inspec-core 3.7.1 → 3.7.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/inspec/config.rb +12 -0
- data/lib/inspec/shell.rb +2 -15
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-habitat/Berksfile +5 -0
- data/lib/plugins/inspec-habitat/README.md +150 -0
- data/lib/plugins/inspec-habitat/kitchen.yml +28 -0
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +9 -9
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +164 -280
- data/lib/plugins/inspec-habitat/templates/habitat/config/inspec_exec_config.json.erb +25 -0
- data/lib/plugins/inspec-habitat/templates/habitat/default.toml.erb +9 -0
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +32 -0
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +85 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +2 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/files/hab_setup.exp +28 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +9 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +61 -0
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +38 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +40 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +7 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +188 -132
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +12 -0
- data/lib/resources/aide_conf.rb +2 -2
- data/lib/resources/apache.rb +2 -2
- data/lib/resources/apache_conf.rb +2 -2
- data/lib/resources/apt.rb +2 -2
- data/lib/resources/audit_policy.rb +2 -2
- data/lib/resources/auditd.rb +2 -2
- data/lib/resources/auditd_conf.rb +2 -2
- data/lib/resources/bash.rb +2 -2
- data/lib/resources/bond.rb +2 -2
- data/lib/resources/bridge.rb +2 -2
- data/lib/resources/chocolatey_package.rb +2 -2
- data/lib/resources/command.rb +2 -2
- data/lib/resources/cpan.rb +2 -2
- data/lib/resources/cran.rb +2 -2
- data/lib/resources/crontab.rb +2 -2
- data/lib/resources/csv.rb +2 -2
- data/lib/resources/dh_params.rb +2 -2
- data/lib/resources/directory.rb +2 -2
- data/lib/resources/docker.rb +2 -2
- data/lib/resources/docker_container.rb +2 -2
- data/lib/resources/docker_image.rb +2 -2
- data/lib/resources/docker_plugin.rb +2 -2
- data/lib/resources/docker_service.rb +2 -2
- data/lib/resources/elasticsearch.rb +2 -2
- data/lib/resources/etc_fstab.rb +2 -2
- data/lib/resources/etc_group.rb +2 -2
- data/lib/resources/etc_hosts.rb +2 -2
- data/lib/resources/etc_hosts_allow_deny.rb +4 -4
- data/lib/resources/file.rb +2 -2
- data/lib/resources/filesystem.rb +2 -2
- data/lib/resources/firewalld.rb +2 -2
- data/lib/resources/gem.rb +2 -2
- data/lib/resources/groups.rb +4 -4
- data/lib/resources/grub_conf.rb +2 -2
- data/lib/resources/host.rb +2 -2
- data/lib/resources/http.rb +25 -5
- data/lib/resources/iis_app.rb +2 -2
- data/lib/resources/iis_app_pool.rb +6 -3
- data/lib/resources/iis_site.rb +4 -4
- data/lib/resources/inetd_conf.rb +2 -2
- data/lib/resources/ini.rb +2 -2
- data/lib/resources/interface.rb +2 -2
- data/lib/resources/iptables.rb +2 -2
- data/lib/resources/json.rb +2 -3
- data/lib/resources/kernel_module.rb +17 -18
- data/lib/resources/kernel_parameter.rb +2 -2
- data/lib/resources/key_rsa.rb +2 -2
- data/lib/resources/ksh.rb +2 -2
- data/lib/resources/limits_conf.rb +2 -2
- data/lib/resources/login_def.rb +2 -2
- data/lib/resources/mount.rb +2 -2
- data/lib/resources/mssql_session.rb +2 -2
- data/lib/resources/mysql_conf.rb +2 -2
- data/lib/resources/mysql_session.rb +2 -2
- data/lib/resources/nginx.rb +2 -2
