inspec-core 3.7.1 → 3.7.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/inspec/config.rb +12 -0
- data/lib/inspec/shell.rb +2 -15
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-habitat/Berksfile +5 -0
- data/lib/plugins/inspec-habitat/README.md +150 -0
- data/lib/plugins/inspec-habitat/kitchen.yml +28 -0
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +9 -9
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +164 -280
- data/lib/plugins/inspec-habitat/templates/habitat/config/inspec_exec_config.json.erb +25 -0
- data/lib/plugins/inspec-habitat/templates/habitat/default.toml.erb +9 -0
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +32 -0
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +85 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +2 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/files/hab_setup.exp +28 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +9 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +61 -0
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +38 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +40 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +7 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +188 -132
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +12 -0
- data/lib/resources/aide_conf.rb +2 -2
- data/lib/resources/apache.rb +2 -2
- data/lib/resources/apache_conf.rb +2 -2
- data/lib/resources/apt.rb +2 -2
- data/lib/resources/audit_policy.rb +2 -2
- data/lib/resources/auditd.rb +2 -2
- data/lib/resources/auditd_conf.rb +2 -2
- data/lib/resources/bash.rb +2 -2
- data/lib/resources/bond.rb +2 -2
- data/lib/resources/bridge.rb +2 -2
- data/lib/resources/chocolatey_package.rb +2 -2
- data/lib/resources/command.rb +2 -2
- data/lib/resources/cpan.rb +2 -2
- data/lib/resources/cran.rb +2 -2
- data/lib/resources/crontab.rb +2 -2
- data/lib/resources/csv.rb +2 -2
- data/lib/resources/dh_params.rb +2 -2
- data/lib/resources/directory.rb +2 -2
- data/lib/resources/docker.rb +2 -2
- data/lib/resources/docker_container.rb +2 -2
- data/lib/resources/docker_image.rb +2 -2
- data/lib/resources/docker_plugin.rb +2 -2
- data/lib/resources/docker_service.rb +2 -2
- data/lib/resources/elasticsearch.rb +2 -2
- data/lib/resources/etc_fstab.rb +2 -2
- data/lib/resources/etc_group.rb +2 -2
- data/lib/resources/etc_hosts.rb +2 -2
- data/lib/resources/etc_hosts_allow_deny.rb +4 -4
- data/lib/resources/file.rb +2 -2
- data/lib/resources/filesystem.rb +2 -2
- data/lib/resources/firewalld.rb +2 -2
- data/lib/resources/gem.rb +2 -2
- data/lib/resources/groups.rb +4 -4
- data/lib/resources/grub_conf.rb +2 -2
- data/lib/resources/host.rb +2 -2
- data/lib/resources/http.rb +25 -5
- data/lib/resources/iis_app.rb +2 -2
- data/lib/resources/iis_app_pool.rb +6 -3
- data/lib/resources/iis_site.rb +4 -4
- data/lib/resources/inetd_conf.rb +2 -2
- data/lib/resources/ini.rb +2 -2
- data/lib/resources/interface.rb +2 -2
- data/lib/resources/iptables.rb +2 -2
- data/lib/resources/json.rb +2 -3
- data/lib/resources/kernel_module.rb +17 -18
- data/lib/resources/kernel_parameter.rb +2 -2
- data/lib/resources/key_rsa.rb +2 -2
- data/lib/resources/ksh.rb +2 -2
- data/lib/resources/limits_conf.rb +2 -2
- data/lib/resources/login_def.rb +2 -2
- data/lib/resources/mount.rb +2 -2
- data/lib/resources/mssql_session.rb +2 -2
- data/lib/resources/mysql_conf.rb +2 -2
