12
|
-
example
|
12
|
+
example <<~EXAMPLE
|
13
13
|
describe aide_conf do
|
14
14
|
its('selection_lines') { should include '/sbin' }
|
15
15
|
end
|
@@ -21,7 +21,7 @@ module Inspec::Resources
|
|
21
21
|
describe aide_conf.all_have_rule('sha512') do
|
22
22
|
it { should eq true }
|
23
23
|
end
|
24
|
-
|
24
|
+
EXAMPLE
|
25
25
|
|
26
26
|
attr_reader :params
|
27
27
|
|
data/lib/resources/apache.rb
CHANGED
@@ -6,7 +6,7 @@ module Inspec::Resources
|
|
6
6
|
name 'apache'
|
7
7
|
supports platform: 'unix'
|
8
8
|
desc 'Use the apache InSpec audit resource to retrieve Apache environment settings.'
|
9
|
-
example
|
9
|
+
example <<~EXAMPLE
|
10
10
|
describe apache do
|
11
11
|
its ('service') { should cmp 'apache2' }
|
12
12
|
end
|
@@ -22,7 +22,7 @@ module Inspec::Resources
|
|
22
22
|
describe apache do
|
23
23
|
its ('user') { should cmp 'www-data' }
|
24
24
|
end
|
25
|
-
|
25
|
+
EXAMPLE
|
26
26
|
|
27
27
|
attr_reader :service, :conf_dir, :conf_path, :user
|
28
28
|
def initialize
|
@@ -11,11 +11,11 @@ module Inspec::Resources
|
|
11
11
|
supports platform: 'linux'
|
12
12
|
supports platform: 'debian'
|
13
13
|
desc 'Use the apache_conf InSpec audit resource to test the configuration settings for Apache. This file is typically located under /etc/apache2 on the Debian and Ubuntu platforms and under /etc/httpd on the Fedora, CentOS, Red Hat Enterprise Linux, and Arch Linux platforms. The configuration settings may vary significantly from platform to platform.'
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe apache_conf do
|
16
16
|
its('setting_name') { should eq 'value' }
|
17
17
|
end
|
18
|
-
|
18
|
+
EXAMPLE
|
19
19
|
|
20
20
|
include FindFiles
|
21
21
|
include FileReader
|
data/lib/resources/apt.rb
CHANGED
@@ -31,12 +31,12 @@ module Inspec::Resources
|
|
31
31
|
name 'apt'
|
32
32
|
supports platform: 'unix'
|
33
33
|
desc 'Use the apt InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform.'
|
34
|
-
example
|
34
|
+
example <<~EXAMPLE
|
35
35
|
describe apt('nginx/stable') do
|
36
36
|
it { should exist }
|
37
37
|
it { should be_enabled }
|
38
38
|
end
|
39
|
-
|
39
|
+
EXAMPLE
|
40
40
|
|
41
41
|
def initialize(ppa_name)
|
42
42
|
@deb_url = nil
|
@@ -26,11 +26,11 @@ module Inspec::Resources
|
|
26
26
|
name 'audit_policy'
|
27
27
|
supports platform: 'windows'
|
28
28
|
desc 'Use the audit_policy InSpec audit resource to test auditing policies on the Microsoft Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to No Auditing, Not Specified, Success, Success and Failure, or Failure.'
|
29
|
-
example
|
29
|
+
example <<~EXAMPLE
|
30
30
|
describe audit_policy do
|
31
31
|
its('parameter') { should eq 'value' }
|
32
32
|
end
|
33
|
-
|
33
|
+
EXAMPLE
|
34
34
|
|
35
35
|
def method_missing(method)
|
36
36
|
key = method.to_s
|
data/lib/resources/auditd.rb
CHANGED
@@ -14,7 +14,7 @@ module Inspec::Resources
|
|
14
14
|
name 'auditd'
|
15
15
|
supports platform: 'unix'
|
16
16
|
desc 'Use the auditd InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command.'
|
17
|
-
example
|
17
|
+
example <<~EXAMPLE
|
18
18
|
describe auditd.syscall('chown').where {arch == 'b32'} do
|
19
19
|
its('action') { should eq ['always'] }
|
20
20
|
its('list') { should eq ['exit'] }
|
@@ -27,7 +27,7 @@ module Inspec::Resources
|
|
27
27
|
describe auditd do
|
28
28
|
its('lines') { should include %r(-w /etc/ssh/sshd_config) }
|
29
29
|
end
|
30
|
-
|
30
|
+
EXAMPLE
|
31
31
|
|
32
32
|
def initialize
|
33
33
|
unless inspec.command('/sbin/auditctl').exist?
