inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,7 +1,6 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require 'utils/file_reader'
|
1
|
+
require "hashie"
|
2
|
+
require "inspec/utils/file_reader"
|
3
|
+
require "inspec/utils/simpleconfig"
|
5
4
|
|
6
5
|
module Inspec::Resources
|
7
6
|
class Runlevels < Hash
|
@@ -67,10 +66,10 @@ module Inspec::Resources
|
|
67
66
|
#
|
68
67
|
# TODO: extend the logic to detect the running init system, independently of OS
|
69
68
|
class Service < Inspec.resource(1)
|
70
|
-
name
|
71
|
-
supports platform:
|
72
|
-
supports platform:
|
73
|
-
desc
|
69
|
+
name "service"
|
70
|
+
supports platform: "unix"
|
71
|
+
supports platform: "windows"
|
72
|
+
desc "Use the service InSpec audit resource to test if the named service is installed, running and/or enabled."
|
74
73
|
example <<~EXAMPLE
|
75
74
|
describe service('service_name') do
|
76
75
|
it { should be_installed }
|
@@ -98,7 +97,7 @@ module Inspec::Resources
|
|
98
97
|
@cache = nil
|
99
98
|
@service_mgmt = select_service_mgmt
|
100
99
|
|
101
|
-
return skip_resource
|
100
|
+
return skip_resource "The `service` resource is not supported on your OS yet." if @service_mgmt.nil?
|
102
101
|
end
|
103
102
|
|
104
103
|
def select_service_mgmt # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength
|
@@ -132,14 +131,14 @@ module Inspec::Resources
|
|
132
131
|
if version > 7
|
133
132
|
Systemd.new(inspec, service_ctl)
|
134
133
|
else
|
135
|
-
SysV.new(inspec, service_ctl ||
|
134
|
+
SysV.new(inspec, service_ctl || "/usr/sbin/service")
|
136
135
|
end
|
137
136
|
elsif %w{redhat fedora centos oracle cloudlinux}.include?(platform)
|
138
137
|
version = os[:release].to_i
|
139
|
-
if (%w{redhat centos oracle cloudlinux}.include?(platform) && version >= 7) || (platform ==
|
138
|
+
if (%w{redhat centos oracle cloudlinux}.include?(platform) && version >= 7) || (platform == "fedora" && version >= 15)
|
140
139
|
Systemd.new(inspec, service_ctl)
|
141
140
|
else
|
142
|
-
SysV.new(inspec, service_ctl ||
|
141
|
+
SysV.new(inspec, service_ctl || "/sbin/service")
|
143
142
|
end
|
144
143
|
elsif %w{wrlinux}.include?(platform)
|
145
144
|
SysV.new(inspec, service_ctl)
|
@@ -157,7 +156,7 @@ module Inspec::Resources
|
|
157
156
|
if os[:release].to_i >= 12
|
158
157
|
Systemd.new(inspec, service_ctl)
|
159
158
|
else
|
160
|
-
SysV.new(inspec, service_ctl ||
|
159
|
+
SysV.new(inspec, service_ctl || "/sbin/service")
|
161
160
|
end
|
162
161
|
elsif %w{aix}.include?(platform)
|
163
162
|
SrcMstr.new(inspec)
|
@@ -202,7 +201,7 @@ module Inspec::Resources
|
|
202
201
|
|
203
202
|
# get all runlevels that are available and their configuration
|
204
203
|
def runlevels(*args)
|
205
|
-
return Runlevels.new(self) if info.nil?
|
204
|
+
return Runlevels.new(self) if info.nil? || info[:runlevels].nil?
