inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,10 +1,10 @@
|
|
1
|
-
|
1
|
+
require "inspec/resources/docker"
|
2
2
|
|
3
3
|
module Inspec::Resources
|
4
4
|
class DockerPlugin < Inspec.resource(1)
|
5
|
-
name
|
6
|
-
supports platform:
|
7
|
-
desc
|
5
|
+
name "docker_plugin"
|
6
|
+
supports platform: "unix"
|
7
|
+
desc "Retrieves info about docker plugins"
|
8
8
|
example <<~EXAMPLE
|
9
9
|
describe docker_plugin('rexray/ebs') do
|
10
10
|
it { should exist }
|
@@ -55,9 +55,9 @@ module Inspec::Resources
|
|
55
55
|
def object_info
|
56
56
|
return @info if defined?(@info)
|
57
57
|
opts = @opts
|
58
|
-
@info = inspec.docker.plugins.where
|
58
|
+
@info = inspec.docker.plugins.where do
|
59
59
|
(name == opts[:name]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id]))
|
60
|
-
|
60
|
+
end
|
61
61
|
end
|
62
62
|
end
|
63
63
|
end
|
@@ -1,16 +1,16 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
#
|
3
2
|
# Copyright 2017, Christoph Hartmann
|
4
3
|
|
5
|
-
|
4
|
+
require "inspec/resources/docker"
|
5
|
+
require_relative "docker_object"
|
6
6
|
|
7
7
|
module Inspec::Resources
|
8
8
|
class DockerService < Inspec.resource(1)
|
9
9
|
include Inspec::Resources::DockerObject
|
10
10
|
|
11
|
-
name
|
12
|
-
supports platform:
|
13
|
-
desc
|
11
|
+
name "docker_service"
|
12
|
+
supports platform: "unix"
|
13
|
+
desc "Swarm-mode service"
|
14
14
|
example <<~EXAMPLE
|
15
15
|
describe docker_service('service1') do
|
16
16
|
it { should exist }
|
@@ -82,9 +82,9 @@ module Inspec::Resources
|
|
82
82
|
def object_info
|
83
83
|
return @info if defined?(@info)
|
84
84
|
opts = @opts
|
85
|
-
@info = inspec.docker.services.where
|
85
|
+
@info = inspec.docker.services.where do
|
86
86
|
name == opts[:name] || image == opts[:image] || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
|
87
|
-
|
87
|
+
end
|
88
88
|
end
|
89
89
|
end
|
90
90
|
end
|
@@ -1,13 +1,11 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require 'hashie/mash'
|
5
|
-
require 'resources/package'
|
1
|
+
require "inspec/utils/filter"
|
2
|
+
require "hashie/mash"
|
3
|
+
require "inspec/resources/package"
|
6
4
|
|
7
5
|
module Inspec::Resources
|
8
6
|
class Elasticsearch < Inspec.resource(1)
|
9
|
-
name
|
10
|
-
supports platform:
|
7
|
+
name "elasticsearch"
|
8
|
+
supports platform: "unix"
|
11
9
|
desc "Use the Elasticsearch InSpec audit resource to test the status of nodes in
|
12
10
|
an Elasticsearch cluster."
