inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,11 +1,10 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
3
2
|
|
4
3
|
module Inspec::Resources
|
5
4
|
class Postgres < Inspec.resource(1)
|
6
|
-
name
|
7
|
-
supports platform:
|
8
|
-
desc
|
5
|
+
name "postgres"
|
6
|
+
supports platform: "unix"
|
7
|
+
desc "The 'postgres' resource is a helper for the 'postgres_conf', 'postgres_hba_conf', 'postgres_ident_conf' & 'postgres_session' resources. Please use those instead."
|
9
8
|
|
10
9
|
attr_reader :service, :data_dir, :conf_dir, :conf_path, :version, :cluster
|
11
10
|
def initialize
|
@@ -16,16 +15,16 @@ module Inspec::Resources
|
|
16
15
|
# print warnings if the dirs do not exist
|
17
16
|
verify_dirs
|
18
17
|
|
19
|
-
if !@version.
|
20
|
-
@conf_path = File.join @conf_dir,
|
18
|
+
if !@version.to_s.empty? && !@conf_dir.to_s.empty?
|
19
|
+
@conf_path = File.join @conf_dir, "postgresql.conf"
|
21
20
|
else
|
22
21
|
@conf_path = nil
|
23
|
-
return skip_resource
|
22
|
+
return skip_resource "Seems like PostgreSQL is not installed on your system"
|
24
23
|
end
|
25
24
|
end
|
26
25
|
|
27
26
|
def to_s
|
28
|
-
|
27
|
+
"PostgreSQL"
|
29
28
|
end
|
30
29
|
|
31
30
|
private
|
@@ -38,19 +37,20 @@ module Inspec::Resources
|
|
38
37
|
# Debian allows multiple versions of postgresql to be
|
39
38
|
# installed as well as multiple "clusters" to be configured.
|
40
39
|
#
|
41
|
-
@version = version_from_psql || version_from_dir(
|
42
|
-
|
43
|
-
|
44
|
-
|
40
|
+
@version = version_from_psql || version_from_dir("/etc/postgresql")
|
41
|
+
if !@version.to_s.empty?
|
42
|
+
@cluster = cluster_from_dir("/etc/postgresql/#{@version}")
|
43
|
+
@conf_dir = "/etc/postgresql/#{@version}/#{@cluster}"
|
44
|
+
@data_dir = "/var/lib/postgresql/#{@version}/#{@cluster}"
|
45
|
+
end
|
45
46
|
else
|
46
47
|
@version = version_from_psql
|
47
|
-
if @version.
|
48
|
-
if inspec.directory(
|
49
|
-
warn
|
50
|
-
|
51
|
-
nil
|
48
|
+
if @version.to_s.empty?
|
49
|
+
if inspec.directory("/var/lib/pgsql/data").exist?
|
50
|
+
warn "Unable to determine PostgreSQL version: psql did not return" \
|
51
|
+
"a version number and unversioned data directories were found."
|
52
52
|
else
|
53
|
-
@version = version_from_dir(
|
53
|
+
@version = version_from_dir("/var/lib/pgsql")
|
54
54
|
end
|
55
55
|
end
|
56
56
|
@data_dir = locate_data_dir_location_by_version(@version)
|
@@ -59,7 +59,7 @@ module Inspec::Resources
|
|
59
59
|
end
|
60
60
|
|
61
61
|
def determine_service
|
62
|
-
@service =
|
62
|
+
@service = "postgresql"
|
63
63
|
if @version.to_i >= 10
|
64
64
|
@service += "-#{@version.to_i}"
|
65
65
|
elsif @version.to_f >= 9.4
|
@@ -68,17 +68,21 @@ module Inspec::Resources
|
|
68
68
|
end
|
69
69
|
|
70
70
|
def verify_dirs
|
71
|
-
|
72
|
-
"
|
73
|
-
|
71
|
+
unless inspec.directory(@conf_dir).exist?
|
72
|
+
warn "Default postgresql configuration directory: #{@conf_dir} does not exist. " \
|
73
|
+
"Postgresql may not be installed or we've misidentified the configuration " \
|
74
|
+
"directory."
|
75
|
+
end
|
74
76
|
|
75
|
-
|
76
|
-
"
|
77
|
-
|
77
|
+
unless inspec.directory(@data_dir).exist?
