inspec-core 4.33.1 → 4.37.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +14 -1
- data/inspec-core.gemspec +2 -2
- data/lib/inspec/base_cli.rb +2 -2
- data/lib/inspec/cli.rb +6 -2
- data/lib/inspec/control_eval_context.rb +1 -0
- data/lib/inspec/fetcher/local.rb +1 -1
- data/lib/inspec/input.rb +39 -4
- data/lib/inspec/input_registry.rb +1 -0
- data/lib/inspec/objects/input.rb +1 -1
- data/lib/inspec/plugin/v2/loader.rb +9 -0
- data/lib/inspec/profile_context.rb +1 -1
- data/lib/inspec/resources.rb +1 -0
- data/lib/inspec/resources/file.rb +4 -5
- data/lib/inspec/resources/groups.rb +21 -6
- data/lib/inspec/resources/http.rb +1 -1
- data/lib/inspec/resources/mssql_session.rb +1 -1
- data/lib/inspec/resources/mysql_session.rb +1 -1
- data/lib/inspec/resources/pip.rb +1 -1
- data/lib/inspec/resources/port.rb +9 -3
- data/lib/inspec/resources/registry_key.rb +1 -1
- data/lib/inspec/resources/selinux.rb +154 -0
- data/lib/inspec/resources/users.rb +1 -1
- data/lib/inspec/resources/windows_feature.rb +2 -1
- data/lib/inspec/resources/windows_firewall_rule.rb +1 -1
- data/lib/inspec/resources/zfs_dataset.rb +7 -3
- data/lib/inspec/resources/zfs_pool.rb +7 -3
- data/lib/inspec/rule.rb +9 -1
- data/lib/inspec/runner.rb +1 -1
- data/lib/inspec/utils/erlang_parser.rb +2 -2
- data/lib/inspec/utils/filter.rb +7 -7
- data/lib/inspec/utils/nginx_parser.rb +3 -3
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-compliance/README.md +125 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +5 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +18 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +23 -8
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +26 -28
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +5 -4
- metadata +11 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0e824612959dfc0663c92583fa5a542300d6953bcd32b28cfabf48b0709b9bf6
|
|
4
|
+
data.tar.gz: 79edead9df8512f94c9472bead2afd509b080f30e68630c912208734dc0b7bf1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fba880eaf388b7ebb28a731ddaaab23a6c0b4f8a75ee70315c75f68d05445cc32c7c09109e5f9a696d8257111d5cf520409bf2d18079255fc7cce9376a3e87e3
|
|
7
|
+
data.tar.gz: e5bf78b8ee6a067ca8762326093f92c26f97b1c102b0198ec3a494a520bb0a6fc137ff2d6f992e36e3ff690389c2082b3f92484a79266e91e7359a25d8719df7
|
data/Gemfile
CHANGED
|
@@ -28,7 +28,7 @@ group :omnibus do
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
group :test do
|
|
31
|
-
gem "chefstyle", "~>
|
|
31
|
+
gem "chefstyle", "~> 2.0.3"
|
|
32
32
|
gem "concurrent-ruby", "~> 1.0"
|
|
33
33
|
gem "html-proofer", platforms: :ruby # do not attempt to run proofer on windows
|
|
34
34
|
gem "json_schemer", ">= 0.2.1", "< 0.2.19"
|
|
@@ -48,3 +48,16 @@ end
|
|
|
48
48
|
group :deploy do
|
|
49
49
|
gem "inquirer"
|
|
50
50
|
end
|
|
51
|
+
|
|
52
|
+
# Only include Test Kitchen support if we are on Ruby 2.7 or higher
|
|
53
|
+
# as chef-zero support requires Ruby 2.6
|
|
54
|
+
# See https://github.com/inspec/inspec/pull/5341
|
|
55
|
+
if Gem.ruby_version >= Gem::Version.new("2.7.0")
|
|
56
|
+
group :kitchen do
|
|
57
|
+
gem "berkshelf"
|
|
58
|
+
gem "test-kitchen", ">= 2.8"
|
|
59
|
+
gem "kitchen-inspec", ">= 2.0"
|
|
60
|
+
gem "kitchen-dokken", ">= 2.11"
|
|
61
|
+
gem "git"
|
|
62
|
+
end
|
|
63
|
+
end
|
data/inspec-core.gemspec
CHANGED
|
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
|
|
|
23
23
|
.reject { |f| File.directory?(f) }
|
|
24
24
|
|
|
25
25
|
# Implementation dependencies
|
|
26
|
-
spec.add_dependency "chef-telemetry", "~> 1.0"
|
|
26
|
+
spec.add_dependency "chef-telemetry", "~> 1.0", ">= 1.0.8" # 1.0.8+ removes the http dep
|
|
27
27
|
spec.add_dependency "license-acceptance", ">= 0.2.13", "< 3.0"
|
|
28
28
|
spec.add_dependency "thor", ">= 0.20", "< 2.0"
|
|
29
29
|
spec.add_dependency "method_source", ">= 0.8", "< 2.0"
|
|
@@ -35,7 +35,7 @@ Gem::Specification.new do |spec|
|
|
|
35
35
|
spec.add_dependency "mixlib-log", "~> 3.0"
|
|
36
36
|
spec.add_dependency "sslshake", "~> 1.2"
|
|
37
37
|
spec.add_dependency "parallel", "~> 1.9"
|
|
38
|
-
spec.add_dependency "faraday", ">= 0.9.0", "< 1.