- data/lib/resources/nginx_conf.rb +2 -2
- data/lib/resources/npm.rb +2 -2
- data/lib/resources/ntp_conf.rb +2 -2
- data/lib/resources/oneget.rb +2 -2
- data/lib/resources/oracledb_session.rb +2 -2
- data/lib/resources/os.rb +2 -2
- data/lib/resources/os_env.rb +2 -2
- data/lib/resources/package.rb +2 -2
- data/lib/resources/packages.rb +2 -2
- data/lib/resources/parse_config.rb +4 -4
- data/lib/resources/passwd.rb +2 -2
- data/lib/resources/pip.rb +2 -2
- data/lib/resources/platform.rb +2 -2
- data/lib/resources/port.rb +2 -2
- data/lib/resources/postgres_conf.rb +2 -2
- data/lib/resources/postgres_hba_conf.rb +2 -2
- data/lib/resources/postgres_ident_conf.rb +2 -2
- data/lib/resources/postgres_session.rb +2 -2
- data/lib/resources/powershell.rb +2 -2
- data/lib/resources/processes.rb +2 -2
- data/lib/resources/rabbitmq_conf.rb +2 -2
- data/lib/resources/registry_key.rb +2 -2
- data/lib/resources/security_identifier.rb +2 -2
- data/lib/resources/security_policy.rb +2 -2
- data/lib/resources/service.rb +14 -14
- data/lib/resources/shadow.rb +2 -2
- data/lib/resources/ssh_conf.rb +4 -4
- data/lib/resources/ssl.rb +2 -2
- data/lib/resources/sys_info.rb +2 -2
- data/lib/resources/toml.rb +2 -2
- data/lib/resources/users.rb +4 -4
- data/lib/resources/vbscript.rb +2 -2
- data/lib/resources/virtualization.rb +2 -2
- data/lib/resources/windows_feature.rb +2 -2
- data/lib/resources/windows_hotfix.rb +2 -2
- data/lib/resources/windows_task.rb +2 -2
- data/lib/resources/wmi.rb +2 -2
- data/lib/resources/x509_certificate.rb +2 -2
- data/lib/resources/xinetd.rb +2 -2
- data/lib/resources/xml.rb +2 -2
- data/lib/resources/yaml.rb +2 -2
- data/lib/resources/yum.rb +2 -2
- data/lib/resources/zfs_dataset.rb +2 -2
- data/lib/resources/zfs_pool.rb +2 -2
- metadata +36 -4
data/lib/resources/etc_group.rb
CHANGED
@@ -30,13 +30,13 @@ module Inspec::Resources
|
|
30
30
|
name 'etc_group'
|
31
31
|
supports platform: 'unix'
|
32
32
|
desc 'Use the etc_group InSpec audit resource to test groups that are defined on Linux and UNIX platforms. The /etc/group file stores details about each group---group name, password, group identifier, along with a comma-separate list of users that belong to the group.'
|
33
|
-
example
|
33
|
+
example <<~EXAMPLE
|
34
34
|
describe etc_group do
|
35
35
|
its('gids') { should_not contain_duplicates }
|
36
36
|
its('groups') { should include 'my_user' }
|
37
37
|
its('users') { should include 'my_user' }
|
38
38
|
end
|
39
|
-
|
39
|
+
EXAMPLE
|
40
40
|
|
41
41
|
include FileReader
|
42
42
|
|
data/lib/resources/etc_hosts.rb
CHANGED
@@ -10,13 +10,13 @@ class EtcHosts < Inspec.resource(1)
|
|
10
10
|
supports platform: 'windows'
|
11
11
|
desc 'Use the etc_hosts InSpec audit resource to find an
|
12
12
|
ip_address and its associated hosts'
|
13
|
-
example
|
13
|
+
example <<~EXAMPLE
|
14
14
|
describe etc_hosts.where { ip_address == '127.0.0.1' } do
|
15
15
|
its('ip_address') { should cmp '127.0.0.1' }
|
16
16
|
its('primary_name') { should cmp 'localhost' }
|
17
17
|
its('all_host_names') { should eq [['localhost', 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4']] }
|
18
18
|
end
|
19
|
-
|
19
|
+
EXAMPLE
|
20
20
|
|
21
21
|
attr_reader :params
|
22
22
|
|
@@ -9,12 +9,12 @@ module Inspec::Resources
|
|
9
9
|
supports platform: 'unix'
|
10
10
|
desc 'Use the etc_hosts_allow InSpec audit resource to test the connections
|
11
11
|
the client will allow. Controlled by the /etc/hosts.allow file.'