- data/lib/resources/mysql_session.rb +2 -2
- data/lib/resources/nginx.rb +2 -2
- data/lib/resources/nginx_conf.rb +2 -2
- data/lib/resources/npm.rb +2 -2
- data/lib/resources/ntp_conf.rb +2 -2
- data/lib/resources/oneget.rb +2 -2
- data/lib/resources/oracledb_session.rb +2 -2
- data/lib/resources/os.rb +2 -2
- data/lib/resources/os_env.rb +2 -2
- data/lib/resources/package.rb +2 -2
- data/lib/resources/packages.rb +2 -2
- data/lib/resources/parse_config.rb +4 -4
- data/lib/resources/passwd.rb +2 -2
- data/lib/resources/pip.rb +2 -2
- data/lib/resources/platform.rb +2 -2
- data/lib/resources/port.rb +2 -2
- data/lib/resources/postgres_conf.rb +2 -2
- data/lib/resources/postgres_hba_conf.rb +2 -2
- data/lib/resources/postgres_ident_conf.rb +2 -2
- data/lib/resources/postgres_session.rb +2 -2
- data/lib/resources/powershell.rb +2 -2
- data/lib/resources/processes.rb +2 -2
- data/lib/resources/rabbitmq_conf.rb +2 -2
- data/lib/resources/registry_key.rb +2 -2
- data/lib/resources/security_identifier.rb +2 -2
- data/lib/resources/security_policy.rb +2 -2
- data/lib/resources/service.rb +14 -14
- data/lib/resources/shadow.rb +2 -2
- data/lib/resources/ssh_conf.rb +4 -4
- data/lib/resources/ssl.rb +2 -2
- data/lib/resources/sys_info.rb +2 -2
- data/lib/resources/toml.rb +2 -2
- data/lib/resources/users.rb +4 -4
- data/lib/resources/vbscript.rb +2 -2
- data/lib/resources/virtualization.rb +2 -2
- data/lib/resources/windows_feature.rb +2 -2
- data/lib/resources/windows_hotfix.rb +2 -2
- data/lib/resources/windows_task.rb +2 -2
- data/lib/resources/wmi.rb +2 -2
- data/lib/resources/x509_certificate.rb +2 -2
- data/lib/resources/xinetd.rb +2 -2
- data/lib/resources/xml.rb +2 -2
- data/lib/resources/yaml.rb +2 -2
- data/lib/resources/yum.rb +2 -2
- data/lib/resources/zfs_dataset.rb +2 -2
- data/lib/resources/zfs_pool.rb +2 -2
- metadata +36 -4
@@ -7,7 +7,7 @@ module Inspec::Resources
|
|
7
7
|
name 'virtualization'
|
8
8
|
supports platform: 'linux'
|
9
9
|
desc 'Use the virtualization InSpec audit resource to test the virtualization platform on which the system is running'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe virtualization do
|
12
12
|
its('system') { should eq 'docker' }
|
13
13
|
end
|
@@ -22,7 +22,7 @@ module Inspec::Resources
|
|
22
22
|
end
|
23
23
|
only_if { virtualization.system == 'docker' }
|
24
24
|
end
|
25
|
-
|
25
|
+
EXAMPLE
|
26
26
|
|
27
27
|
def initialize
|
28
28
|
@virtualization_data = Hashie::Mash.new
|
@@ -5,7 +5,7 @@ module Inspec::Resources
|
|
5
5
|
name 'windows_feature'
|
6
6
|
supports platform: 'windows'
|
7
7
|
desc 'Use the windows_feature InSpec audit resource to test features on Microsoft Windows.'
|
8
|
-
example
|
8
|
+
example <<~EXAMPLE
|
9
9
|
# By default this resource will use Get-WindowsFeature.
|
10
10
|
# Failing that, it will use DISM.
|
11
11
|
|
@@ -23,7 +23,7 @@ module Inspec::Resources
|
|
23
23
|
describe windows_feature('IIS-WebServer') do
|
24
24
|
it { should be_installed }
|
25
25
|
end
|
26
|
-
|
26
|
+
EXAMPLE
|
27
27
|
|
28
28
|
def initialize(feature, method = nil)
|
29
29
|
@feature = feature
|
@@ -5,11 +5,11 @@ module Inspec::Resources
|
|
5
5
|
name 'windows_hotfix'
|
6
6
|
supports platform: 'windows'
|
7
7
|
desc 'Use the windows_hotfix InSpec audit resource to test if the hotfix has been installed on the Windows system.'