|
|
38
|
+
spec.add_dependency "faraday", ">= 0.9.0", "< 1.5"
|
|
39
39
|
spec.add_dependency "faraday_middleware", "~> 1.0"
|
|
40
40
|
spec.add_dependency "tty-table", "~> 0.10"
|
|
41
41
|
spec.add_dependency "tty-prompt", "~> 0.17"
|
data/lib/inspec/base_cli.rb
CHANGED
|
@@ -181,7 +181,7 @@ module Inspec
|
|
|
181
181
|
puts " Patents: chef.io/patents\n\n"
|
|
182
182
|
end
|
|
183
183
|
|
|
184
|
-
def self.format_platform_info(params: {}, indent: 0, color: 39)
|
|
184
|
+
def self.format_platform_info(params: {}, indent: 0, color: 39, enable_color: true)
|
|
185
185
|
str = ""
|
|
186
186
|
params.each do |item, info|
|
|
187
187
|
data = info
|
|
@@ -192,7 +192,7 @@ module Inspec
|
|
|
192
192
|
# Do not output fields of data is missing ('unknown' is fine)
|
|
193
193
|
next if data.nil?
|
|
194
194
|
|
|
195
|
-
data = "\e[1m\e[#{color}m#{data}\e[0m"
|
|
195
|
+
data = "\e[1m\e[#{color}m#{data}\e[0m" if enable_color
|
|
196
196
|
str << format("#{" " * indent}%-10s %s\n", item.to_s.capitalize + ":", data)
|
|
197
197
|
end
|
|
198
198
|
str
|
data/lib/inspec/cli.rb
CHANGED
|
@@ -218,9 +218,13 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
|
218
218
|
|
|
219
219
|
Automate:
|
|
220
220
|
```
|
|
221
|
-
#{Inspec::Dist::EXEC_NAME}
|
|
221
|
+
#{Inspec::Dist::EXEC_NAME} automate login
|
|
222
222
|
#{Inspec::Dist::EXEC_NAME} exec compliance://username/linux-baseline
|
|
223
223
|
```
|
|
224
|
+
`inspec compliance` is a backwards compatible alias for `inspec automate` and works the same way:
|
|
225
|
+
```
|
|
226
|
+
#{Inspec::Dist::EXEC_NAME} compliance login
|
|
227
|
+
```
|
|
224
228
|
|
|
225
229
|
Supermarket:
|
|
226
230
|
```
|
|
@@ -301,7 +305,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
|
301
305
|
puts res.to_json
|
|
302
306
|
else
|
|
303
307
|
ui.headline("Platform Details")
|
|
304
|
-
ui.plain Inspec::BaseCLI.format_platform_info(params: res, indent: 0, color: 36)
|
|
308
|
+
ui.plain Inspec::BaseCLI.format_platform_info(params: res, indent: 0, color: 36, enable_color: ui.color?)
|
|
305
309
|
end
|
|
306
310
|
rescue ArgumentError, RuntimeError, Train::UserError => e
|
|
307
311
|
$stderr.puts e.message
|
|
@@ -194,6 +194,7 @@ module Inspec
|
|
|
194
194
|
|
|
195
195
|
# Check if the given control exist in the --controls option
|
|
196
196
|
def control_exist_in_controls_list?(id)
|
|
197
|
+
id_exist_in_list = false
|
|
197
198
|
if profile_config_exist?