|
206
205
|
Runlevels.from_hash(self, info[:runlevels], args)
|
207
206
|
end
|
208
207
|
|
@@ -249,7 +248,7 @@ module Inspec::Resources
|
|
249
248
|
# @see: http://www.freedesktop.org/software/systemd/man/systemd-system.conf.html
|
250
249
|
class Systemd < ServiceManager
|
251
250
|
def initialize(inspec, service_ctl = nil)
|
252
|
-
@service_ctl = service_ctl ||
|
251
|
+
@service_ctl = service_ctl || "systemctl"
|
253
252
|
super
|
254
253
|
end
|
255
254
|
|
@@ -279,19 +278,19 @@ module Inspec::Resources
|
|
279
278
|
params = SimpleConfig.new(
|
280
279
|
cmd.stdout.chomp,
|
281
280
|
assignment_regex: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/,
|
282
|
-
multiple_values: false
|
281
|
+
multiple_values: false
|
283
282
|
).params
|
284
283
|
|
285
284
|
# LoadState values eg. loaded, not-found
|
286
|
-
installed = params[
|
285
|
+
installed = params["LoadState"] == "loaded"
|
287
286
|
|
288
287
|
{
|
289
|
-
name: params[
|
290
|
-
description: params[
|
288
|
+
name: params["Id"],
|
289
|
+
description: params["Description"],
|
291
290
|
installed: installed,
|
292
291
|
running: is_active?(service_name),
|
293
292
|
enabled: is_enabled?(service_name),
|
294
|
-
type:
|
293
|
+
type: "systemd",
|
295
294
|
params: params,
|
296
295
|
}
|
297
296
|
end
|
@@ -312,7 +311,7 @@ module Inspec::Resources
|
|
312
311
|
installed: true,
|
313
312
|
running: running,
|
314
313
|
enabled: enabled?,
|
315
|
-
type:
|
314
|
+
type: "srcmstr",
|
316
315
|
}
|
317
316
|
end
|
318
317
|
|
@@ -330,7 +329,7 @@ module Inspec::Resources
|
|
330
329
|
|
331
330
|
def enabled_rc_tcpip?
|
332
331
|
inspec.command(
|
333
|
-
"grep -v ^# /etc/rc.tcpip | grep 'start ' | grep -Eq '(/{0,1}| )#{name} '"
|
332
|
+
"grep -v ^# /etc/rc.tcpip | grep 'start ' | grep -Eq '(/{0,1}| )#{name} '"
|
334
333
|
).exit_status == 0
|
335
334
|
end
|
336
335
|
|
@@ -344,7 +343,7 @@ module Inspec::Resources
|
|
344
343
|
include FileReader
|
345
344
|
|
346
345
|
def initialize(service_name, service_ctl = nil)
|
347
|
-
@service_ctl = service_ctl ||
|
346
|
+
@service_ctl = service_ctl || "initctl"
|
348
347
|
super
|
349
348
|
end
|
350
349
|
|
@@ -353,7 +352,7 @@ module Inspec::Resources
|
|
353
352
|
status = inspec.command("#{service_ctl} status #{service_name}")
|
354
353
|
|
355
354
|
# fallback for systemv services, those are not handled via `initctl`
|
356
|
-
return SysV.new(inspec).info(service_name) if status.exit_status.to_i != 0 || status.stdout ==
|
355
|
+
return SysV.new(inspec).info(service_name) if status.exit_status.to_i != 0 || status.stdout == ""
|
357
356
|
|
358
357
|
# @see: http://upstart.ubuntu.com/cookbook/#job-states
|
359
358
|
# grep for running to indicate the service is there
|
@@ -366,7 +365,7 @@ module Inspec::Resources
|
|
366
365
|
installed: true,
|
367
366
|
running: running,
|
368
367
|
enabled: enabled,
|
369
|
-
type:
|
368
|
+
type: "upstart",
|
370
369
|
}
|
371
370
|
end
|
372
371
|
|
@@ -388,17 +387,17 @@ module Inspec::Resources
|
|
388
387
|
end
|
389
388
|
|
390
389
|
class SysV < ServiceManager
|
391
|
-
RUNLEVELS = { 0=>false, 1=>false, 2=>false, 3=>false, 4=>false, 5=>false, 6=>false }.freeze
|
390
|
+
RUNLEVELS = { 0 => false, 1 => false, 2 => false, 3 => false, 4 => false, 5 => false, 6 => false }.freeze
|
392
391
|
|
393
392
|
def initialize(service_name, service_ctl = nil)
|
394
|
-
@service_ctl = service_ctl ||
|
393
|
+
@service_ctl = service_ctl || "service"
|
395
394
|
super
|
396
395
|
end
|
397
396
|
|
398
397
|
def info(service_name)
|
399
398
|
# check if service is installed
|
400
399
|
# read all available services via ls /etc/init.d/
|