|
78
|
+
warn "Default postgresql data directory: #{@data_dir} does not exist. " \
|
79
|
+
"Postgresql may not be installed or we've misidentified the data " \
|
80
|
+
"directory."
|
81
|
+
end
|
78
82
|
end
|
79
83
|
|
80
84
|
def version_from_psql
|
81
|
-
return unless inspec.command(
|
85
|
+
return unless inspec.command("psql").exist?
|
82
86
|
inspec.command("psql --version | awk '{ print $NF }' | awk -F. '{ print $1\".\"$2 }'").stdout.strip
|
83
87
|
end
|
84
88
|
|
@@ -87,9 +91,9 @@ module Inspec::Resources
|
|
87
91
|
"/var/lib/pgsql/#{ver}/data",
|
88
92
|
# for 10, the versions are just stored in `10` although their version `10.7`
|
89
93
|
"/var/lib/pgsql/#{ver.to_i}/data",
|
90
|
-
|
91
|
-
|
92
|
-
|
94
|
+
"/var/lib/pgsql/data",
|
95
|
+
"/var/lib/postgres/data",
|
96
|
+
"/var/lib/postgresql/data",
|
93
97
|
]
|
94
98
|
|
95
99
|
data_dir_loc = dir_list.detect { |i| inspec.directory(i).exist? }
|
@@ -121,17 +125,21 @@ module Inspec::Resources
|
|
121
125
|
end
|
122
126
|
|
123
127
|
def dir_to_version(dir)
|
124
|
-
dir.chomp.split(
|
128
|
+
dir.chomp.split("/").last
|
125
129
|
end
|
126
130
|
|
127
131
|
def cluster_from_dir(dir)
|
128
132
|
# Main is the default cluster name on debian use it if it
|
129
133
|
# exists.
|
130
134
|
if inspec.directory("#{dir}/main").exist?
|
131
|
-
|
135
|
+
"main"
|
132
136
|
else
|
133
137
|
dirs = inspec.command("ls -d #{dir}/*/").stdout.lines
|
134
|
-
|
138
|
+
if dirs.empty?
|
139
|
+
warn "No postgresql clusters configured or incorrect base dir #{dir}"
|
140
|
+
return nil
|
141
|
+
end
|
142
|
+
first = dirs.first.chomp.split("/").last
|
135
143
|
if dirs.count > 1
|
136
144
|
warn "Multiple postgresql clusters configured or incorrect base dir #{dir}"
|
137
145
|
warn "Using the first directory found: #{first}"
|
@@ -1,17 +1,17 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
3
2
|
|
4
|
-
require
|
5
|
-
require
|
6
|
-
require
|
7
|
-
require
|
3
|
+
require "inspec/utils/object_traversal"
|
4
|
+
require "inspec/utils/simpleconfig"
|
5
|
+
require "inspec/utils/find_files"
|
6
|
+
require "inspec/utils/file_reader"
|
7
|
+
require "inspec/resources/postgres"
|
8
8
|
|
9
9
|
module Inspec::Resources
|
10
10
|
class PostgresConf < Inspec.resource(1)
|
11
|
-
name
|
12
|
-
supports platform:
|
13
|
-
supports platform:
|
14
|
-
desc
|
11
|
+
name "postgres_conf"
|
12
|
+
supports platform: "unix"
|
13
|
+
supports platform: "windows"
|
14
|
+
desc "Use the postgres_conf InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at /etc/postgresql/<version>/main/postgresql.conf or /var/lib/postgres/data/postgresql.conf, depending on the platform."
|
15
15
|
example <<~EXAMPLE
|
16
16
|
describe postgres_conf do
|
17
17
|
its('max_connections') { should eq '5' }
|
@@ -25,7 +25,7 @@ module Inspec::Resources
|
|
25
25
|
def initialize(conf_path = nil)
|
26
26
|
@conf_path = conf_path || inspec.postgres.conf_path
|
27
27
|
if @conf_path.nil?