|
8
|
-
example
|
8
|
+
example <<~EXAMPLE
|
9
9
|
describe windows_hotfix('KB4012212') do
|
10
10
|
it { should be_installed }
|
11
11
|
end
|
12
|
-
|
12
|
+
EXAMPLE
|
13
13
|
|
14
14
|
attr_accessor :content
|
15
15
|
|
@@ -4,7 +4,7 @@ module Inspec::Resources
|
|
4
4
|
name 'windows_task'
|
5
5
|
supports platform: 'windows'
|
6
6
|
desc 'Use the windows_task InSpec audit resource to test task schedules on Microsoft Windows.'
|
7
|
-
example
|
7
|
+
example <<~EXAMPLE
|
8
8
|
describe windows_task('\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime') do
|
9
9
|
it { should be_enabled }
|
10
10
|
end
|
@@ -23,7 +23,7 @@ module Inspec::Resources
|
|
23
23
|
its('task_to_run') { should cmp '%Windir%\\system32\\appidpolicyconverter.exe' }
|
24
24
|
its('run_as_user') { should eq 'LOCAL SERVICE' }
|
25
25
|
end
|
26
|
-
|
26
|
+
EXAMPLE
|
27
27
|
|
28
28
|
def initialize(taskuri)
|
29
29
|
@taskuri = taskuri
|
data/lib/resources/wmi.rb
CHANGED
@@ -11,7 +11,7 @@ module Inspec::Resources
|
|
11
11
|
name 'wmi'
|
12
12
|
supports platform: 'windows'
|
13
13
|
desc 'request wmi information'
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe wmi({
|
16
16
|
class: 'RSOP_SecuritySettingNumeric',
|
17
17
|
namespace: 'root\\rsop\\computer',
|
@@ -19,7 +19,7 @@ module Inspec::Resources
|
|
19
19
|
}) do
|
20
20
|
its('Setting') { should eq true }
|
21
21
|
end
|
22
|
-
|
22
|
+
EXAMPLE
|
23
23
|
|
24
24
|
include ObjectTraverser
|
25
25
|
attr_accessor :content
|
@@ -10,7 +10,7 @@ module Inspec::Resources
|
|
10
10
|
supports platform: 'unix'
|
11
11
|
supports platform: 'windows'
|
12
12
|
desc 'Used to test x.509 certificates'
|
13
|
-
example
|
13
|
+
example <<~EXAMPLE
|
14
14
|
describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
|
15
15
|
its('subject') { should match /CN=My Website/ }
|
16
16
|
its('validity_in_days') { should be > 30 }
|
@@ -31,7 +31,7 @@ module Inspec::Resources
|
|
31
31
|
its('key_length') { should be >= 2048 }
|
32
32
|
its('extensions.subjectKeyIdentifier') { should cmp 'A5:16:0B:12:F4:48:0F:06:6C:32:29:67:98:12:DF:3D:0D:75:9D:5C' }
|
33
33
|
end
|
34
|
-
|
34
|
+
EXAMPLE
|
35
35
|
|
36
36
|
include FileReader
|
37
37
|
|
data/lib/resources/xinetd.rb
CHANGED
@@ -9,7 +9,7 @@ module Inspec::Resources
|
|
9
9
|
name 'xinetd_conf'
|
10
10
|
supports platform: 'unix'
|
11
11
|
desc 'Xinetd services configuration.'