|
|
198
199
|
id_exist_in_list = @conf["profile"].include_controls_list.any? do |inclusion|
|
|
199
200
|
# Try to see if the inclusion is a regex, and if it matches
|
data/lib/inspec/fetcher/local.rb
CHANGED
data/lib/inspec/input.rb
CHANGED
|
@@ -19,12 +19,17 @@ module Inspec
|
|
|
19
19
|
attr_accessor :input_name
|
|
20
20
|
attr_accessor :input_value
|
|
21
21
|
attr_accessor :input_type
|
|
22
|
+
attr_accessor :input_pattern
|
|
22
23
|
end
|
|
23
24
|
|
|
24
25
|
class TypeError < Error
|
|
25
26
|
attr_accessor :input_type
|
|
26
27
|
end
|
|
27
28
|
|
|
29
|
+
class PatternError < Error
|
|
30
|
+
attr_accessor :input_pattern
|
|
31
|
+
end
|
|
32
|
+
|
|
28
33
|
class RequiredError < Error
|
|
29
34
|
attr_accessor :input_name
|
|
30
35
|
end
|
|
@@ -56,7 +61,6 @@ module Inspec
|
|
|
56
61
|
|
|
57
62
|
def initialize(properties = {})
|
|
58
63
|
@value_has_been_set = false
|
|
59
|
-
|
|
60
64
|
properties.each do |prop_name, prop_value|
|
|
61
65
|
if EVENT_PROPERTIES.include? prop_name
|
|
62
66
|
# OK, save the property
|
|
@@ -174,7 +178,7 @@ module Inspec
|
|
|
174
178
|
# are free to go higher.
|
|
175
179
|
DEFAULT_PRIORITY_FOR_VALUE_SET = 60
|
|
176
180
|
|
|
177
|
-
attr_reader :description, :events, :identifier, :name, :required, :sensitive, :title, :type
|
|
181
|
+
attr_reader :description, :events, :identifier, :name, :required, :sensitive, :title, :type, :pattern
|
|
178
182
|
|
|
179
183
|
def initialize(name, options = {})
|
|
180
184
|
@name = name
|
|
@@ -192,7 +196,6 @@ module Inspec
|
|
|
192
196
|
# debugging record of when and how the value changed.
|
|
193
197
|
@events = []
|
|
194
198
|
events.push make_creation_event(options)
|
|
195
|
-
|
|
196
199
|
update(options)
|
|
197
200
|
end
|
|
198
201
|
|
|
@@ -213,6 +216,7 @@ module Inspec
|
|
|
213
216
|
def update(options)
|
|
214
217
|
_update_set_metadata(options)
|
|
215
218
|
normalize_type_restriction!
|
|
219
|
+
normalize_pattern_restriction!
|
|
216
220
|
|
|
217
221
|
# Values are set by passing events in; but we can also infer an event.
|
|
218
222
|
if options.key?(:value) || options.key?(:default)
|
|
@@ -227,6 +231,7 @@ module Inspec
|
|
|
227
231
|
events << options[:event] if options.key? :event
|
|
228
232
|
|
|
229
233
|
enforce_type_restriction!
|
|
234
|
+
enforce_pattern_restriction!
|
|
230
235
|
end
|
|
231
236
|
|
|
232
237
|
# We can determine a value:
|
|
@@ -268,6 +273,7 @@ module Inspec
|
|
|
268
273
|
@identifier = options[:identifier] if options.key?(:identifier) # TODO: determine if this is ever used
|
|
269
274
|
@type = options[:type] if options.key?(:type)
|
|
270
275
|
@sensitive = options[:sensitive] if options.key?(:sensitive)
|
|
276
|
+
@pattern = options[:pattern] if options.key?(:pattern)
|
|
271
277
|
end
|
|
272
278
|
|
|
273
279
|
def make_creation_event(options)
|
|
@@ -310,7 +316,9 @@ module Inspec
|
|
|
310
316
|
file: location.path,
|
|
311
317
|
line: location.lineno
|
|
312
318
|
)
|
|
319
|
+
|
|
313
320
|
enforce_type_restriction!
|
|
321
|
+
enforce_pattern_restriction!
|
|
314
322
|
end
|
|
315
323
|
|
|
316
324
|
def value
|
|
@@ -324,7 +332,7 @@ module Inspec
|
|
|
324
332
|
|
|
325
333
|
def to_hash
|
|
326
334
|
as_hash = { name: name, options: {} }
|
|
327
|
-
%i{description title identifier type required value sensitive}.each do |field|
|
|
335
|
+
%i{description title identifier type required value sensitive pattern}.each do |field|
|
|
328
336
|
val = send(field)
|
|
329
337
|
next if val.nil?