|
12
|
-
example
|
12
|
+
example <<~EXAMPLE
|
13
13
|
describe etc_hosts_allow.where { daemon == 'ALL' } do
|
14
14
|
its('client_list') { should include ['127.0.0.1', '[::1]'] }
|
15
15
|
its('options') { should eq [[]] }
|
16
16
|
end
|
17
|
-
|
17
|
+
EXAMPLE
|
18
18
|
|
19
19
|
attr_reader :params
|
20
20
|
|
@@ -91,12 +91,12 @@ module Inspec::Resources
|
|
91
91
|
supports platform: 'unix'
|
92
92
|
desc 'Use the etc_hosts_deny InSpec audit resource to test the connections
|
93
93
|
the client will deny. Controlled by the /etc/hosts.deny file.'
|
94
|
-
example
|
94
|
+
example <<~EXAMPLE
|
95
95
|
describe etc_hosts_deny.where { daemon_list == 'ALL' } do
|
96
96
|
its('client_list') { should eq [['127.0.0.1', '[::1]']] }
|
97
97
|
its('options') { should eq [] }
|
98
98
|
end
|
99
|
-
|
99
|
+
EXAMPLE
|
100
100
|
|
101
101
|
def initialize(path = nil)
|
102
102
|
return skip_resource '`etc_hosts_deny` is not supported on your OS' unless inspec.os.linux?
|
data/lib/resources/file.rb
CHANGED
@@ -22,7 +22,7 @@ module Inspec::Resources
|
|
22
22
|
supports platform: 'unix'
|
23
23
|
supports platform: 'windows'
|
24
24
|
desc 'Use the file InSpec audit resource to test all system file types, including files, directories, symbolic links, named pipes, sockets, character devices, block devices, and doors.'
|
25
|
-
example
|
25
|
+
example <<~EXAMPLE
|
26
26
|
describe file('path') do
|
27
27
|
it { should exist }
|
28
28
|
it { should be_file }
|
@@ -32,7 +32,7 @@ module Inspec::Resources
|
|
32
32
|
it { should be_owned_by 'root' }
|
33
33
|
its('mode') { should cmp '0644' }
|
34
34
|
end
|
35
|
-
|
35
|
+
EXAMPLE
|
36
36
|
|
37
37
|
attr_reader :file, :mount_options
|
38
38
|
def initialize(path)
|
data/lib/resources/filesystem.rb
CHANGED
@@ -4,7 +4,7 @@ module Inspec::Resources
|
|
4
4
|
supports platform: 'linux'
|
5
5
|
supports platform: 'windows'
|
6
6
|
desc 'Use the filesystem InSpec resource to test file system'
|
7
|
-
example
|
7
|
+
example <<~EXAMPLE
|
8
8
|
describe filesystem('/') do
|
9
9
|
its('size_kb') { should be >= 32000 }
|
10
10
|
its('free_kb') { should be >= 3200 }
|
@@ -17,7 +17,7 @@ module Inspec::Resources
|
|
17
17
|
its('type') { should cmp 'NTFS' }
|
18
18
|
its('percent_free') { should be >= 20 }
|
19
19
|
end
|
20
|
-
|
20
|
+
EXAMPLE
|
21
21
|
attr_reader :partition
|
22
22
|
|
23
23
|
def initialize(partition)
|
data/lib/resources/firewalld.rb
CHANGED
@@ -10,7 +10,7 @@ module Inspec::Resources
|
|
10
10
|
name 'firewalld'
|
11
11
|
supports platform: 'linux'
|
12
12
|
desc 'Use the firewalld resource to check and see if firewalld is configured to grand or deny access to specific hosts or services'
|
13
|
-
example
|
13
|
+
example <<~EXAMPLE
|
14
14
|
describe firewalld do
|
15
15
|
it { should be_running }
|
16
16
|
its('default_zone') { should eq 'public' }
|
@@ -23,7 +23,7 @@ module Inspec::Resources
|
|
23
23
|
its('sources') { should cmp ['ssh', 'icmp'] }
|
24
24
|
its('services') { should cmp ['192.168.1.0/24', '192.168.1.2'] }
|
25
25
|
end
|
26
|
-
|
26
|
+
EXAMPLE
|
27
27
|
|
28
28
|
attr_reader :params
|
29
29
|
|
data/lib/resources/gem.rb
CHANGED
@@ -6,12 +6,12 @@ module Inspec::Resources
|
|
6
6
|
supports platform: 'unix'
|
7
7
|
supports platform: 'windows'
|
8
8
|
desc 'Use the gem InSpec audit resource to test if a global gem package is installed.'