|
13
11
|
|
@@ -25,39 +23,39 @@ module Inspec::Resources
|
|
25
23
|
|
26
24
|
filter = FilterTable.create
|
27
25
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
28
|
-
filter.register_column(:cluster_name, field:
|
29
|
-
.register_column(:node_name, field:
|
30
|
-
.register_column(:transport_address, field:
|
31
|
-
.register_column(:host, field:
|
32
|
-
.register_column(:ip, field:
|
33
|
-
.register_column(:version, field:
|
34
|
-
.register_column(:build_hash, field:
|
35
|
-
.register_column(:total_indexing_buffer, field:
|
36
|
-
.register_column(:roles, field:
|
37
|
-
.register_column(:settings, field:
|
38
|
-
.register_column(:os, field:
|
39
|
-
.register_column(:process, field:
|
40
|
-
.register_column(:jvm, field:
|
41
|
-
.register_column(:transport, field:
|
42
|
-
.register_column(:http, field:
|
43
|
-
.register_column(:plugins, field:
|
44
|
-
.register_column(:plugin_list, field:
|
45
|
-
.register_column(:modules, field:
|
46
|
-
.register_column(:module_list, field:
|
47
|
-
.register_column(:node_id, field:
|
48
|
-
.register_column(:ingest, field:
|
49
|
-
.register_custom_property(:node_count)
|
26
|
+
filter.register_column(:cluster_name, field: "cluster_name")
|
27
|
+
.register_column(:node_name, field: "name")
|
28
|
+
.register_column(:transport_address, field: "transport_address")
|
29
|
+
.register_column(:host, field: "host")
|
30
|
+
.register_column(:ip, field: "ip")
|
31
|
+
.register_column(:version, field: "version")
|
32
|
+
.register_column(:build_hash, field: "build_hash")
|
33
|
+
.register_column(:total_indexing_buffer, field: "total_indexing_buffer")
|
34
|
+
.register_column(:roles, field: "roles")
|
35
|
+
.register_column(:settings, field: "settings")
|
36
|
+
.register_column(:os, field: "os")
|
37
|
+
.register_column(:process, field: "process")
|
38
|
+
.register_column(:jvm, field: "jvm")
|
39
|
+
.register_column(:transport, field: "transport")
|
40
|
+
.register_column(:http, field: "http")
|
41
|
+
.register_column(:plugins, field: "plugins")
|
42
|
+
.register_column(:plugin_list, field: "plugin_list")
|
43
|
+
.register_column(:modules, field: "modules")
|
44
|
+
.register_column(:module_list, field: "module_list")
|
45
|
+
.register_column(:node_id, field: "node_id")
|
46
|
+
.register_column(:ingest, field: "ingest")
|
47
|
+
.register_custom_property(:node_count) do |t, _|
|
50
48
|
t.entries.length
|
51
|
-
|
49
|
+
end
|
52
50
|
|
53
51
|
filter.install_filter_methods_on_resource(self, :nodes)
|
54
52
|
|
55
53
|
attr_reader :nodes, :url
|
56
54
|
|
57
55
|
def initialize(opts = {})
|
58
|
-
return skip_resource
|
56
|
+
return skip_resource "Package `curl` not avaiable on the host" unless inspec.command("curl").exist?
|
59
57
|
|
60
|
-
@url = opts.fetch(:url,
|
58
|
+
@url = opts.fetch(:url, "http://localhost:9200")
|
61
59
|
|
62
60
|
username = opts.fetch(:username, nil)
|
63
61
|
password = opts.fetch(:password, nil)
|
@@ -94,11 +92,11 @@ module Inspec::Resources
|
|
94
92
|
private
|
95
93
|
|
96
94
|
def parse_cluster(content)
|
97
|
-
return [] unless content[
|
95
|
+
return [] unless content["nodes"]
|
98
96
|
|
99
97
|
nodes = []
|
100
98
|
|
101
|
-
content[
|
99
|
+
content["nodes"].each do |node_id, node_data|
|
102
100
|
node_data = fix_mash_key_collision(node_data)
|
103
101
|
|
104
102
|
node = Hashie::Mash.new(node_data)
|
@@ -134,13 +132,13 @@ module Inspec::Resources
|
|
134
132
|
end
|
135
133
|
|
136
134
|
def curl_command_string(username, password, ssl_verify)
|
137
|
-
cmd_string = [
|
138
|
-
cmd_string <<
|
135
|
+
cmd_string = ["curl"]
|
136
|
+
cmd_string << "-k" unless ssl_verify
|
139
137
|
cmd_string << "-H 'Content-Type: application/json'"
|
140
138
|
cmd_string << " -u #{username}:#{password}" unless username.nil? || password.nil?