|
12
|
-
example
|
12
|
+
example <<~EXAMPLE
|
13
13
|
describe xinetd_conf.services('chargen') do
|
14
14
|
its('socket_types') { should include 'dgram' }
|
15
15
|
end
|
@@ -17,7 +17,7 @@ module Inspec::Resources
|
|
17
17
|
describe xinetd_conf.services('chargen').socket_types('dgram') do
|
18
18
|
it { should be_disabled }
|
19
19
|
end
|
20
|
-
|
20
|
+
EXAMPLE
|
21
21
|
|
22
22
|
include XinetdParser
|
23
23
|
include FileReader
|
data/lib/resources/xml.rb
CHANGED
@@ -6,12 +6,12 @@ module Inspec::Resources
|
|
6
6
|
supports platform: 'unix'
|
7
7
|
supports platform: 'windows'
|
8
8
|
desc 'Use the xml InSpec resource to test configuration data in an XML file'
|
9
|
-
example
|
9
|
+
example <<~EXAMPLE
|
10
10
|
describe xml('default.xml') do
|
11
11
|
its('key/sub_key') { should eq(['value']) }
|
12
12
|
its(['root/name.with.a.period']) { should cmp 'so_many_dots' }
|
13
13
|
end
|
14
|
-
|
14
|
+
EXAMPLE
|
15
15
|
|
16
16
|
def parse(content)
|
17
17
|
require 'rexml/document'
|
data/lib/resources/yaml.rb
CHANGED
@@ -11,7 +11,7 @@ module Inspec::Resources
|
|
11
11
|
class YamlConfig < JsonConfig
|
12
12
|
name 'yaml'
|
13
13
|
desc 'Use the yaml InSpec audit resource to test configuration data in a YAML file.'
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe yaml('config.yaml') do
|
16
16
|
its(['driver', 'name']) { should eq 'vagrant' }
|
17
17
|
end
|
@@ -23,7 +23,7 @@ module Inspec::Resources
|
|
23
23
|
describe yaml({ content: \"key1: value1\nkey2: value2\" }) do
|
24
24
|
its('key2') { should cmp 'value2' }
|
25
25
|
end
|
26
|
-
|
26
|
+
EXAMPLE
|
27
27
|
|
28
28
|
# override file load and parse hash from yaml
|
29
29
|
def parse(content)
|
data/lib/resources/yum.rb
CHANGED
@@ -32,12 +32,12 @@ module Inspec::Resources
|
|
32
32
|
name 'yum'
|
33
33
|
supports platform: 'unix'
|
34
34
|
desc 'Use the yum InSpec audit resource to test the configuration of Yum repositories.'
|
35
|
-
example
|
35
|
+
example <<~EXAMPLE
|
36
36
|
describe yum.repo('name') do
|
37
37
|
it { should exist }
|
38
38
|
it { should be_enabled }
|
39
39
|
end
|
40
|
-
|
40
|
+
EXAMPLE
|
41
41
|
|
42
42
|
# returns all repositories
|
43
43
|
# works as following:
|
@@ -8,12 +8,12 @@ module Inspec::Resources
|
|
8
8
|
Use the zfs_dataset InSpec audit resource to test if the named
|
9
9
|
ZFS Dataset is present and/or has certain properties.
|
10
10
|
"
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe zfs_dataset('tank/tmp') do
|
13
13
|
its('exec') { should eq('off') }
|
14
14
|
its('setuid') { should eq('off') }
|
15
15
|
end
|
16
|
-
|
16
|
+
EXAMPLE
|
17
17
|
|
18
18
|
def initialize(zfs_dataset)
|
19
19
|
return skip_resource 'The `zfs_dataset` resource is not supported on your OS yet.' if !inspec.os.bsd?
|
data/lib/resources/zfs_pool.rb
CHANGED
@@ -8,11 +8,11 @@ module Inspec::Resources
|
|
8
8
|
Use the zfs_pool InSpec audit resource to test if the named
|
9
9
|
ZFS Pool is present and/or has certain properties.
|
10
10
|
"
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe zfs_pool('tank') do
|
13
13
|
its('failmode') { should eq('continue') }
|
14
14
|
end
|
15
|
-
|
15
|
+
EXAMPLE
|
16
16
|
|
17
17
|
def initialize(zfs_pool)
|
18
18
|
return skip_resource 'The `zfs_pool` resource is not supported on your OS yet.' if !inspec.os.bsd?