401
|
-
srvlist = inspec.command(
|
400
|
+
srvlist = inspec.command("ls -1 /etc/init.d/")
|
402
401
|
return nil if srvlist.exit_status != 0
|
403
402
|
|
404
403
|
# check if the service is in list
|
@@ -412,9 +411,9 @@ module Inspec::Resources
|
|
412
411
|
# bash: for i in `find /etc/rc*.d -name S*`; do basename $i | sed -r 's/^S[0-9]+//'; done | sort | uniq
|
413
412
|
enabled_services_cmd = inspec.command('find /etc/rc*.d /etc/init.d/rc*.d -name "S*"').stdout
|
414
413
|
service_line = %r{rc(?<runlevel>[0-6])\.d/S[^/]*?#{Regexp.escape service_name}$}
|
415
|
-
all_services = enabled_services_cmd.split("\n").map
|
414
|
+
all_services = enabled_services_cmd.split("\n").map do |line|
|
416
415
|
service_line.match(line)
|
417
|
-
|
416
|
+
end.compact
|
418
417
|
enabled = !all_services.empty?
|
419
418
|
|
420
419
|
# Determine a list of runlevels which this service is activated for
|
@@ -434,7 +433,7 @@ module Inspec::Resources
|
|
434
433
|
running: running,
|
435
434
|
enabled: enabled,
|
436
435
|
runlevels: runlevels,
|
437
|
-
type:
|
436
|
+
type: "sysv",
|
438
437
|
}
|
439
438
|
end
|
440
439
|
end
|
@@ -443,7 +442,7 @@ module Inspec::Resources
|
|
443
442
|
# @see: https://www.freebsd.org/cgi/man.cgi?query=rc.conf&sektion=5
|
444
443
|
class BSDInit < ServiceManager
|
445
444
|
def initialize(service_name, service_ctl = nil)
|
446
|
-
@service_ctl = service_ctl ||
|
445
|
+
@service_ctl = service_ctl || "service"
|
447
446
|
super
|
448
447
|
end
|
449
448
|
|
@@ -473,14 +472,14 @@ module Inspec::Resources
|
|
473
472
|
installed: true,
|
474
473
|
running: running,
|
475
474
|
enabled: enabled,
|
476
|
-
type:
|
475
|
+
type: "bsd-init",
|
477
476
|
}
|
478
477
|
end
|
479
478
|
end
|
480
479
|
|
481
480
|
class Runit < ServiceManager
|
482
481
|
def initialize(service_name, service_ctl = nil)
|
483
|
-
@service_ctl = service_ctl ||
|
482
|
+
@service_ctl = service_ctl || "sv"
|
484
483
|
super
|
485
484
|
end
|
486
485
|
|
@@ -500,7 +499,7 @@ module Inspec::Resources
|
|
500
499
|
installed: installed,
|
501
500
|
running: running,
|
502
501
|
enabled: enabled,
|
503
|
-
type:
|
502
|
+
type: "runit",
|
504
503
|
}
|
505
504
|
end
|
506
505
|
end
|
@@ -509,7 +508,7 @@ module Inspec::Resources
|
|
509
508
|
# new launctl on macos 10.10
|
510
509
|
class LaunchCtl < ServiceManager
|
511
510
|
def initialize(service_name, service_ctl = nil)
|
512
|
-
@service_ctl = service_ctl ||
|
511
|
+
@service_ctl = service_ctl || "launchctl"
|
513
512
|
super
|
514
513
|
end
|
515
514
|
|
@@ -524,14 +523,14 @@ module Inspec::Resources
|
|
524
523
|
|
525
524
|
# extract values from service
|
526
525
|
parsed_srv = /^(?<pid>[0-9-]+)\t(?<exit>[0-9]+)\t(?<name>\S*)$/.match(srv[0])
|
527
|
-
enabled = !parsed_srv[
|
526
|
+
enabled = !parsed_srv["name"].nil? # it's in the list
|
528
527
|
|
529
528
|
# check if the service is running
|
530
|
-
pid = parsed_srv[
|
531
|
-
running = pid !=
|
529
|
+
pid = parsed_srv["pid"]
|
530
|
+
running = pid != "-"
|
532
531
|
|
533
532
|
# extract service label
|
534
|
-
srv = parsed_srv[
|
533
|
+
srv = parsed_srv["name"] || service_name
|
535
534
|
|
536
535
|
{
|
537
536
|
name: srv,
|
@@ -539,7 +538,7 @@ module Inspec::Resources
|
|
539
538
|
installed: true,
|
540
539
|
running: running,
|
541
540
|
enabled: enabled,
|
542
|
-
type:
|
541
|
+
type: "darwin",
|
543
542
|
}
|
544
543
|
end
|
545
544
|
end
|
@@ -590,16 +589,16 @@ module Inspec::Resources
|
|
590
589
|
end
|
591
590
|
|
592
591
|
# check that we got a response
|
593
|
-
return nil if service.nil? || service[
|
592
|
+
return nil if service.nil? || service["Service"].nil?