|
141
|
-
cmd_string << URI.join(url,
|
139
|
+
cmd_string << URI.join(url, "_nodes")
|
142
140
|
|
143
|
-
cmd_string.join(
|
141
|
+
cmd_string.join(" ")
|
144
142
|
end
|
145
143
|
|
146
144
|
def verify_curl_success!(cmd)
|
@@ -150,18 +148,18 @@ module Inspec::Resources
|
|
150
148
|
end
|
151
149
|
|
152
150
|
if cmd.stderr =~ /Peer's Certificate issuer is not recognized/
|
153
|
-
raise
|
151
|
+
raise "Connection refused - peer certificate issuer is not recognized"
|
154
152
|
end
|
155
153
|
|
156
|
-
raise "Error fetching Elastcsearch data from curl #{url}: #{cmd.stderr}" unless cmd.exit_status
|
154
|
+
raise "Error fetching Elastcsearch data from curl #{url}: #{cmd.stderr}" unless cmd.exit_status == 0
|
157
155
|
end
|
158
156
|
|
159
157
|
def verify_json_payload!(content)
|
160
|
-
unless content[
|
158
|
+
unless content["error"].nil?
|
161
159
|
raise "#{content['error']['type']}: #{content['error']['reason']}"
|
162
160
|
end
|
163
161
|
|
164
|
-
raise
|
162
|
+
raise "No successful nodes available in cluster" if content["_nodes"]["successful"] == 0
|
165
163
|
end
|
166
164
|
end
|
167
165
|
end
|
@@ -1,14 +1,13 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright:
|
3
2
|
|
4
|
-
require
|
5
|
-
require
|
3
|
+
require "inspec/utils/parser"
|
4
|
+
require "inspec/utils/file_reader"
|
6
5
|
|
7
6
|
module Inspec::Resources
|
8
7
|
class EtcFstab < Inspec.resource(1)
|
9
|
-
name
|
10
|
-
supports platform:
|
11
|
-
desc
|
8
|
+
name "etc_fstab"
|
9
|
+
supports platform: "unix"
|
10
|
+
desc "Use the etc_fstab InSpec audit resource to check the configuration of the etc/fstab file."
|
12
11
|
example <<~EXAMPLE
|
13
12
|
nfs_systems = etc_fstab.nfs_file_systems.entries
|
14
13
|
nfs_systems.each do |file_system|
|
@@ -30,7 +29,7 @@ module Inspec::Resources
|
|
30
29
|
include FileReader
|
31
30
|
|
32
31
|
def initialize(fstab_path = nil)
|
33
|
-
@conf_path = fstab_path ||
|
32
|
+
@conf_path = fstab_path || "/etc/fstab"
|
34
33
|
@files_contents = {}
|
35
34
|
@content = nil
|
36
35
|
@params = nil
|
@@ -38,12 +37,12 @@ module Inspec::Resources
|
|
38
37
|
end
|
39
38
|
|
40
39
|
filter = FilterTable.create
|
41
|
-
filter.register_column(:device_name, field:
|
42
|
-
.register_column(:mount_point, field:
|
43
|
-
.register_column(:file_system_type, field:
|
44
|
-
.register_column(:mount_options, field:
|
45
|
-
.register_column(:dump_options, field:
|
46
|
-
.register_column(:file_system_options, field:
|
40
|
+
filter.register_column(:device_name, field: "device_name")
|
41
|
+
.register_column(:mount_point, field: "mount_point")
|
42
|
+
.register_column(:file_system_type, field: "file_system_type")
|
43
|
+
.register_column(:mount_options, field: "mount_options")
|
44
|
+
.register_column(:dump_options, field: "dump_options")
|
45
|
+
.register_column(:file_system_options, field: "file_system_options")
|
47
46
|
.register_custom_matcher(:configured?) { |x| x.entries.any? }
|
48
47
|
|
49
48
|
filter.install_filter_methods_on_resource(self, :params)
|
@@ -53,14 +52,14 @@ module Inspec::Resources
|
|
53
52
|
end
|
54
53
|
|
55
54
|
def home_mount_options
|
56
|
-
return nil unless where { mount_point ==
|
57
|
-
where { mount_point ==
|
55
|
+
return nil unless where { mount_point == "/home" }.configured?