|
|
330
338
|
|
|
@@ -407,6 +415,33 @@ module Inspec
|
|
|
407
415
|
@type = type_req
|
|
408
416
|
end
|
|
409
417
|
|
|
418
|
+
def enforce_pattern_restriction!
|
|
419
|
+
return unless pattern
|
|
420
|
+
return unless has_value?
|
|
421
|
+
|
|
422
|
+
string_value = current_value(false).to_s
|
|
423
|
+
|
|
424
|
+
valid_pattern = string_value.match?(pattern)
|
|
425
|
+
unless valid_pattern
|
|
426
|
+
error = Inspec::Input::ValidationError.new
|
|
427
|
+
error.input_name = @name
|
|
428
|
+
error.input_value = string_value
|
|
429
|
+
error.input_pattern = pattern
|
|
430
|
+
raise error, "Input '#{error.input_name}' with value '#{error.input_value}' does not validate to pattern '#{error.input_pattern}'."
|
|
431
|
+
end
|
|
432
|
+
end
|
|
433
|
+
|
|
434
|
+
def normalize_pattern_restriction!
|
|
435
|
+
return unless pattern
|
|
436
|
+
|
|
437
|
+
unless valid_regexp?(pattern)
|
|
438
|
+
error = Inspec::Input::PatternError.new
|
|
439
|
+
error.input_pattern = pattern
|
|
440
|
+
raise error, "Pattern '#{error.input_pattern}' is not a valid regex pattern."
|
|
441
|
+
end
|
|
442
|
+
@pattern = pattern
|
|
443
|
+
end
|
|
444
|
+
|
|
410
445
|
def valid_numeric?(value)
|
|
411
446
|
Float(value)
|
|
412
447
|
true
|
data/lib/inspec/objects/input.rb
CHANGED
|
@@ -20,7 +20,7 @@ module Inspec
|
|
|
20
20
|
|
|
21
21
|
def to_hash
|
|
22
22
|
as_hash = { name: name, options: {} }
|
|
23
|
-
%i{description title identifier type required value}.each do |field|
|
|
23
|
+
%i{description title identifier type required value pattern}.each do |field|
|
|
24
24
|
val = send(field)
|
|
25
25
|
next if val.nil?
|
|
26
26
|
|
|
@@ -117,6 +117,15 @@ module Inspec::Plugin::V2
|
|
|
117
117
|
# `inspec dosomething` => activate the :dosomething hook
|
|
118
118
|
activate_me ||= cli_args.include?(act.activator_name.to_s)
|
|
119
119
|
|
|
120
|
+
# Only one compliance command to be activated at one time.
|
|
121
|
+
# Since both commands are defined in the same class,
|
|
122
|
+
# activators were not getting fetched uniquely.
|
|
123
|
+
if cli_args.include?("automate") && act.activator_name.to_s.eql?("compliance")
|
|
124
|
+
activate_me = false
|
|
125
|
+
elsif cli_args.include?("compliance") && act.activator_name.to_s.eql?("automate")
|
|
126
|
+
activate_me = false
|
|
127
|
+
end
|
|
128
|
+
|
|
120
129
|
# OK, activate.
|
|
121
130
|
if activate_me
|
|
122
131
|
act.activate
|
data/lib/inspec/resources.rb
CHANGED
|
@@ -103,6 +103,7 @@ require "inspec/resources/rabbitmq_config"
|
|
|
103
103
|
require "inspec/resources/registry_key"
|
|
104
104
|
require "inspec/resources/security_identifier"
|
|
105
105
|
require "inspec/resources/security_policy"
|
|
106
|
+
require "inspec/resources/selinux"
|
|
106
107
|
require "inspec/resources/service"
|
|
107
108
|
require "inspec/resources/shadow"
|
|
108
109
|
require "inspec/resources/ssh_config"
|
|
@@ -136,10 +136,10 @@ module Inspec::Resources
|
|
|
136
136
|
alias sticky? sticky
|
|
137
137
|
|
|
138
138
|
def more_permissive_than?(max_mode = nil)
|
|
139
|
-
|
|
140
|
-
raise ArgumentError, "You must
|
|
141
|
-
raise ArgumentError, "You must
|
|
142
|
-
raise ArgumentError, "The value of the `maximum permission target` should be a valid file mode in 4-
|
|
139
|
+
return nil unless exist?
|
|
140
|
+
raise ArgumentError, "You must provide a value for the `maximum allowable permission` for the file." if max_mode.nil?