|
594
593
|
|
595
594
|
{
|
596
|
-
name: service[
|
597
|
-
description: service[
|
595
|
+
name: service["Service"]["Name"],
|
596
|
+
description: service["Service"]["DisplayName"],
|
598
597
|
installed: true,
|
599
598
|
running: service_running?(service),
|
600
599
|
enabled: service_enabled?(service),
|
601
|
-
startmode: service[
|
602
|
-
type:
|
600
|
+
startmode: service["WMI"]["StartMode"],
|
601
|
+
type: "windows",
|
603
602
|
}
|
604
603
|
end
|
605
604
|
|
@@ -607,22 +606,22 @@ module Inspec::Resources
|
|
607
606
|
|
608
607
|
# detect if service is enabled
|
609
608
|
def service_enabled?(service)
|
610
|
-
!service[
|
611
|
-
!service[
|
612
|
-
(service[
|
613
|
-
service[
|
609
|
+
!service["WMI"].nil? &&
|
610
|
+
!service["WMI"]["StartMode"].nil? &&
|
611
|
+
(service["WMI"]["StartMode"] == "Auto" ||
|
612
|
+
service["WMI"]["StartMode"] == "Manual")
|
614
613
|
end
|
615
614
|
|
616
615
|
# detect if service is running
|
617
616
|
def service_running?(service)
|
618
|
-
!service[
|
617
|
+
!service["Service"]["Status"].nil? && service["Service"]["Status"] == 4
|
619
618
|
end
|
620
619
|
end
|
621
620
|
|
622
621
|
# Solaris services
|
623
622
|
class Svcs < ServiceManager
|
624
623
|
def initialize(service_name, service_ctl = nil)
|
625
|
-
@service_ctl = service_ctl ||
|
624
|
+
@service_ctl = service_ctl || "svcs"
|
626
625
|
super
|
627
626
|
end
|
628
627
|
|
@@ -634,20 +633,20 @@ module Inspec::Resources
|
|
634
633
|
params = SimpleConfig.new(
|
635
634
|
cmd.stdout.chomp,
|
636
635
|
assignment_regex: /^(\w+)\s*(.*)$/,
|
637
|
-
multiple_values: false
|
636
|
+
multiple_values: false
|
638
637
|
).params
|
639
638
|
|
640
639
|
installed = cmd.exit_status == 0
|
641
|
-
running = installed && (params[
|
642
|
-
enabled = installed && (params[
|
640
|
+
running = installed && (params["state"] == "online")
|
641
|
+
enabled = installed && (params["enabled"] == "true")
|
643
642
|
|
644
643
|
{
|
645
644
|
name: service_name,
|
646
|
-
description: params[
|
645
|
+
description: params["name"],
|
647
646
|
installed: installed,
|
648
647
|
running: running,
|
649
648
|
enabled: enabled,
|
650
|
-
type:
|
649
|
+
type: "svcs",
|
651
650
|
}
|
652
651
|
end
|
653
652
|
end
|
@@ -655,9 +654,9 @@ module Inspec::Resources
|
|
655
654
|
# specific resources for specific service managers
|
656
655
|
|
657
656
|
class SystemdService < Service
|
658
|
-
name
|
659
|
-
supports platform:
|
660
|
-
desc
|
657
|
+
name "systemd_service"
|
658
|
+
supports platform: "unix"
|
659
|
+
desc "Use the systemd_service InSpec audit resource to test if the named service (controlled by systemd) is installed, running and/or enabled."