|
56
|
+
where { mount_point == "/home" }.entries[0].mount_options
|
58
57
|
end
|
59
58
|
|
60
59
|
private
|
61
60
|
|
62
61
|
def read_content
|
63
|
-
@content =
|
62
|
+
@content = ""
|
64
63
|
@params = {}
|
65
64
|
@content = read_file(@conf_path)
|
66
65
|
@params = parse_conf(@content)
|
@@ -68,20 +67,20 @@ module Inspec::Resources
|
|
68
67
|
|
69
68
|
def parse_conf(content)
|
70
69
|
content.map do |line|
|
71
|
-
data, = parse_comment_line(line, comment_char:
|
72
|
-
parse_line(data) unless data ==
|
70
|
+
data, = parse_comment_line(line, comment_char: "#", standalone_comments: false)
|
71
|
+
parse_line(data) unless data == ""
|
73
72
|
end.compact
|
74
73
|
end
|
75
74
|
|
76
75
|
def parse_line(line)
|
77
76
|
attributes = line.split
|
78
77
|
{
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
78
|
+
"device_name" => attributes[0],
|
79
|
+
"mount_point" => attributes[1],
|
80
|
+
"file_system_type" => attributes[2],
|
81
|
+
"mount_options" => attributes[3].split(","),
|
82
|
+
"dump_options" => attributes[4].to_i,
|
83
|
+
"file_system_options" => attributes[5].to_i,
|
85
84
|
}
|
86
85
|
end
|
87
86
|
|
@@ -1,4 +1,3 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
3
2
|
|
4
3
|
# The file format consists of
|
@@ -18,18 +17,18 @@
|
|
18
17
|
# its('users') { should include 'my_user' }
|
19
18
|
# end
|
20
19
|
|
21
|
-
require
|
22
|
-
require
|
23
|
-
require
|
20
|
+
require "inspec/utils/convert"
|
21
|
+
require "inspec/utils/parser"
|
22
|
+
require "inspec/utils/file_reader"
|
24
23
|
|
25
24
|
module Inspec::Resources
|
26
25
|
class EtcGroup < Inspec.resource(1)
|
27
26
|
include Converter
|
28
27
|
include CommentParser
|
29
28
|
|
30
|
-
name
|
31
|
-
supports platform:
|
32
|
-
desc
|
29
|
+
name "etc_group"
|
30
|
+
supports platform: "unix"
|
31
|
+
desc "Use the etc_group InSpec audit resource to test groups that are defined on Linux and UNIX platforms. The /etc/group file stores details about each group---group name, password, group identifier, along with a comma-separate list of users that belong to the group."
|
33
32
|
example <<~EXAMPLE
|
34
33
|
describe etc_group do
|
35
34
|
its('gids') { should_not contain_duplicates }
|
@@ -42,25 +41,25 @@ module Inspec::Resources
|
|
42
41
|
|
43
42
|
attr_accessor :gid, :entries
|
44
43
|
def initialize(path = nil)
|
45
|
-
@path = path ||
|
44
|
+
@path = path || "/etc/group"
|
46
45
|
@entries = parse_group(@path)
|
47
46
|
end
|
48
47
|
|
49
48
|
def groups(filter = nil)
|
50
|
-
(filter || @entries)&.map { |x| x[
|
49
|
+
(filter || @entries)&.map { |x| x["name"] }
|
51
50
|
end
|
52
51
|
|
53
52
|
def gids(filter = nil)
|
54
|
-
(filter || @entries)&.map { |x| x[
|
53
|
+
(filter || @entries)&.map { |x| x["gid"] }
|
55
54
|
end
|
56
55
|
|
57
56
|
def users(filter = nil)
|
58
57
|
entries = filter || @entries
|
59
58
|
return nil if entries.nil?
|
60
59
|
# filter the user entry
|
61
|
-
res = entries.map
|
62
|
-
x[
|
63
|
-
|
60
|
+
res = entries.map do |x|
|
61
|
+
x["members"].split(",") if !x.nil? && !x["members"].nil?
|
62
|
+
end.flatten
|
64
63
|
# filter nil elements
|
65
64
|
res.reject { |x| x.nil? || x.empty? }
|
66
65
|
end
|
@@ -68,13 +67,13 @@ module Inspec::Resources
|
|
68
67
|
def where(conditions = {})
|
69
68
|
return if conditions.empty?
