inspec-core 3.7.1 → 3.7.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/inspec/config.rb +12 -0
- data/lib/inspec/shell.rb +2 -15
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-habitat/Berksfile +5 -0
- data/lib/plugins/inspec-habitat/README.md +150 -0
- data/lib/plugins/inspec-habitat/kitchen.yml +28 -0
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +9 -9
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +164 -280
- data/lib/plugins/inspec-habitat/templates/habitat/config/inspec_exec_config.json.erb +25 -0
- data/lib/plugins/inspec-habitat/templates/habitat/default.toml.erb +9 -0
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +32 -0
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +85 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +2 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/files/hab_setup.exp +28 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +9 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +61 -0
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +38 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +40 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +7 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +188 -132
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +12 -0
- data/lib/resources/aide_conf.rb +2 -2
- data/lib/resources/apache.rb +2 -2
- data/lib/resources/apache_conf.rb +2 -2
- data/lib/resources/apt.rb +2 -2
- data/lib/resources/audit_policy.rb +2 -2
- data/lib/resources/auditd.rb +2 -2
- data/lib/resources/auditd_conf.rb +2 -2
- data/lib/resources/bash.rb +2 -2
- data/lib/resources/bond.rb +2 -2
- data/lib/resources/bridge.rb +2 -2
- data/lib/resources/chocolatey_package.rb +2 -2
- data/lib/resources/command.rb +2 -2
- data/lib/resources/cpan.rb +2 -2
- data/lib/resources/cran.rb +2 -2
- data/lib/resources/crontab.rb +2 -2
- data/lib/resources/csv.rb +2 -2
- data/lib/resources/dh_params.rb +2 -2
- data/lib/resources/directory.rb +2 -2
- data/lib/resources/docker.rb +2 -2
- data/lib/resources/docker_container.rb +2 -2
- data/lib/resources/docker_image.rb +2 -2
- data/lib/resources/docker_plugin.rb +2 -2
- data/lib/resources/docker_service.rb +2 -2
- data/lib/resources/elasticsearch.rb +2 -2
- data/lib/resources/etc_fstab.rb +2 -2
- data/lib/resources/etc_group.rb +2 -2
- data/lib/resources/etc_hosts.rb +2 -2
- data/lib/resources/etc_hosts_allow_deny.rb +4 -4
- data/lib/resources/file.rb +2 -2
- data/lib/resources/filesystem.rb +2 -2
- data/lib/resources/firewalld.rb +2 -2
- data/lib/resources/gem.rb +2 -2
- data/lib/resources/groups.rb +4 -4
- data/lib/resources/grub_conf.rb +2 -2
- data/lib/resources/host.rb +2 -2
- data/lib/resources/http.rb +25 -5
- data/lib/resources/iis_app.rb +2 -2
- data/lib/resources/iis_app_pool.rb +6 -3
- data/lib/resources/iis_site.rb +4 -4
- data/lib/resources/inetd_conf.rb +2 -2
- data/lib/resources/ini.rb +2 -2
- data/lib/resources/interface.rb +2 -2
- data/lib/resources/iptables.rb +2 -2
- data/lib/resources/json.rb +2 -3
- data/lib/resources/kernel_module.rb +17 -18
- data/lib/resources/kernel_parameter.rb +2 -2
- data/lib/resources/key_rsa.rb +2 -2
- data/lib/resources/ksh.rb +2 -2
- data/lib/resources/limits_conf.rb +2 -2
- data/lib/resources/login_def.rb +2 -2