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.7.
|
4
|
+
version: 3.7.11
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-03-
|
11
|
+
date: 2019-03-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train-core
|
@@ -204,6 +204,20 @@ dependencies:
|
|
204
204
|
- - ">="
|
205
205
|
- !ruby/object:Gem::Version
|
206
206
|
version: 0.9.0
|
207
|
+
- !ruby/object:Gem::Dependency
|
208
|
+
name: faraday_middleware
|
209
|
+
requirement: !ruby/object:Gem::Requirement
|
210
|
+
requirements:
|
211
|
+
- - "~>"
|
212
|
+
- !ruby/object:Gem::Version
|
213
|
+
version: 0.12.2
|
214
|
+
type: :runtime
|
215
|
+
prerelease: false
|
216
|
+
version_requirements: !ruby/object:Gem::Requirement
|
217
|
+
requirements:
|
218
|
+
- - "~>"
|
219
|
+
- !ruby/object:Gem::Version
|
220
|
+
version: 0.12.2
|
207
221
|
- !ruby/object:Gem::Dependency
|
208
222
|
name: tomlrb
|
209
223
|
requirement: !ruby/object:Gem::Requirement
|
@@ -476,9 +490,28 @@ files:
|
|
476
490
|
- lib/plugins/inspec-compliance/test/unit/api/login_test.rb
|
477
491
|
- lib/plugins/inspec-compliance/test/unit/api_test.rb
|
478
492
|
- lib/plugins/inspec-compliance/test/unit/target_test.rb
|
493
|
+
- lib/plugins/inspec-habitat/Berksfile
|
494
|
+
- lib/plugins/inspec-habitat/README.md
|
495
|
+
- lib/plugins/inspec-habitat/kitchen.yml
|
479
496
|
- lib/plugins/inspec-habitat/lib/inspec-habitat.rb
|
480
497
|
- lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb
|
481
498
|
- lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb
|
499
|
+
- lib/plugins/inspec-habitat/templates/habitat/config/inspec_exec_config.json.erb
|
500
|
+
- lib/plugins/inspec-habitat/templates/habitat/default.toml.erb
|
501
|
+
- lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb
|
502
|
+
- lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb
|
503
|
+
- lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile
|
504
|
+
- lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/README.md
|
505
|
+
- lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/files/hab_setup.exp
|
506
|
+
- lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb
|
507
|
+
- lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb
|
508
|
+
- lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb
|
509
|
+
- lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/README.md
|
510
|
+
- lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb
|
511
|
+
- lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/inspec.yml
|
512
|
+
- lib/plugins/inspec-habitat/test/support/example_profile/README.md
|
513
|
+
- lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb
|
514
|
+
- lib/plugins/inspec-habitat/test/support/example_profile/inspec.yml
|
482
515
|
- lib/plugins/inspec-habitat/test/unit/profile_test.rb
|
483
516
|
- lib/plugins/inspec-init/README.md
|
484
517
|
- lib/plugins/inspec-init/lib/inspec-init.rb
|
@@ -671,8 +704,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
671
704
|
- !ruby/object:Gem::Version
|
672
705
|
version: '0'
|
673
706
|
requirements: []
|
674
|
-
|
675
|
-
rubygems_version: 2.7.6
|
707
|
+
rubygems_version: 3.0.3
|
676
708
|
signing_key:
|
677
709
|
specification_version: 4
|
678
710
|
summary: Just InSpec
|