|
@@ -9,11 +9,11 @@ module Inspec::Resources
|
|
9
9
|
name 'auditd_conf'
|
10
10
|
supports platform: 'unix'
|
11
11
|
desc "Use the auditd_conf InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under /etc/audit/auditd.conf' on UNIX and Linux platforms."
|
12
|
-
example
|
12
|
+
example <<~EXAMPLE
|
13
13
|
describe auditd_conf do
|
14
14
|
its('space_left_action') { should eq 'email' }
|
15
15
|
end
|
16
|
-
|
16
|
+
EXAMPLE
|
17
17
|
|
18
18
|
include FileReader
|
19
19
|
|
data/lib/resources/bash.rb
CHANGED
@@ -8,7 +8,7 @@ module Inspec::Resources
|
|
8
8
|
name 'bash'
|
9
9
|
supports platform: 'unix'
|
10
10
|
desc 'Run a command or script in BASH.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe bash('ls -al /') do
|
13
13
|
its('stdout') { should match /bin/ }
|
14
14
|
its('stderr') { should eq '' }
|
@@ -20,7 +20,7 @@ module Inspec::Resources
|
|
20
20
|
|
21
21
|
# Specify arguments (defaults to -c)
|
22
22
|
bash('...', args: '-x -c')
|
23
|
-
|
23
|
+
EXAMPLE
|
24
24
|
|
25
25
|
def initialize(command, options = {})
|
26
26
|
@raw_command = command
|
data/lib/resources/bond.rb
CHANGED
@@ -8,11 +8,11 @@ module Inspec::Resources
|
|
8
8
|
name 'bond'
|
9
9
|
supports platform: 'unix'
|
10
10
|
desc 'Use the bond InSpec audit resource to test a logical, bonded network interface (i.e. "two or more network interfaces aggregated into a single, logical network interface"). On Linux platforms, any value in the /proc/net/bonding directory may be tested.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe bond('bond0') do
|
13
13
|
it { should exist }
|
14
14
|
end
|
15
|
-
|
15
|
+
EXAMPLE
|
16
16
|
|
17
17
|
include FileReader
|
18
18
|
|
data/lib/resources/bridge.rb
CHANGED
@@ -11,12 +11,12 @@ module Inspec::Resources
|
|
11
11
|
name 'bridge'
|
12
12
|
supports platform: 'unix'
|
13
13
|
desc 'Use the bridge InSpec audit resource to test basic network bridge properties, such as name, if an interface is defined, and the associations for any defined interface.'
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe bridge 'br0' do
|
16
16
|
it { should exist }
|
17
17
|
it { should have_interface 'eth0' }
|
18
18
|
end
|
19
|
-
|
19
|
+
EXAMPLE
|
20
20
|
|
21
21
|
def initialize(bridge_name)
|
22
22
|
@bridge_name = bridge_name
|
@@ -7,12 +7,12 @@ module Inspec::Resources
|
|
7
7
|
name 'chocolatey_package'
|
8
8
|
supports platform: 'windows'
|
9
9
|
desc 'Use the chocolatey_package InSpec audit resource to test if the named package and/or package version is installed on the system.'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe chocolatey_package('git') do
|
12
12
|
it { should be_installed }
|
13
13
|
its('version') { should eq '2.15.1' }
|
14
14
|
end
|
15
|
-
|
15
|
+
EXAMPLE
|
16
16
|
|
17
17
|
attr_reader :package_name
|
18
18
|
|
data/lib/resources/command.rb
CHANGED
@@ -7,7 +7,7 @@ module Inspec::Resources
|
|
7
7
|
supports platform: 'unix'
|
8
8
|
supports platform: 'windows'
|
9
9
|
desc 'Use the command InSpec audit resource to test an arbitrary command that is run on the system.'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe command('ls -al /') do
|
12
12
|
its('stdout') { should match /bin/ }
|
13
13
|
its('stderr') { should eq '' }
|
@@ -18,7 +18,7 @@ module Inspec::Resources
|
|
18
18
|
describe command('ls') do
|
19
19
|
it { should exist }
|
20
20
|
end
|
21
|
-
|
21
|
+
EXAMPLE
|
22
22
|
|
23
23
|
attr_reader :command
|
24
24
|
|
data/lib/resources/cpan.rb
CHANGED
@@ -11,11 +11,11 @@ module Inspec::Resources
|
|
11
11
|
name 'cpan'
|
12
12
|
supports platform: 'unix'
|
13
13
|
desc 'Use the `cpan` InSpec audit resource to test Perl modules that are installed by system packages or the CPAN installer.'