- data/lib/resources/mount.rb +2 -2
- data/lib/resources/mssql_session.rb +2 -2
- data/lib/resources/mysql_conf.rb +2 -2
- data/lib/resources/mysql_session.rb +2 -2
- data/lib/resources/nginx.rb +2 -2
- data/lib/resources/nginx_conf.rb +2 -2
- data/lib/resources/npm.rb +2 -2
- data/lib/resources/ntp_conf.rb +2 -2
- data/lib/resources/oneget.rb +2 -2
- data/lib/resources/oracledb_session.rb +2 -2
- data/lib/resources/os.rb +2 -2
- data/lib/resources/os_env.rb +2 -2
- data/lib/resources/package.rb +2 -2
- data/lib/resources/packages.rb +2 -2
- data/lib/resources/parse_config.rb +4 -4
- data/lib/resources/passwd.rb +2 -2
- data/lib/resources/pip.rb +2 -2
- data/lib/resources/platform.rb +2 -2
- data/lib/resources/port.rb +2 -2
- data/lib/resources/postgres_conf.rb +2 -2
- data/lib/resources/postgres_hba_conf.rb +2 -2
- data/lib/resources/postgres_ident_conf.rb +2 -2
- data/lib/resources/postgres_session.rb +2 -2
- data/lib/resources/powershell.rb +2 -2
- data/lib/resources/processes.rb +2 -2
- data/lib/resources/rabbitmq_conf.rb +2 -2
- data/lib/resources/registry_key.rb +2 -2
- data/lib/resources/security_identifier.rb +2 -2
- data/lib/resources/security_policy.rb +2 -2
- data/lib/resources/service.rb +14 -14
- data/lib/resources/shadow.rb +2 -2
- data/lib/resources/ssh_conf.rb +4 -4
- data/lib/resources/ssl.rb +2 -2
- data/lib/resources/sys_info.rb +2 -2
- data/lib/resources/toml.rb +2 -2
- data/lib/resources/users.rb +4 -4
- data/lib/resources/vbscript.rb +2 -2
- data/lib/resources/virtualization.rb +2 -2
- data/lib/resources/windows_feature.rb +2 -2
- data/lib/resources/windows_hotfix.rb +2 -2
- data/lib/resources/windows_task.rb +2 -2
- data/lib/resources/wmi.rb +2 -2
- data/lib/resources/x509_certificate.rb +2 -2
- data/lib/resources/xinetd.rb +2 -2
- data/lib/resources/xml.rb +2 -2
- data/lib/resources/yaml.rb +2 -2
- data/lib/resources/yum.rb +2 -2
- data/lib/resources/zfs_dataset.rb +2 -2
- data/lib/resources/zfs_pool.rb +2 -2
- metadata +36 -4
@@ -12,27 +12,26 @@ module Inspec::Resources
|
|
12
12
|
or if a module is disabled via a fake install using the `bin_true` or `bin_false`
|
13
13
|
method.'
|
14
14
|
|
15
|
-
example
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
end
|
15
|
+
example <<~EXAMPLE
|
16
|
+
describe kernel_module('video') do
|
17
|
+
it { should be_loaded }
|
18
|
+
it { should_not be_disabled }
|
19
|
+
it { should_not be_blacklisted }
|
20
|
+
end
|
22
21
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
22
|
+
describe kernel_module('sstfb') do
|
23
|
+
it { should_not be_loaded }
|
24
|
+
it { should be_disabled }
|
25
|
+
end
|
27
26
|
|
28
|
-
|
29
|
-
|
30
|
-
|
27
|
+
describe kernel_module('floppy') do
|
28
|
+
it { should be_blacklisted }
|
29
|
+
end
|
31
30
|
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
31
|
+
describe kernel_module('dhcp') do
|
32
|
+
it { should_not be_loaded }
|
33
|
+
end
|
34
|
+
EXAMPLE
|
36
35
|
|
37
36
|
def initialize(modulename = nil)
|
38
37
|
@module = modulename
|
@@ -5,11 +5,11 @@ module Inspec::Resources
|
|
5
5
|
name 'kernel_parameter'
|
6
6
|
supports platform: 'unix'
|
7
7
|
desc 'Use the kernel_parameter InSpec audit resource to test kernel parameters on Linux platforms.'