|
9
|
-
example
|
9
|
+
example <<~EXAMPLE
|
10
10
|
describe gem('rubocop') do
|
11
11
|
it { should be_installed }
|
12
12
|
its('version') { should eq '0.33.0' }
|
13
13
|
end
|
14
|
-
|
14
|
+
EXAMPLE
|
15
15
|
|
16
16
|
attr_reader :gem_binary
|
17
17
|
|
data/lib/resources/groups.rb
CHANGED
@@ -28,7 +28,7 @@ module Inspec::Resources
|
|
28
28
|
supports platform: 'unix'
|
29
29
|
supports platform: 'windows'
|
30
30
|
desc 'Use the group InSpec audit resource to test groups on the system. Groups can be filtered.'
|
31
|
-
example
|
31
|
+
example <<~EXAMPLE
|
32
32
|
describe groups.where { name == 'root'} do
|
33
33
|
its('names') { should eq ['root'] }
|
34
34
|
its('gids') { should eq [0] }
|
@@ -38,7 +38,7 @@ module Inspec::Resources
|
|
38
38
|
its('names') { should eq ['Administrators'] }
|
39
39
|
its('gids') { should eq ['S-1-5-32-544'] }
|
40
40
|
end
|
41
|
-
|
41
|
+
EXAMPLE
|
42
42
|
|
43
43
|
def initialize
|
44
44
|
# select group manager
|
@@ -80,7 +80,7 @@ module Inspec::Resources
|
|
80
80
|
supports platform: 'unix'
|
81
81
|
supports platform: 'windows'
|
82
82
|
desc 'Use the group InSpec audit resource to test groups on the system.'
|
83
|
-
example
|
83
|
+
example <<~EXAMPLE
|
84
84
|
describe group('root') do
|
85
85
|
it { should exist }
|
86
86
|
its('gid') { should eq 0 }
|
@@ -89,7 +89,7 @@ module Inspec::Resources
|
|
89
89
|
describe group('Administrators') do
|
90
90
|
its('members') { should include 'Administrator' }
|
91
91
|
end
|
92
|
-
|
92
|
+
EXAMPLE
|
93
93
|
|
94
94
|
def initialize(groupname)
|
95
95
|
@group = groupname
|
data/lib/resources/grub_conf.rb
CHANGED
@@ -7,7 +7,7 @@ class GrubConfig < Inspec.resource(1)
|
|
7
7
|
name 'grub_conf'
|
8
8
|
supports platform: 'unix'
|
9
9
|
desc 'Use the grub_conf InSpec audit resource to test the boot config of Linux systems that use Grub.'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe grub_conf('/etc/grub.conf', 'default') do
|
12
12
|
its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
|
13
13
|
its('initrd') { should include '/initramfs-2.6.32-573.el6.x86_64.img=1' }
|
@@ -19,7 +19,7 @@ class GrubConfig < Inspec.resource(1)
|
|
19
19
|
describe grub_conf('/etc/grub.conf', 'CentOS (2.6.32-573.12.1.el6.x86_64)') do
|
20
20
|
its('kernel') { should include 'audit=1' }
|
21
21
|
end
|
22
|
-
|
22
|
+
EXAMPLE
|
23
23
|
|
24
24
|
include FileReader
|
25
25
|
|
data/lib/resources/host.rb
CHANGED
@@ -30,7 +30,7 @@ module Inspec::Resources
|
|
30
30
|
supports platform: 'unix'
|
31
31
|
supports platform: 'windows'
|
32
32
|
desc 'Use the host InSpec audit resource to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available.'