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe cpan('DBD::Pg') do
|
16
16
|
it { should be_installed }
|
17
17
|
end
|
18
|
-
|
18
|
+
EXAMPLE
|
19
19
|
|
20
20
|
def initialize(package_name, perl_lib_path = nil)
|
21
21
|
@package_name = package_name
|
data/lib/resources/cran.rb
CHANGED
@@ -11,11 +11,11 @@ module Inspec::Resources
|
|
11
11
|
name 'cran'
|
12
12
|
supports platform: 'unix'
|
13
13
|
desc 'Use the `cran` InSpec audit resource to test R modules that are installed from CRAN package repository.'
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe cran('DBI') do
|
16
16
|
it { should be_installed }
|
17
17
|
end
|
18
|
-
|
18
|
+
EXAMPLE
|
19
19
|
|
20
20
|
def initialize(package_name)
|
21
21
|
@package_name = package_name
|
data/lib/resources/crontab.rb
CHANGED
@@ -8,7 +8,7 @@ module Inspec::Resources
|
|
8
8
|
name 'crontab'
|
9
9
|
supports platform: 'unix'
|
10
10
|
desc 'Use the crontab InSpec audit resource to test the contents of the crontab for a given user which contains information about scheduled tasks owned by that user.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe crontab(user: 'root') do
|
13
13
|
its('commands') { should include '/path/to/some/script' }
|
14
14
|
end
|
@@ -29,7 +29,7 @@ module Inspec::Resources
|
|
29
29
|
describe crontab(path: '/etc/cron.d/some_crontab') do
|
30
30
|
its('commands') { should include '/path/to/some/script' }
|
31
31
|
end
|
32
|
-
|
32
|
+
EXAMPLE
|
33
33
|
|
34
34
|
attr_reader :params
|
35
35
|
|
data/lib/resources/csv.rb
CHANGED
@@ -7,11 +7,11 @@ module Inspec::Resources
|
|
7
7
|
class CsvConfig < JsonConfig
|
8
8
|
name 'csv'
|
9
9
|
desc 'Use the csv InSpec audit resource to test configuration data in a CSV file.'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe csv('example.csv') do
|
12
12
|
its('name') { should eq(['John', 'Alice']) }
|
13
13
|
end
|
14
|
-
|
14
|
+
EXAMPLE
|
15
15
|
|
16
16
|
# override the parse method from JsonConfig
|
17
17
|
# Assuming a header row of name,col1,col2, it will output an array of hashes like so:
|
data/lib/resources/dh_params.rb
CHANGED
@@ -11,7 +11,7 @@ class DhParams < Inspec.resource(1)
|
|
11
11
|
parameters.
|
12
12
|
'
|
13
13
|
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe dh_params('/path/to/file.dh_pem') do
|
16
16
|
it { should be_dh_params }
|
17
17
|
it { should be_valid }
|
@@ -21,7 +21,7 @@ class DhParams < Inspec.resource(1)
|
|
21
21
|
its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
|
22
22
|
its('text') { should eq 'PKCS#3 DH Parameters: (2048 bit)...' }
|
23
23
|
end
|
24
|
-
|
24
|
+
EXAMPLE
|
25
25
|
|
26
26
|
include FileReader
|
27
27
|
|
data/lib/resources/directory.rb
CHANGED
@@ -8,11 +8,11 @@ module Inspec::Resources
|
|
8
8
|
supports platform: 'unix'
|
9
9
|
supports platform: 'windows'
|
10
10
|
desc 'Use the directory InSpec audit resource to test if the file type is a directory. This is equivalent to using the file InSpec audit resource and the be_directory matcher, but provides a simpler and more direct way to test directories. All of the matchers available to file may be used with directory.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe directory('path') do
|
13
13
|
it { should be_directory }
|
14
14
|
end
|
15
|
-
|
15
|
+
EXAMPLE
|
16
16
|
|
17
17
|
def exist?
|
18
18
|
file.exist? && file.directory?