|
8
|
-
example
|
8
|
+
example <<~EXAMPLE
|
9
9
|
describe kernel_parameter('net.ipv4.conf.all.forwarding') do
|
10
10
|
its('value') { should eq 0 }
|
11
11
|
end
|
12
|
-
|
12
|
+
EXAMPLE
|
13
13
|
|
14
14
|
def initialize(parameter = nil)
|
15
15
|
@parameter = parameter
|
data/lib/resources/key_rsa.rb
CHANGED
@@ -11,7 +11,7 @@ module Inspec::Resources
|
|
11
11
|
supports platform: 'unix'
|
12
12
|
supports platform: 'windows'
|
13
13
|
desc 'public/private RSA key pair test'
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe key_rsa('/etc/pki/www.mywebsite.com.key') do
|
16
16
|
its('public_key') { should match /BEGIN RSA PUBLIC KEY/ }
|
17
17
|
end
|
@@ -20,7 +20,7 @@ module Inspec::Resources
|
|
20
20
|
it { should be_private }
|
21
21
|
it { should be_public }
|
22
22
|
end
|
23
|
-
|
23
|
+
EXAMPLE
|
24
24
|
|
25
25
|
include FileReader
|
26
26
|
include PkeyReader
|
data/lib/resources/ksh.rb
CHANGED
@@ -8,7 +8,7 @@ module Inspec::Resources
|
|
8
8
|
name 'ksh'
|
9
9
|
supports platform: 'unix'
|
10
10
|
desc 'Run a command or script in KornShell.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe ksh('ls -al /') do
|
13
13
|
its('stdout') { should match /bin/ }
|
14
14
|
its('stderr') { should eq '' }
|
@@ -20,7 +20,7 @@ module Inspec::Resources
|
|
20
20
|
|
21
21
|
# Specify arguments (defaults to -c)
|
22
22
|
ksh('...', args: '-x -c')
|
23
|
-
|
23
|
+
EXAMPLE
|
24
24
|
|
25
25
|
def initialize(command, options = {})
|
26
26
|
@raw_command = command
|
@@ -9,11 +9,11 @@ module Inspec::Resources
|
|
9
9
|
name 'limits_conf'
|
10
10
|
supports platform: 'unix'
|
11
11
|
desc 'Use the limits_conf InSpec audit resource to test configuration settings in the /etc/security/limits.conf file. The limits.conf defines limits for processes (by user and/or group names) and helps ensure that the system on which those processes are running remains stable. Each process may be assigned a hard or soft limit.'
|
12
|
-
example
|
12
|
+
example <<~EXAMPLE
|
13
13
|
describe limits_conf do
|
14
14
|
its('*') { should include ['hard','core','0'] }
|
15
15
|
end
|
16
|
-
|
16
|
+
EXAMPLE
|
17
17
|
|
18
18
|
include FileReader
|
19
19
|
|
data/lib/resources/login_def.rb
CHANGED
@@ -21,11 +21,11 @@ module Inspec::Resources
|
|
21
21
|
name 'login_defs'
|
22
22
|
supports platform: 'unix'
|
23
23
|
desc 'Use the login_defs InSpec audit resource to test configuration settings in the /etc/login.defs file. The logins.defs file defines site-specific configuration for the shadow password suite on Linux and UNIX platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.'
|
24
|
-
example
|
24
|
+
example <<~EXAMPLE
|
25
25
|
describe login_defs do
|
26
26
|
its('ENCRYPT_METHOD') { should eq 'SHA512' }
|
27
27
|
end
|
28
|
-
|
28
|
+
EXAMPLE
|
29
29
|
|
30
30
|
include FileReader
|
31
31
|
|
data/lib/resources/mount.rb
CHANGED
@@ -7,7 +7,7 @@ module Inspec::Resources
|
|
7
7
|
name 'mount'
|
8
8
|
supports platform: 'unix'
|
9
9
|
desc 'Use the mount InSpec audit resource to test if mount points.'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe mount('/') do
|
12
12
|
it { should be_mounted }
|
13
13
|
its('count') { should eq 1 }
|
@@ -16,7 +16,7 @@ module Inspec::Resources
|
|
16
16
|
its('options') { should eq ['rw', 'mode=620'] }
|
17
17
|
its('options') { should include 'nodev' }
|
18
18
|
end
|
19
|
-
|
19
|
+
EXAMPLE
|
20
20
|
attr_reader :file
|
21
21
|
|
22
22
|
def initialize(path)
|
@@ -14,7 +14,7 @@ module Inspec::Resources
|
|
14
14
|
name 'mssql_session'
|
15
15
|
supports platform: 'windows'
|
16
16
|
desc 'Use the mssql_session InSpec audit resource to test SQL commands run against a MS Sql Server database.'