|
28
|
-
return skip_resource
|
28
|
+
return skip_resource "PostgreSQL conf path is not set"
|
29
29
|
end
|
30
30
|
@conf_dir = File.expand_path(File.dirname(@conf_path))
|
31
31
|
@files_contents = {}
|
@@ -61,13 +61,13 @@ module Inspec::Resources
|
|
61
61
|
end
|
62
62
|
|
63
63
|
def to_s
|
64
|
-
|
64
|
+
"PostgreSQL Configuration"
|
65
65
|
end
|
66
66
|
|
67
67
|
private
|
68
68
|
|
69
69
|
def read_content
|
70
|
-
@content =
|
70
|
+
@content = ""
|
71
71
|
@params = {}
|
72
72
|
|
73
73
|
to_read = [@conf_path]
|
@@ -93,16 +93,16 @@ module Inspec::Resources
|
|
93
93
|
end
|
94
94
|
|
95
95
|
def include_files(params, base_dir)
|
96
|
-
include_files = Array(params[
|
97
|
-
include_files += Array(params[
|
96
|
+
include_files = Array(params["include"]) || []
|
97
|
+
include_files += Array(params["include_if_exists"]) || []
|
98
98
|
include_files.map! do |f|
|
99
99
|
Pathname.new(f).absolute? ? f : File.join(base_dir, f)
|
100
100
|
end
|
101
101
|
|
102
|
-
dirs = Array(params[
|
102
|
+
dirs = Array(params["include_dir"]) || []
|
103
103
|
dirs.each do |dir|
|
104
|
-
dir = File.join(base_dir, dir) if dir[0] !=
|
105
|
-
include_files += find_files(dir, depth: 1, type:
|
104
|
+
dir = File.join(base_dir, dir) if dir[0] != "/"
|
105
|
+
include_files += find_files(dir, depth: 1, type: "file")
|
106
106
|
end
|
107
107
|
include_files
|
108
108
|
end
|
@@ -1,12 +1,10 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'resources/postgres'
|
4
|
-
require 'utils/file_reader'
|
1
|
+
require "inspec/resources/postgres"
|
2
|
+
require "inspec/utils/file_reader"
|
5
3
|
|
6
4
|
module Inspec::Resources
|
7
5
|
class PostgresHbaConf < Inspec.resource(1)
|
8
|
-
name
|
9
|
-
supports platform:
|
6
|
+
name "postgres_hba_conf"
|
7
|
+
supports platform: "unix"
|
10
8
|
desc 'Use the `postgres_hba_conf` InSpec audit resource to test the client
|
11
9
|
authentication data defined in the pg_hba.conf file.'
|
12
10
|
example <<~EXAMPLE
|
@@ -21,19 +19,19 @@ module Inspec::Resources
|
|
21
19
|
|
22
20
|
# @todo add checks to ensure that we have data in our file
|
23
21
|
def initialize(hba_conf_path = nil)
|
24
|
-
@conf_file = hba_conf_path || File.expand_path(
|
25
|
-
@content =
|
22
|
+
@conf_file = hba_conf_path || File.expand_path("pg_hba.conf", inspec.postgres.conf_dir)
|
23
|
+
@content = ""
|
26
24
|
@params = {}
|
27
25
|
read_content
|
28
26
|
end
|
29
27
|
|
30
28
|
filter = FilterTable.create
|
31
|
-
filter.register_column(:type, field:
|
32
|
-
.register_column(:database, field:
|
33
|
-
.register_column(:user, field:
|
34
|
-
.register_column(:address, field:
|
35
|
-
.register_column(:auth_method, field:
|
36
|
-
.register_column(:auth_params, field:
|
29
|
+
filter.register_column(:type, field: "type")
|
30
|
+
.register_column(:database, field: "database")
|
31
|
+
.register_column(:user, field: "user")
|
32
|
+
.register_column(:address, field: "address")
|
33
|
+
.register_column(:auth_method, field: "auth_method")
|
34
|
+
.register_column(:auth_params, field: "auth_params")
|
37
35
|
|
38
36
|
filter.install_filter_methods_on_resource(self, :params)
|
39
37
|
|
@@ -60,9 +58,9 @@ module Inspec::Resources
|
|
60
58
|
@content = clean_conf_file(config_file)
|
61
59
|
@params = parse_conf(@content)
|
62