|
data/lib/resources/docker.rb
CHANGED
@@ -94,7 +94,7 @@ module Inspec::Resources
|
|
94
94
|
A resource to retrieve information about docker
|
95
95
|
"
|
96
96
|
|
97
|
-
example
|
97
|
+
example <<~EXAMPLE
|
98
98
|
describe docker.containers do
|
99
99
|
its('images') { should_not include 'u12:latest' }
|
100
100
|
end
|
@@ -127,7 +127,7 @@ module Inspec::Resources
|
|
127
127
|
its(%w(HostConfig Privileged)) { should_not cmp true }
|
128
128
|
end
|
129
129
|
end
|
130
|
-
|
130
|
+
EXAMPLE
|
131
131
|
|
132
132
|
def containers
|
133
133
|
DockerContainerFilter.new(parse_containers)
|
@@ -11,7 +11,7 @@ module Inspec::Resources
|
|
11
11
|
name 'docker_container'
|
12
12
|
supports platform: 'unix'
|
13
13
|
desc ''
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe docker_container('an-echo-server') do
|
16
16
|
it { should exist }
|
17
17
|
it { should be_running }
|
@@ -28,7 +28,7 @@ module Inspec::Resources
|
|
28
28
|
it { should exist }
|
29
29
|
it { should be_running }
|
30
30
|
end
|
31
|
-
|
31
|
+
EXAMPLE
|
32
32
|
|
33
33
|
def initialize(opts = {})
|
34
34
|
# if a string is provided, we expect it is the name
|
@@ -11,7 +11,7 @@ module Inspec::Resources
|
|
11
11
|
name 'docker_image'
|
12
12
|
supports platform: 'unix'
|
13
13
|
desc ''
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe docker_image('alpine:latest') do
|
16
16
|
it { should exist }
|
17
17
|
its('id') { should_not eq '' }
|
@@ -27,7 +27,7 @@ module Inspec::Resources
|
|
27
27
|
describe docker_image(id: '4a415e366388') do
|
28
28
|
it { should exist }
|
29
29
|
end
|
30
|
-
|
30
|
+
EXAMPLE
|
31
31
|
|
32
32
|
def initialize(opts = {})
|
33
33
|
# do sanitizion of input values
|
@@ -5,7 +5,7 @@ module Inspec::Resources
|
|
5
5
|
name 'docker_plugin'
|
6
6
|
supports platform: 'unix'
|
7
7
|
desc 'Retrieves info about docker plugins'
|
8
|
-
example
|
8
|
+
example <<~EXAMPLE
|
9
9
|
describe docker_plugin('rexray/ebs') do
|
10
10
|
it { should exist }
|
11
11
|
its('id') { should_not eq '0ac30b93ad40' }
|
@@ -20,7 +20,7 @@ module Inspec::Resources
|
|
20
20
|
describe docker_plugin(id: '4a415e366388') do
|
21
21
|
it { should exist }
|
22
22
|
end
|
23
|
-
|
23
|
+
EXAMPLE
|
24
24
|
|
25
25
|
def initialize(opts = {})
|
26
26
|
# do sanitizion of input values
|
@@ -11,7 +11,7 @@ module Inspec::Resources
|
|
11
11
|
name 'docker_service'
|
12
12
|
supports platform: 'unix'
|
13
13
|
desc 'Swarm-mode service'
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe docker_service('service1') do
|
16
16
|
it { should exist }
|
17
17
|
its('id') { should_not eq '' }
|
@@ -27,7 +27,7 @@ module Inspec::Resources
|
|
27
27
|
describe docker_service(image: 'alpine:latest') do
|
28
28
|
it { should exist }
|
29
29
|
end
|
30
|
-
|
30
|
+
EXAMPLE
|
31
31
|
|
32
32
|
def initialize(opts = {})
|
33
33
|
# do sanitizion of input values
|
@@ -11,7 +11,7 @@ module Inspec::Resources
|
|
11
11
|
desc "Use the Elasticsearch InSpec audit resource to test the status of nodes in
|
12
12
|
an Elasticsearch cluster."
|
13
13
|
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe elasticsearch('http://eshost.mycompany.biz:9200/', username: 'elastic', password: 'changeme', ssl_verify: false) do
|
16
16
|
its('node_count') { should >= 3 }
|
17
17
|
end
|
@@ -21,7 +21,7 @@ module Inspec::Resources
|
|
21
21
|
its('os') { should_not include 'MacOS' }
|
22
22
|
its('version') { should cmp > 1.2.0 }
|
23
23
|
end
|
24
|
-
|
24
|
+
EXAMPLE
|
25
25
|
|
26
26
|
filter = FilterTable.create
|
27
27
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
data/lib/resources/etc_fstab.rb
CHANGED
@@ -9,7 +9,7 @@ module Inspec::Resources
|
|
9
9
|
name 'etc_fstab'
|
10
10
|
supports platform: 'unix'
|
11
11
|
desc 'Use the etc_fstab InSpec audit resource to check the configuration of the etc/fstab file.'
|
12
|
-
example
|
12
|
+
example <<~EXAMPLE
|
13
13
|
nfs_systems = etc_fstab.nfs_file_systems.entries
|
14
14
|
nfs_systems.each do |file_system|
|
15
15
|
describe file_system do
|
@@ -22,7 +22,7 @@ module Inspec::Resources
|
|
22
22
|
describe etc_fstab do
|
23
23
|
its ('home_mount_options') { should include 'nosuid' }
|
24
24
|
end
|
25
|
-
|
25
|
+
EXAMPLE
|
26
26
|
|
27
27
|
attr_reader :params
|
28
28
|
|