|
17
|
-
example
|
17
|
+
example <<~EXAMPLE
|
18
18
|
# Using SQL authentication
|
19
19
|
sql = mssql_session(user: 'myuser', pass: 'mypassword')
|
20
20
|
describe sql.query('SELECT * FROM table').row(0).column('columnname') do
|
@@ -27,7 +27,7 @@ module Inspec::Resources
|
|
27
27
|
its('value') { should_not be_empty }
|
28
28
|
its('value') { should cmp == 1 }
|
29
29
|
end
|
30
|
-
|
30
|
+
EXAMPLE
|
31
31
|
|
32
32
|
attr_reader :user, :password, :host, :port, :instance, :local_mode, :db_name
|
33
33
|
def initialize(opts = {})
|
data/lib/resources/mysql_conf.rb
CHANGED
@@ -31,7 +31,7 @@ module Inspec::Resources
|
|
31
31
|
supports platform: 'unix'
|
32
32
|
supports platform: 'windows'
|
33
33
|
desc 'Use the mysql_conf InSpec audit resource to test the contents of the configuration file for MySQL, typically located at /etc/mysql/my.cnf or /etc/my.cnf.'
|
34
|
-
example
|
34
|
+
example <<~EXAMPLE
|
35
35
|
describe mysql_conf('path') do
|
36
36
|
its('setting') { should eq 'value' }
|
37
37
|
end
|
@@ -45,7 +45,7 @@ module Inspec::Resources
|
|
45
45
|
describe mysql_conf do
|
46
46
|
its(['mariadb', 'max-connections']) { should_not be_nil }
|
47
47
|
end
|
48
|
-
|
48
|
+
EXAMPLE
|
49
49
|
|
50
50
|
include FindFiles
|
51
51
|
include FileReader
|
@@ -9,12 +9,12 @@ module Inspec::Resources
|
|
9
9
|
supports platform: 'unix'
|
10
10
|
supports platform: 'windows'
|
11
11
|
desc 'Use the mysql_session InSpec audit resource to test SQL commands run against a MySQL database.'
|
12
|
-
example
|
12
|
+
example <<~EXAMPLE
|
13
13
|
sql = mysql_session('my_user','password','host')
|
14
14
|
describe sql.query('show databases like \'test\';') do
|
15
15
|
its('stdout') { should_not match(/test/) }
|
16
16
|
end
|
17
|
-
|
17
|
+
EXAMPLE
|
18
18
|
|
19
19
|
def initialize(user = nil, pass = nil, host = 'localhost', port = nil, socket = nil)
|
20
20
|
@user = user
|
data/lib/resources/nginx.rb
CHANGED
@@ -8,7 +8,7 @@ module Inspec::Resources
|
|
8
8
|
name 'nginx'
|
9
9
|
supports platform: 'unix'
|
10
10
|
desc 'Use the nginx InSpec audit resource to test information about your NGINX instance.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe nginx do
|
13
13
|
its('conf_path') { should cmp '/etc/nginx/nginx.conf' }
|
14
14
|
end
|
@@ -18,7 +18,7 @@ module Inspec::Resources
|
|
18
18
|
describe nginx do
|
19
19
|
its('modules') { should include 'my_module' }
|
20
20
|
end
|
21
|
-
|
21
|
+
EXAMPLE
|
22
22
|
attr_reader :params, :bin_dir
|
23
23
|
|
24
24
|
def initialize(nginx_path = '/usr/sbin/nginx')
|
data/lib/resources/nginx_conf.rb
CHANGED
@@ -19,10 +19,10 @@ module Inspec::Resources
|
|
19
19
|
desc 'Use the nginx_conf InSpec resource to test configuration data '\
|
20
20
|
'for the NginX web server located in /etc/nginx/nginx.conf on '\
|
21
21
|
'Linux and UNIX platforms.'