|
33
|
-
example
|
33
|
+
example <<~EXAMPLE
|
34
34
|
describe host('example.com') do
|
35
35
|
it { should be_reachable }
|
36
36
|
it { should be_resolvable }
|
@@ -40,7 +40,7 @@ module Inspec::Resources
|
|
40
40
|
describe host('example.com', port: '80', protocol: 'tcp') do
|
41
41
|
it { should be_reachable }
|
42
42
|
end
|
43
|
-
|
43
|
+
EXAMPLE
|
44
44
|
|
45
45
|
attr_reader :hostname, :port, :protocol
|
46
46
|
|
data/lib/resources/http.rb
CHANGED
@@ -4,6 +4,7 @@
|
|
4
4
|
# license: Apache v2
|
5
5
|
|
6
6
|
require 'faraday'
|
7
|
+
require 'faraday_middleware'
|
7
8
|
require 'hashie'
|
8
9
|
|
9
10
|
module Inspec::Resources
|
@@ -11,7 +12,7 @@ module Inspec::Resources
|
|
11
12
|
name 'http'
|
12
13
|
supports platform: 'unix'
|
13
14
|
desc 'Use the http InSpec audit resource to test http call.'
|
14
|
-
example
|
15
|
+
example <<~EXAMPLE
|
15
16
|
describe http('http://localhost:8080/ping', auth: {user: 'user', pass: 'test'}, params: {format: 'html'}) do
|
16
17
|
its('status') { should cmp 200 }
|
17
18
|
its('body') { should cmp 'pong' }
|
@@ -22,7 +23,7 @@ module Inspec::Resources
|
|
22
23
|
its('Content-Length') { should cmp 258 }
|
23
24
|
its('Content-Type') { should cmp 'text/html; charset=UTF-8' }
|
24
25
|
end
|
25
|
-
|
26
|
+
EXAMPLE
|
26
27
|
|
27
28
|
def initialize(url, opts = {})
|
28
29
|
@url = url
|
@@ -63,7 +64,11 @@ module Inspec::Resources
|
|
63
64
|
end
|
64
65
|
|
65
66
|
def to_s
|
66
|
-
|
67
|
+
if @opts and @url
|
68
|
+
"HTTP #{http_method} on #{@url}"
|
69
|
+
else
|
70
|
+
'HTTP Resource'
|
71
|
+
end
|
67
72
|
end
|
68
73
|
|
69
74
|
class Worker
|
@@ -110,6 +115,10 @@ module Inspec::Resources
|
|
110
115
|
def ssl_verify?
|
111
116
|
opts.fetch(:ssl_verify, true)
|
112
117
|
end
|
118
|
+
|
119
|
+
def max_redirects
|
120
|
+
opts.fetch(:max_redirects, 0)
|
121
|
+
end
|
113
122
|
end
|
114
123
|
|
115
124
|
class Local < Base
|
@@ -129,7 +138,11 @@ module Inspec::Resources
|
|
129
138
|
|
130
139
|
def response
|
131
140
|
return @response if @response
|
132
|
-
conn = Faraday.new
|
141
|
+
conn = Faraday.new(url: url, headers: request_headers, params: params, ssl: { verify: ssl_verify? }) do |builder|
|
142
|
+
builder.request :url_encoded
|
143
|
+
builder.use FaradayMiddleware::FollowRedirects, limit: max_redirects if max_redirects > 0
|
144
|
+
builder.adapter Faraday.default_adapter
|
145
|
+
end
|
133
146
|
|
134
147
|
# set basic authentication
|
135
148
|
conn.basic_auth username, password unless username.nil? || password.nil?
|
@@ -187,7 +200,12 @@ module Inspec::Resources
|
|
187
200
|
response.delete!("\r")
|
188
201
|
|
189
202
|
# split the prelude (status line and headers) and the body
|
190
|
-
prelude,
|
203
|
+
prelude, remainder = response.split("\n\n", 2)
|
204
|
+
loop do
|
205
|
+
break unless remainder =~ %r{^HTTP/}
|
206
|
+
prelude, remainder = remainder.split("\n\n", 2)
|
207
|
+
end
|
208
|
+
@body = remainder
|
191
209
|
prelude = prelude.lines
|
192
210
|
|
193
211
|
# grab the status off of the first line of the prelude
|
@@ -220,6 +238,8 @@ module Inspec::Resources
|
|
220
238
|
cmd << "--user \'#{username}:#{password}\'" unless username.nil? || password.nil?
|
221
239
|
cmd << '--insecure' unless ssl_verify?
|
222
240
|
cmd << "--data #{Shellwords.shellescape(request_body)}" unless request_body.nil?