60
|
@params.each do |line|
|
63
|
-
if line[
|
64
|
-
line[
|
65
|
-
line[
|
61
|
+
if line["type"] == "local"
|
62
|
+
line["auth_method"] = line["address"]
|
63
|
+
line["address"] = ""
|
66
64
|
end
|
67
65
|
end
|
68
66
|
end
|
@@ -76,12 +74,12 @@ module Inspec::Resources
|
|
76
74
|
def parse_line(line)
|
77
75
|
x = line.split(/\s+/)
|
78
76
|
{
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
77
|
+
"type" => x[0],
|
78
|
+
"database" => x[1],
|
79
|
+
"user" => x[2],
|
80
|
+
"address" => x[3],
|
81
|
+
"auth_method" => x[4],
|
82
|
+
"auth_params" => ("" if x.length == 4) || x[5..-1].join(" "),
|
85
83
|
}
|
86
84
|
end
|
87
85
|
end
|
@@ -1,12 +1,10 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'utils/file_reader'
|
4
|
-
require 'resources/postgres'
|
1
|
+
require "inspec/utils/file_reader"
|
2
|
+
require "inspec/resources/postgres"
|
5
3
|
|
6
4
|
module Inspec::Resources
|
7
5
|
class PostgresIdentConf < Inspec.resource(1)
|
8
|
-
name
|
9
|
-
supports platform:
|
6
|
+
name "postgres_ident_conf"
|
7
|
+
supports platform: "unix"
|
10
8
|
desc 'Use the postgres_ident_conf InSpec audit resource to test the client
|
11
9
|
authentication data is controlled by a pg_ident.conf file.'
|
12
10
|
example <<~EXAMPLE
|
@@ -20,16 +18,16 @@ module Inspec::Resources
|
|
20
18
|
attr_reader :params, :conf_file
|
21
19
|
|
22
20
|
def initialize(ident_conf_path = nil)
|
23
|
-
@conf_file = ident_conf_path || File.expand_path(
|
21
|
+
@conf_file = ident_conf_path || File.expand_path("pg_ident.conf", inspec.postgres.conf_dir)
|
24
22
|
@content = nil
|
25
23
|
@params = nil
|
26
24
|
read_content
|
27
25
|
end
|
28
26
|
|
29
27
|
filter = FilterTable.create
|
30
|
-
filter.register_column(:map_name, field:
|
31
|
-
.register_column(:system_username, field:
|
32
|
-
.register_column(:pg_username, field:
|
28
|
+
filter.register_column(:map_name, field: "map_name")
|
29
|
+
.register_column(:system_username, field: "system_username")
|
30
|
+
.register_column(:pg_username, field: "pg_username")
|
33
31
|
|
34
32
|
filter.install_filter_methods_on_resource(self, :params)
|
35
33
|
|
@@ -49,7 +47,7 @@ module Inspec::Resources
|
|
49
47
|
end
|
50
48
|
|
51
49
|
def read_content
|
52
|
-
@content =
|
50
|
+
@content = ""
|
53
51
|
@params = {}
|
54
52
|
@content = filter_comments(read_file(@conf_file))
|
55
53
|
@params = parse_conf(@content)
|
@@ -64,9 +62,9 @@ module Inspec::Resources
|
|
64
62
|
def parse_line(line)
|
65
63
|
x = line.split(/\s+/)
|
66
64
|
{
|
67
|
-
|
68
|
-
|
69
|
-
|
65
|
+
"map_name" => x[0],
|
66
|
+
"system_username" => x[1],
|
67
|
+
"pg_username" => x[2],
|
70
68
|
}
|
71
69
|
end
|
72
70
|
|
@@ -1,7 +1,6 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
3
2
|
|
4
|
-
require
|
3
|
+
require "shellwords"
|
5
4
|
|
6
5
|
module Inspec::Resources
|
7
6
|
class Lines
|
@@ -22,10 +21,10 @@ module Inspec::Resources
|
|
22
21
|
end
|
23
22
|
|
24
23
|
class PostgresSession < Inspec.resource(1)
|
25
|
-
name
|
26
|
-
supports platform:
|
27
|
-
supports platform:
|
28
|
-
desc
|
24
|
+
name "postgres_session"
|
25
|
+
supports platform: "unix"
|
26
|
+
supports platform: "windows"
|
27
|
+
desc "Use the postgres_session InSpec audit resource to test SQL commands run against a PostgreSQL database."