|
22
|
-
example
|
22
|
+
example <<~EXAMPLE
|
23
23
|
describe nginx_conf.params ...
|
24
24
|
describe nginx_conf('/path/to/my/nginx.conf').params ...
|
25
|
-
|
25
|
+
EXAMPLE
|
26
26
|
|
27
27
|
extend Forwardable
|
28
28
|
|
data/lib/resources/npm.rb
CHANGED
@@ -8,7 +8,7 @@ module Inspec::Resources
|
|
8
8
|
supports platform: 'unix'
|
9
9
|
supports platform: 'windows'
|
10
10
|
desc 'Use the npm InSpec audit resource to test if a global npm package is installed. npm is the the package manager for Nodejs packages, such as bower and StatsD.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe npm('bower') do
|
13
13
|
it { should be_installed }
|
14
14
|
end
|
@@ -16,7 +16,7 @@ module Inspec::Resources
|
|
16
16
|
describe npm('tar', path: '/path/to/project') do
|
17
17
|
it { should be_installed }
|
18
18
|
end
|
19
|
-
|
19
|
+
EXAMPLE
|
20
20
|
|
21
21
|
def initialize(package_name, opts = {})
|
22
22
|
@package_name = package_name
|
data/lib/resources/ntp_conf.rb
CHANGED
@@ -9,12 +9,12 @@ module Inspec::Resources
|
|
9
9
|
name 'ntp_conf'
|
10
10
|
supports platform: 'unix'
|
11
11
|
desc 'Use the ntp_conf InSpec audit resource to test the synchronization settings defined in the ntp.conf file. This file is typically located at /etc/ntp.conf.'
|
12
|
-
example
|
12
|
+
example <<~EXAMPLE
|
13
13
|
describe ntp_conf do
|
14
14
|
its('server') { should_not eq nil }
|
15
15
|
its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
|
16
16
|
end
|
17
|
-
|
17
|
+
EXAMPLE
|
18
18
|
|
19
19
|
include FileReader
|
20
20
|
|
data/lib/resources/oneget.rb
CHANGED
@@ -12,12 +12,12 @@ module Inspec::Resources
|
|
12
12
|
name 'oneget'
|
13
13
|
supports platform: 'windows'
|
14
14
|
desc 'Use the oneget InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses OneGet, which is part of the Windows Management Framework 5.0 and Windows 10. This resource uses the Get-Package cmdlet to return all of the package names in the OneGet repository.'
|
15
|
-
example
|
15
|
+
example <<~EXAMPLE
|
16
16
|
describe oneget('zoomit') do
|
17
17
|
it { should be_installed }
|
18
18
|
its('version') { should eq '1.2.3' }
|
19
19
|
end
|
20
|
-
|
20
|
+
EXAMPLE
|
21
21
|
|
22
22
|
def initialize(package_name)
|
23
23
|
@package_name = package_name
|
@@ -15,12 +15,12 @@ module Inspec::Resources
|
|
15
15
|
supports platform: 'unix'
|
16
16
|
supports platform: 'windows'
|
17
17
|
desc 'Use the oracledb_session InSpec resource to test commands against an Oracle database'
|
18
|
-
example
|
18
|
+
example <<~EXAMPLE
|
19
19
|
sql = oracledb_session(user: 'my_user', pass: 'password')
|
20
20
|
describe sql.query(\"SELECT UPPER(VALUE) AS VALUE FROM V$PARAMETER WHERE UPPER(NAME)='AUDIT_SYS_OPERATIONS'\").row(0).column('value') do
|
21
21
|
its('value') { should eq 'TRUE' }
|
22
22
|
end
|
23
|
-
|
23
|
+
EXAMPLE
|
24
24
|
|
25
25
|
attr_reader :user, :password, :host, :service, :as_os_user, :as_db_role
|
26
26
|