|
241
|
+
cmd << '--location' if max_redirects > 0
|
242
|
+
cmd << "--max-redirs #{max_redirects}" if max_redirects > 0
|
223
243
|
|
224
244
|
request_headers.each do |k, v|
|
225
245
|
cmd << "-H '#{k}: #{v}'"
|
data/lib/resources/iis_app.rb
CHANGED
@@ -7,7 +7,7 @@ module Inspec::Resources
|
|
7
7
|
name 'iis_app'
|
8
8
|
supports platform: 'windows'
|
9
9
|
desc 'Tests IIS application configuration on windows. Supported in server 2012+ only'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe iis_app('/myapp', 'Default Web Site') do
|
12
12
|
it { should exist }
|
13
13
|
it { should have_application_pool('MyAppPool') }
|
@@ -16,7 +16,7 @@ module Inspec::Resources
|
|
16
16
|
it { should have_physical_path('C:\\inetpub\\wwwroot\\myapp') }
|
17
17
|
it { should have_path('\\My Application') }
|
18
18
|
end
|
19
|
-
|
19
|
+
EXAMPLE
|
20
20
|
|
21
21
|
def initialize(path, site_name)
|
22
22
|
@path = path
|
@@ -7,14 +7,14 @@ class IisAppPool < Inspec.resource(1)
|
|
7
7
|
name 'iis_app_pool'
|
8
8
|
desc 'Tests IIS application pool configuration on windows.'
|
9
9
|
supports platform: 'windows'
|
10
|
-
example <<~
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe iis_app_pool('DefaultAppPool') do
|
12
12
|
it { should exist }
|
13
13
|
its('enable32bit') { should cmp 'True' }
|
14
14
|
its('runtime_version') { should eq 'v4.0' }
|
15
15
|
its('pipeline_mode') { should eq 'Integrated' }
|
16
16
|
end
|
17
|
-
|
17
|
+
EXAMPLE
|
18
18
|
|
19
19
|
def initialize(pool_name)
|
20
20
|
@pool_name = pool_name
|
@@ -86,10 +86,13 @@ class IisAppPool < Inspec.resource(1)
|
|
86
86
|
def iis_app_pool
|
87
87
|
return @cache unless @cache.nil?
|
88
88
|
|
89
|
+
# We use `-Compress` here to avoid a bug in PowerShell
|
90
|
+
# It does not affect validity of the output, only the representation
|
91
|
+
# See: https://github.com/inspec/inspec/pull/3842
|
89
92
|
script = <<~EOH
|
90
93
|
Import-Module WebAdministration
|
91
94
|
If (Test-Path '#{@pool_path}') {
|
92
|
-
Get-Item '#{@pool_path}' | Select-Object * | ConvertTo-Json
|
95
|
+
Get-Item '#{@pool_path}' | Select-Object * | ConvertTo-Json -Compress
|
93
96
|
} Else {
|
94
97
|
Write-Host '{}'
|
95
98
|
}
|
data/lib/resources/iis_site.rb
CHANGED
@@ -18,7 +18,7 @@ module Inspec::Resources
|
|
18
18
|
name 'iis_site'
|
19
19
|
supports platform: 'windows'
|
20
20
|
desc 'Tests IIS site configuration on windows. Supported in server 2012+ only'
|
21
|
-
example
|
21
|
+
example <<~EXAMPLE
|
22
22
|
describe iis_site('Default Web Site') do
|
23
23
|
it { should exist }
|
24
24
|
it { should be_running }
|
@@ -27,7 +27,7 @@ module Inspec::Resources
|
|
27
27
|
it { should have_binding('net.pipe *') }
|
28
28
|
it { should have_path('C:\\inetpub\\wwwroot') }
|
29
29
|
end
|
30
|
-
|
30
|
+
EXAMPLE
|
31
31
|
|
32
32
|
def initialize(site_name)
|
33
33
|
@site_name = site_name
|
@@ -125,13 +125,13 @@ module Inspec::Resources
|
|
125
125
|
class IisSiteServerSpec < IisSite
|
126
126
|
name 'iis_website'
|
127
127
|
desc 'Tests IIS site configuration on windows. Deprecated, use `iis_site` instead.'