|
29
28
|
example <<~EXAMPLE
|
30
29
|
sql = postgres_session('username', 'password', 'host')
|
31
30
|
query('sql_query', ['database_name'])` contains the query and (optional) database to execute
|
@@ -41,9 +40,9 @@ module Inspec::Resources
|
|
41
40
|
EXAMPLE
|
42
41
|
|
43
42
|
def initialize(user, pass, host = nil)
|
44
|
-
@user = user ||
|
43
|
+
@user = user || "postgres"
|
45
44
|
@pass = pass
|
46
|
-
@host = host ||
|
45
|
+
@host = host || "localhost"
|
47
46
|
end
|
48
47
|
|
49
48
|
def query(query, db = [])
|
@@ -64,7 +63,7 @@ module Inspec::Resources
|
|
64
63
|
end
|
65
64
|
|
66
65
|
def create_psql_cmd(query, db = [])
|
67
|
-
dbs = db.map { |x| "-d #{x}" }.join(
|
66
|
+
dbs = db.map { |x| "-d #{x}" }.join(" ")
|
68
67
|
"PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -h #{@host} -A -t -c #{escaped_query(query)}"
|
69
68
|
end
|
70
69
|
end
|
@@ -1,12 +1,12 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
2
|
+
require "inspec/resources/command"
|
3
3
|
|
4
4
|
module Inspec::Resources
|
5
|
-
class
|
6
|
-
name
|
7
|
-
supports platform:
|
8
|
-
supports platform:
|
9
|
-
desc
|
5
|
+
class Powershell < Cmd
|
6
|
+
name "powershell"
|
7
|
+
supports platform: "windows"
|
8
|
+
supports platform: "unix"
|
9
|
+
desc "Use the powershell InSpec audit resource to test a Windows PowerShell script on the Microsoft Windows platform."
|
10
10
|
example <<~EXAMPLE
|
11
11
|
script = <<-EOH
|
12
12
|
# your powershell script
|
@@ -21,15 +21,15 @@ module Inspec::Resources
|
|
21
21
|
# PowerShell is the default shell on Windows, use the `command` resource
|
22
22
|
return super(script) if inspec.os.windows?
|
23
23
|
|
24
|
-
unless inspec.command(
|
25
|
-
raise Inspec::Exceptions::ResourceSkipped,
|
24
|
+
unless inspec.command("pwsh").exist?
|
25
|
+
raise Inspec::Exceptions::ResourceSkipped, "Can not find `pwsh` command"
|
26
26
|
end
|
27
27
|
|
28
28
|
# Prevent progress stream from leaking into stderr
|
29
29
|
command = "$ProgressPreference='SilentlyContinue';" + script
|
30
30
|
|
31
31
|
# Encode as Base64 to remove any quotes/escapes/etc issues
|
32
|
-
command = command.encode(
|
32
|
+
command = command.encode("UTF-16LE", "UTF-8")
|
33
33
|
command = Base64.strict_encode64(command)
|
34
34
|
|
35
35
|
# Use the `command` resource to execute the command via `pwsh`
|
@@ -47,17 +47,21 @@ module Inspec::Resources
|
|
47
47
|
end
|
48
48
|
|
49
49
|
def to_s
|
50
|
-
|
50
|
+
"Powershell"
|
51
51
|
end
|
52
52
|
end
|
53
53
|
|
54
|
+
PowershellScript = Powershell
|
55
|
+
|
54
56
|
# this is deprecated syntax and will be removed in future versions
|
55
|
-
class
|
56
|
-
name
|
57
|
+
class LegacyPowershell < Powershell
|
58
|
+
name "script"
|
57
59
|
|
58
60
|
def initialize(script)
|
59
|
-
Inspec.deprecate(:resource_script,
|
61
|
+
Inspec.deprecate(:resource_script, "The `script` resource is deprecated. Please use `powershell` instead.")
|
60
62
|
super(script)
|
61
63
|
end
|
62
64
|
end
|
65
|
+
|
66
|
+
LegacyPowershellScript = LegacyPowershell
|
63
67
|
end
|