|
661
660
|
example <<~EXAMPLE
|
662
661
|
# to override service mgmt auto-detection
|
663
662
|
describe systemd_service('service_name') do
|
@@ -678,9 +677,9 @@ module Inspec::Resources
|
|
678
677
|
end
|
679
678
|
|
680
679
|
class UpstartService < Service
|
681
|
-
name
|
682
|
-
supports platform:
|
683
|
-
desc
|
680
|
+
name "upstart_service"
|
681
|
+
supports platform: "unix"
|
682
|
+
desc "Use the upstart_service InSpec audit resource to test if the named service (controlled by upstart) is installed, running and/or enabled."
|
684
683
|
example <<~EXAMPLE
|
685
684
|
# to override service mgmt auto-detection
|
686
685
|
describe upstart_service('service_name') do
|
@@ -701,9 +700,9 @@ module Inspec::Resources
|
|
701
700
|
end
|
702
701
|
|
703
702
|
class SysVService < Service
|
704
|
-
name
|
705
|
-
supports platform:
|
706
|
-
desc
|
703
|
+
name "sysv_service"
|
704
|
+
supports platform: "unix"
|
705
|
+
desc "Use the sysv_service InSpec audit resource to test if the named service (controlled by SysV) is installed, running and/or enabled."
|
707
706
|
example <<~EXAMPLE
|
708
707
|
# to override service mgmt auto-detection
|
709
708
|
describe sysv_service('service_name') do
|
@@ -724,9 +723,9 @@ module Inspec::Resources
|
|
724
723
|
end
|
725
724
|
|
726
725
|
class BSDService < Service
|
727
|
-
name
|
728
|
-
supports platform:
|
729
|
-
desc
|
726
|
+
name "bsd_service"
|
727
|
+
supports platform: "unix"
|
728
|
+
desc "Use the bsd_service InSpec audit resource to test if the named service (controlled by BSD init) is installed, running and/or enabled."
|
730
729
|
example <<~EXAMPLE
|
731
730
|
# to override service mgmt auto-detection
|
732
731
|
describe bsd_service('service_name') do
|
@@ -747,9 +746,9 @@ module Inspec::Resources
|
|
747
746
|
end
|
748
747
|
|
749
748
|
class LaunchdService < Service
|
750
|
-
name
|
751
|
-
supports platform:
|
752
|
-
desc
|
749
|
+
name "launchd_service"
|
750
|
+
supports platform: "unix"
|
751
|
+
desc "Use the launchd_service InSpec audit resource to test if the named service (controlled by launchd) is installed, running and/or enabled."
|
753
752
|
example <<~EXAMPLE
|
754
753
|
# to override service mgmt auto-detection
|
755
754
|
describe launchd_service('service_name') do
|
@@ -770,9 +769,9 @@ module Inspec::Resources
|
|
770
769
|
end
|
771
770
|
|
772
771
|
class RunitService < Service
|
773
|
-
name
|
774
|
-
supports platform:
|
775
|
-
desc
|
772
|
+
name "runit_service"
|
773
|
+
supports platform: "unix"
|
774
|
+
desc "Use the runit_service InSpec audit resource to test if the named service (controlled by runit) is installed, running and/or enabled."
|
776
775
|
example <<~EXAMPLE
|
777
776
|
# to override service mgmt auto-detection
|
778
777
|
describe runit_service('service_name') do
|
@@ -1,8 +1,7 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2016, Chef Software Inc.