|
128
|
-
example
|
128
|
+
example <<~EXAMPLE
|
129
129
|
describe iis_website('Default Website') do
|
130
130
|
it{ should exist }
|
131
131
|
it{ should be_running }
|
132
132
|
it{ should be_in_app_pool('Default App Pool') }
|
133
133
|
end
|
134
|
-
|
134
|
+
EXAMPLE
|
135
135
|
|
136
136
|
def initialize(site_name)
|
137
137
|
super(site_name)
|
data/lib/resources/inetd_conf.rb
CHANGED
@@ -9,13 +9,13 @@ module Inspec::Resources
|
|
9
9
|
name 'inetd_conf'
|
10
10
|
supports platform: 'unix'
|
11
11
|
desc 'Use the inetd_conf InSpec audit resource to test if a service is enabled in the inetd.conf file on Linux and UNIX platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The inetd.conf file is typically located at /etc/inetd.conf and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.'
|
12
|
-
example
|
12
|
+
example <<~EXAMPLE
|
13
13
|
describe inetd_conf do
|
14
14
|
its('shell') { should eq nil }
|
15
15
|
its('login') { should eq nil }
|
16
16
|
its('exec') { should eq nil }
|
17
17
|
end
|
18
|
-
|
18
|
+
EXAMPLE
|
19
19
|
|
20
20
|
include FileReader
|
21
21
|
|
data/lib/resources/ini.rb
CHANGED
@@ -8,11 +8,11 @@ module Inspec::Resources
|
|
8
8
|
supports platform: 'unix'
|
9
9
|
supports platform: 'windows'
|
10
10
|
desc 'Use the ini InSpec audit resource to test data in a INI file.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
descibe ini do
|
13
13
|
its('auth_protocol') { should eq 'https' }
|
14
14
|
end
|
15
|
-
|
15
|
+
EXAMPLE
|
16
16
|
# override file load and parse hash with simple config
|
17
17
|
def parse(content)
|
18
18
|
SimpleConfig.new(content).params
|
data/lib/resources/interface.rb
CHANGED
@@ -8,13 +8,13 @@ module Inspec::Resources
|
|
8
8
|
supports platform: 'unix'
|
9
9
|
supports platform: 'windows'
|
10
10
|
desc 'Use the interface InSpec audit resource to test basic network adapter properties, such as name, status, and link speed (in MB/sec).'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe interface('eth0') do
|
13
13
|
it { should exist }
|
14
14
|
it { should be_up }
|
15
15
|
its('speed') { should eq 1000 }
|
16
16
|
end
|
17
|
-
|
17
|
+
EXAMPLE
|
18
18
|
def initialize(iface)
|
19
19
|
@iface = iface
|
20
20
|
|
data/lib/resources/iptables.rb
CHANGED
@@ -24,11 +24,11 @@ module Inspec::Resources
|
|
24
24
|
name 'iptables'
|
25
25
|
supports platform: 'linux'
|
26
26
|
desc 'Use the iptables InSpec audit resource to test rules that are defined in iptables, which maintains tables of IP packet filtering rules. There may be more than one table. Each table contains one (or more) chains (both built-in and custom). A chain is a list of rules that match packets. When the rule matches, the rule defines what target to assign to the packet.'
|
27
|
-
example
|
27
|
+
example <<~EXAMPLE
|
28
28
|
describe iptables do
|
29
29
|
it { should have_rule('-P INPUT ACCEPT') }
|
30
30
|
end
|
31
|
-
|
31
|
+
EXAMPLE
|
32
32
|
|
33
33
|
def initialize(params = {})
|
34
34
|
@table = params[:table]
|
data/lib/resources/json.rb
CHANGED
@@ -8,7 +8,7 @@ module Inspec::Resources
|
|
8
8
|
class JsonConfig < Inspec.resource(1)
|
9
9
|
name 'json'
|
10
10
|
desc 'Use the json InSpec audit resource to test data in a JSON file.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe json('policyfile.lock.json') do
|
13
13
|
its(['cookbook_locks','omnibus','version']) { should eq('2.2.0') }
|
14
14
|
end
|
@@ -20,8 +20,7 @@ module Inspec::Resources
|
|
20
20
|
describe json({ content: '{\"item1\": { \"status\": \"available\" } }' }) do
|
21
21
|
its(['item1', 'status']) { should cmp 'available' }
|
22
22
|
end
|
23
|
-
|
24
|
-
"
|
23
|
+
EXAMPLE
|
25
24
|
|
26
25
|
include ObjectTraverser
|
27
26
|
include FileReader
|