# rubocop:disable Metrics/PerceivedComplexity,Metrics/CyclomaticComplexity
|
data/lib/resources/os.rb
CHANGED
@@ -8,7 +8,7 @@ module Inspec::Resources
|
|
8
8
|
supports platform: 'unix'
|
9
9
|
supports platform: 'windows'
|
10
10
|
desc 'Use the os InSpec audit resource to test the platform on which the system is running.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe os[:family] do
|
13
13
|
it { should eq 'redhat' }
|
14
14
|
end
|
@@ -20,7 +20,7 @@ module Inspec::Resources
|
|
20
20
|
describe os.linux? do
|
21
21
|
it { should eq true }
|
22
22
|
end
|
23
|
-
|
23
|
+
EXAMPLE
|
24
24
|
|
25
25
|
# reuse helper methods from backend
|
26
26
|
%w{aix? redhat? debian? suse? bsd? solaris? linux? unix? windows? hpux? darwin?}.each do |os_family|
|
data/lib/resources/os_env.rb
CHANGED
@@ -16,11 +16,11 @@ module Inspec::Resources
|
|
16
16
|
supports platform: 'unix'
|
17
17
|
supports platform: 'windows'
|
18
18
|
desc 'Use the os_env InSpec audit resource to test the environment variables for the platform on which the system is running.'
|
19
|
-
example
|
19
|
+
example <<~EXAMPLE
|
20
20
|
describe os_env('VARIABLE') do
|
21
21
|
its('matcher') { should eq 1 }
|
22
22
|
end
|
23
|
-
|
23
|
+
EXAMPLE
|
24
24
|
|
25
25
|
def initialize(env = nil, target = nil)
|
26
26
|
@osenv = env
|
data/lib/resources/package.rb
CHANGED
@@ -12,13 +12,13 @@ module Inspec::Resources
|
|
12
12
|
supports platform: 'unix'
|
13
13
|
supports platform: 'windows'
|
14
14
|
desc 'Use the package InSpec audit resource to test if the named package and/or package version is installed on the system.'
|
15
|
-
example
|
15
|
+
example <<~EXAMPLE
|
16
16
|
describe package('nginx') do
|
17
17
|
it { should be_installed }
|
18
18
|
it { should_not be_held } # for dpkg platforms that support holding a version from being upgraded
|
19
19
|
its('version') { should eq 1.9.5 }
|
20
20
|
end
|
21
|
-
|
21
|
+
EXAMPLE
|
22
22
|
def initialize(package_name, opts = {}) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
23
23
|
@package_name = package_name
|
24
24
|
@name = @package_name
|
data/lib/resources/packages.rb
CHANGED
@@ -8,7 +8,7 @@ module Inspec::Resources
|
|
8
8
|
name 'packages'
|
9
9
|
supports platform: 'unix'
|
10
10
|
desc 'Use the packages InSpec audit resource to test properties for multiple packages installed on the system'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe packages(/xserver-xorg.*/) do
|
13
13
|
its('entries') { should be_empty }
|
14
14
|
end
|
@@ -18,7 +18,7 @@ module Inspec::Resources
|
|
18
18
|
describe packages(/vi.+/).where { status != 'installed' } do
|
19
19
|
its('statuses') { should be_empty }
|
20
20
|
end
|
21
|
-
|
21
|
+
EXAMPLE
|
22
22
|
|
23
23
|
def initialize(pattern)
|
24
24
|
os = inspec.os
|
@@ -18,7 +18,7 @@ module Inspec::Resources
|
|
18
18
|
supports platform: 'unix'
|
19
19
|
supports platform: 'windows'
|
20
20
|
desc 'Use the parse_config InSpec audit resource to test arbitrary configuration files.'