|
3
2
|
|
4
|
-
require
|
5
|
-
require
|
3
|
+
require "inspec/utils/filter"
|
4
|
+
require "inspec/utils/file_reader"
|
6
5
|
|
7
6
|
# The file format consists of
|
8
7
|
# - user
|
@@ -16,11 +15,11 @@ require 'utils/file_reader'
|
|
16
15
|
|
17
16
|
module Inspec::Resources
|
18
17
|
class Shadow < Inspec.resource(1)
|
19
|
-
name
|
20
|
-
supports platform:
|
21
|
-
desc
|
22
|
-
|
23
|
-
|
18
|
+
name "shadow"
|
19
|
+
supports platform: "unix"
|
20
|
+
desc "Use the shadow InSpec resource to test the contents of /etc/shadow, "\
|
21
|
+
"which contains information for users that may log into "\
|
22
|
+
"the system and/or as users that own running processes."
|
24
23
|
example <<~EXAMPLE
|
25
24
|
describe shadow do
|
26
25
|
its('user') { should_not include 'forbidden_user' }
|
@@ -36,23 +35,23 @@ module Inspec::Resources
|
|
36
35
|
|
37
36
|
attr_reader :params
|
38
37
|
|
39
|
-
def initialize(path =
|
38
|
+
def initialize(path = "/etc/shadow", opts = {})
|
40
39
|
@opts = opts
|
41
|
-
@path = path ||
|
42
|
-
@filters = @opts[:filters] ||
|
40
|
+
@path = path || "/etc/shadow"
|
41
|
+
@filters = @opts[:filters] || ""
|
43
42
|
end
|
44
43
|
|
45
44
|
filtertable = FilterTable.create
|
46
45
|
filtertable
|
47
|
-
.register_column(:users, field:
|
48
|
-
.register_column(:passwords, field:
|
49
|
-
.register_column(:last_changes, field:
|
50
|
-
.register_column(:min_days, field:
|
51
|
-
.register_column(:max_days, field:
|
52
|
-
.register_column(:warn_days, field:
|
53
|
-
.register_column(:inactive_days, field:
|
54
|
-
.register_column(:expiry_dates, field:
|
55
|
-
.register_column(:reserved, field:
|
46
|
+
.register_column(:users, field: "user")
|
47
|
+
.register_column(:passwords, field: "password")
|
48
|
+
.register_column(:last_changes, field: "last_change")
|
49
|
+
.register_column(:min_days, field: "min_days")
|
50
|
+
.register_column(:max_days, field: "max_days")
|
51
|
+
.register_column(:warn_days, field: "warn_days")
|
52
|
+
.register_column(:inactive_days, field: "inactive_days")
|
53
|
+
.register_column(:expiry_dates, field: "expiry_date")
|
54
|
+
.register_column(:reserved, field: "reserved")
|
56
55
|
# These are deprecated, but we need to "alias" them
|
57
56
|
filtertable
|
58
57
|
.register_custom_property(:user) { |table, value| table.resource.user(value) }
|
@@ -60,18 +59,18 @@ module Inspec::Resources
|
|
60
59
|
.register_custom_property(:last_change) { |table, value| table.resource.last_change(value) }
|
61
60
|
.register_custom_property(:expiry_date) { |table, value| table.resource.expiry_date(value) }
|
62
61
|
|
63
|
-
filtertable.register_custom_property(:content)
|
62
|
+
filtertable.register_custom_property(:content) do |t, _|
|
64
63
|
t.entries.map do |e|
|
65
|
-
[e.user, e.password, e.last_change, e.min_days, e.max_days, e.warn_days, e.inactive_days, e.expiry_date].compact.join(
|
64
|
+
[e.user, e.password, e.last_change, e.min_days, e.max_days, e.warn_days, e.inactive_days, e.expiry_date].compact.join(":")
|
66
65
|
end.join("\n")
|
67
|
-
|
66
|
+
end
|
68
67
|
|
69
68
|
filtertable.install_filter_methods_on_resource(self, :set_params)
|
70
69
|
|
71
70
|
def filter(query = {})
|
72
71
|
return self if query.nil? || query.empty?