|
70
69
|
fields = {
|
71
|
-
name:
|
72
|
-
group_name:
|
73
|
-
password:
|
74
|
-
gid:
|
75
|
-
group_id:
|
76
|
-
users:
|
77
|
-
members:
|
70
|
+
name: "name",
|
71
|
+
group_name: "name",
|
72
|
+
password: "password",
|
73
|
+
gid: "gid",
|
74
|
+
group_id: "gid",
|
75
|
+
users: "members",
|
76
|
+
members: "members",
|
78
77
|
}
|
79
78
|
res = entries
|
80
79
|
|
@@ -90,7 +89,7 @@ module Inspec::Resources
|
|
90
89
|
end
|
91
90
|
|
92
91
|
def to_s
|
93
|
-
|
92
|
+
"/etc/group"
|
94
93
|
end
|
95
94
|
|
96
95
|
private
|
@@ -107,19 +106,19 @@ module Inspec::Resources
|
|
107
106
|
|
108
107
|
def parse_group_line(line)
|
109
108
|
opts = {
|
110
|
-
comment_char:
|
109
|
+
comment_char: "#",
|
111
110
|
standalone_comments: false,
|
112
111
|
}
|
113
112
|
line, _idx_nl = parse_comment_line(line, opts)
|
114
|
-
x = line.split(
|
113
|
+
x = line.split(":")
|
115
114
|
# abort if we have an empty or comment line
|
116
115
|
return nil if x.empty?
|
117
116
|
# map data
|
118
117
|
{
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
118
|
+
"name" => x.at(0), # Name of the group.
|
119
|
+
"password" => x.at(1), # Group's encrypted password.
|
120
|
+
"gid" => convert_to_i(x.at(2)), # The group's decimal ID.
|
121
|
+
"members" => x.at(3), # Group members.
|
123
122
|
}
|
124
123
|
end
|
125
124
|
end
|
@@ -1,13 +1,11 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'utils/parser'
|
4
|
-
require 'utils/file_reader'
|
1
|
+
require "inspec/utils/parser"
|
2
|
+
require "inspec/utils/file_reader"
|
5
3
|
|
6
4
|
class EtcHosts < Inspec.resource(1)
|
7
|
-
name
|
8
|
-
supports platform:
|
9
|
-
supports platform:
|
10
|
-
supports platform:
|
5
|
+
name "etc_hosts"
|
6
|
+
supports platform: "linux"
|
7
|
+
supports platform: "bsd"
|
8
|
+
supports platform: "windows"
|
11
9
|
desc 'Use the etc_hosts InSpec audit resource to find an
|
12
10
|
ip_address and its associated hosts'
|
13
11
|
example <<~EXAMPLE
|
@@ -23,7 +21,7 @@ class EtcHosts < Inspec.resource(1)
|
|
23
21
|
include CommentParser
|
24
22
|
include FileReader
|
25
23
|
|
26
|
-
DEFAULT_UNIX_PATH =
|
24
|
+
DEFAULT_UNIX_PATH = "/etc/hosts".freeze
|
27
25
|
DEFAULT_WINDOWS_PATH = 'C:\windows\system32\drivers\etc\hosts'.freeze
|
28
26
|
|
29
27
|
def initialize(hosts_path = nil)
|
@@ -33,9 +31,9 @@ class EtcHosts < Inspec.resource(1)
|
|
33
31
|
end
|
34
32
|
|
35
33
|
FilterTable.create
|
36
|
-
.register_column(:ip_address, field:
|
37
|
-
.register_column(:primary_name, field:
|
38
|
-
.register_column(:all_host_names, field:
|
34
|
+
.register_column(:ip_address, field: "ip_address")
|
35
|
+
.register_column(:primary_name, field: "primary_name")
|
36
|
+
.register_column(:all_host_names, field: "all_host_names")
|
39
37
|
.install_filter_methods_on_resource(self, :params)
|
40
38
|
|
41
39
|
private
|
@@ -49,7 +47,7 @@ class EtcHosts < Inspec.resource(1)
|
|
49
47
|
end
|
50
48
|
|
51
49
|
def comment?
|
52
|
-
parse_options = { comment_char:
|
50
|
+
parse_options = { comment_char: "#", standalone_comments: false }
|
53
51
|
|
54
52
|
->(data) { parse_comment_line(data, parse_options).first.empty? }
|
55
53
|
end
|