|
21
|
-
example
|
21
|
+
example <<~EXAMPLE
|
22
22
|
output = command('some-command').stdout
|
23
23
|
describe parse_config(output, { data_config_option: value } ) do
|
24
24
|
its('setting') { should eq 1 }
|
@@ -41,7 +41,7 @@ module Inspec::Resources
|
|
41
41
|
describe parse_config(output2, options2 ).params['listen queue'].to_i do
|
42
42
|
it { should be < 100 }
|
43
43
|
end
|
44
|
-
|
44
|
+
EXAMPLE
|
45
45
|
|
46
46
|
include FileReader
|
47
47
|
|
@@ -94,11 +94,11 @@ module Inspec::Resources
|
|
94
94
|
class PConfigFile < PConfig
|
95
95
|
name 'parse_config_file'
|
96
96
|
desc 'Use the parse_config_file InSpec resource to test arbitrary configuration files. It works identically to parse_config. Instead of using a command output, this resource works with files.'
|
97
|
-
example
|
97
|
+
example <<~EXAMPLE
|
98
98
|
describe parse_config_file('/path/to/file') do
|
99
99
|
its('setting') { should eq 1 }
|
100
100
|
end
|
101
|
-
|
101
|
+
EXAMPLE
|
102
102
|
|
103
103
|
def initialize(path, opts = nil)
|
104
104
|
super(nil, opts)
|
data/lib/resources/passwd.rb
CHANGED
@@ -19,7 +19,7 @@ module Inspec::Resources
|
|
19
19
|
name 'passwd'
|
20
20
|
supports platform: 'unix'
|
21
21
|
desc 'Use the passwd InSpec audit resource to test the contents of /etc/passwd, which contains the following information for users that may log into the system and/or as users that own running processes.'
|
22
|
-
example
|
22
|
+
example <<~EXAMPLE
|
23
23
|
describe passwd do
|
24
24
|
its('users') { should_not include 'forbidden_user' }
|
25
25
|
end
|
@@ -32,7 +32,7 @@ module Inspec::Resources
|
|
32
32
|
# find all users with a nologin shell
|
33
33
|
its('users') { should_not include 'my_login_user' }
|
34
34
|
end
|
35
|
-
|
35
|
+
EXAMPLE
|
36
36
|
|
37
37
|
include PasswdParser
|
38
38
|
include FileReader
|
data/lib/resources/pip.rb
CHANGED
@@ -12,7 +12,7 @@ module Inspec::Resources
|
|
12
12
|
supports platform: 'unix'
|
13
13
|
supports platform: 'windows'
|
14
14
|
desc 'Use the pip InSpec audit resource to test packages that are installed using the pip installer.'
|
15
|
-
example
|
15
|
+
example <<~EXAMPLE
|
16
16
|
describe pip('Jinja2') do
|
17
17
|
it { should be_installed }
|
18
18
|
end
|
@@ -21,7 +21,7 @@ module Inspec::Resources
|
|
21
21
|
it { should be_installed }
|
22
22
|
its('version') { should eq('1.11.4')}
|
23
23
|
end
|
24
|
-
|
24
|
+
EXAMPLE
|
25
25
|
|
26
26
|
def initialize(package_name, pip_path = nil)
|
27
27
|
@package_name = package_name
|
data/lib/resources/platform.rb
CHANGED
@@ -4,7 +4,7 @@ module Inspec::Resources
|
|
4
4
|
class PlatformResource < Inspec.resource(1)
|
5
5
|
name 'platform'
|
6
6
|
desc 'Use the platform InSpec resource to test the platform on which the system is running.'
|
7
|
-
example
|
7
|
+
example <<~EXAMPLE
|
8
8
|
describe platform do
|
9
9
|
its('name') { should eq 'redhat' }
|
10
10
|
end
|
@@ -12,7 +12,7 @@ module Inspec::Resources
|
|
12
12
|
describe platform do
|
13
13
|
it { should be_in_family('unix') }
|
14
14
|
end
|
15
|
-
|
15
|
+
EXAMPLE
|
16
16
|
|
17
17
|
def initialize
|
18
18
|
@platform = inspec.backend.platform
|