|
73
72
|
res = set_params
|
74
|
-
filters =
|
73
|
+
filters = ""
|
75
74
|
query.each do |attr, condition|
|
76
75
|
condition = condition.to_s if condition.is_a? Integer
|
77
76
|
filters += " #{attr} = #{condition.inspect}"
|
@@ -84,39 +83,39 @@ module Inspec::Resources
|
|
84
83
|
end
|
85
84
|
end
|
86
85
|
end
|
87
|
-
content = res.map { |x| x.values.join(
|
86
|
+
content = res.map { |x| x.values.join(":") }.join("\n")
|
88
87
|
Shadow.new(@path, content: content, filters: @filters + filters)
|
89
88
|
end
|
90
89
|
|
91
90
|
# Next 4 are deprecated methods. We define them here so we can emit a deprecation message.
|
92
91
|
# They are also defined on the Table, above.
|
93
92
|
def user(query = nil)
|
94
|
-
Inspec.deprecate(:properties_shadow,
|
95
|
-
query.nil? ? where.users : where(
|
93
|
+
Inspec.deprecate(:properties_shadow, "The shadow `user` property is deprecated. Please use `users` instead.")
|
94
|
+
query.nil? ? where.users : where("user" => query)
|
96
95
|
end
|
97
96
|
|
98
97
|
def password(query = nil)
|
99
|
-
Inspec.deprecate(:properties_shadow,
|
100
|
-
query.nil? ? where.passwords : where(
|
98
|
+
Inspec.deprecate(:properties_shadow, "The shadow `password` property is deprecated. Please use `passwords` instead.")
|
99
|
+
query.nil? ? where.passwords : where("password" => query)
|
101
100
|
end
|
102
101
|
|
103
102
|
def last_change(query = nil)
|
104
|
-
Inspec.deprecate(:properties_shadow,
|
105
|
-
query.nil? ? where.last_changes : where(
|
103
|
+
Inspec.deprecate(:properties_shadow, "The shadow `last_change` property is deprecated. Please use `last_changes` instead.")
|
104
|
+
query.nil? ? where.last_changes : where("last_change" => query)
|
106
105
|
end
|
107
106
|
|
108
107
|
def expiry_date(query = nil)
|
109
|
-
Inspec.deprecate(:properties_shadow,
|
110
|
-
query.nil? ? where.expiry_dates : where(
|
108
|
+
Inspec.deprecate(:properties_shadow, "The shadow `expiry_date` property is deprecated. Please use `expiry_dates` instead.")
|
109
|
+
query.nil? ? where.expiry_dates : where("expiry_date" => query)
|
111
110
|
end
|
112
111
|
|
113
112
|
def lines
|
114
|
-
Inspec.deprecate(:properties_shadow,
|
113
|
+
Inspec.deprecate(:properties_shadow, "The shadow `lines` property is deprecated.")
|
115
114
|
shadow_content.to_s.split("\n")
|
116
115
|
end
|
117
116
|
|
118
117
|
def to_s
|
119
|
-
f = @filters.empty? ?
|
118
|
+
f = @filters.empty? ? "" : " with" + @filters
|
120
119
|
"#{@path}#{f}"
|
121
120
|
end
|
122
121
|
|
@@ -139,17 +138,17 @@ module Inspec::Resources
|
|
139
138
|
# @param [String] line a line of /etc/shadow
|
140
139
|
# @return [Hash] Map of entries in this line
|
141
140
|
def parse_shadow_line(line)
|
142
|
-
x = line.split(
|
141
|
+
x = line.split(":")
|
143
142
|
{
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
143
|
+
"user" => x.at(0),
|
144
|
+
"password" => x.at(1),
|
145
|
+
"last_change" => x.at(2),
|
146
|
+
"min_days" => x.at(3),
|
147
|
+
"max_days" => x.at(4),
|
148
|
+
"warn_days" => x.at(5),
|
149
|
+
"inactive_days" => x.at(6),
|
150
|
+
"expiry_date" => x.at(7),
|
151
|
+
"reserved" => x.at(8),
|
153
152
|
}
|
154
153
|
end
|
155
154
|
end
|