|
|
141
|
+
raise ArgumentError, "You must provide the `maximum permission target` as a `String`, you provided: " + max_mode.class.to_s unless max_mode.is_a?(String)
|
|
142
|
+
raise ArgumentError, "The value of the `maximum permission target` should be a valid file mode in 4-digit octal format: for example, `0644` or `0777`" unless /(0)?([0-7])([0-7])([0-7])/.match?(max_mode)
|
|
143
143
|
|
|
144
144
|
# Using the files mode and a few bit-wise calculations we can ensure a
|
|
145
145
|
# file is no more permisive than desired.
|
|
@@ -160,7 +160,6 @@ module Inspec::Resources
|
|
|
160
160
|
|
|
161
161
|
max_mode = max_mode.to_i(8)
|
|
162
162
|
inv_mode = 0777 ^ max_mode
|
|
163
|
-
|
|
164
163
|
inv_mode & file.mode != 0
|
|
165
164
|
end
|
|
166
165
|
|
|
@@ -49,10 +49,11 @@ module Inspec::Resources
|
|
|
49
49
|
|
|
50
50
|
filter = FilterTable.create
|
|
51
51
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
|
52
|
-
filter.register_column(:names,
|
|
53
|
-
.register_column(:gids,
|
|
54
|
-
.register_column(:domains,
|
|
55
|
-
.register_column(:members,
|
|
52
|
+
filter.register_column(:names, field: "name")
|
|
53
|
+
.register_column(:gids, field: "gid")
|
|
54
|
+
.register_column(:domains, field: "domain")
|
|
55
|
+
.register_column(:members, field: "members", style: :simple)
|
|
56
|
+
.register_column(:members_array, field: "members_array", style: :simple)
|
|
56
57
|
filter.install_filter_methods_on_resource(self, :collect_group_details)
|
|
57
58
|
|
|
58
59
|
def to_s
|
|
@@ -63,7 +64,13 @@ module Inspec::Resources
|
|
|
63
64
|
|
|
64
65
|
# collects information about every group
|
|
65
66
|
def collect_group_details
|
|
66
|
-
|
|
67
|
+
unless @group_provider.nil?
|
|
68
|
+
modified_groups_info = @group_provider.groups
|
|
69
|
+
unless modified_groups_info.empty?
|
|
70
|
+
modified_groups_info.each { |hashmap| hashmap["members_array"] = hashmap["members"].is_a?(Array) ? hashmap["members"] : hashmap["members"]&.split(",") }
|
|
71
|
+
end
|
|
72
|
+
return @groups_cache ||= modified_groups_info
|
|
73
|
+
end
|
|
67
74
|
|
|
68
75
|
[]
|
|
69
76
|
end
|
|
@@ -111,7 +118,11 @@ module Inspec::Resources
|
|
|
111
118
|
end
|
|
112
119
|
|
|
113
120
|
def members
|
|
114
|
-
flatten_entry(group_info, "members")
|
|
121
|
+
flatten_entry(group_info, "members") || empty_value_for_members
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
def members_array
|
|
125
|
+
flatten_entry(group_info, "members_array") || []
|
|
115
126
|
end
|
|
116
127
|
|
|
117
128
|
def local
|
|
@@ -141,6 +152,10 @@ module Inspec::Resources
|
|
|
141
152
|
group = @group.dup
|
|
142
153
|
@groups_cache ||= inspec.groups.where { name == group }
|
|
143
154
|
end
|
|
155
|
+
|
|
156
|
+
def empty_value_for_members
|
|
157
|
+
inspec.os.windows? ? [] : ""
|
|
158
|
+
end
|
|
144
159
|
end
|
|
145
160
|
|
|
146
161
|
class GroupInfo
|
|
@@ -58,7 +58,7 @@ module Inspec::Resources
|
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
def query(q) # rubocop:disable Metrics/PerceivedComplexity
|
|
61
|
-
escaped_query = q.gsub(/\\/,
|
|
61
|
+
escaped_query = q.gsub(/\\/, "\\\\").gsub(/"/, '""').gsub(/\$/, '\\$')
|
|
62
62
|
# surpress 'x rows affected' in SQLCMD with 'set nocount on;'
|
|
63
63
|
cmd_string = "sqlcmd -Q \"set nocount on; #{escaped_query}\" -W -w 1024 -s ','"
|
|
64
64
|
cmd_string += " -U '#{@user}' -P '#{@password}'" unless @user.nil? || @password.nil?
|
|
@@ -75,7 +75,7 @@ module Inspec::Resources
|
|
|
75
75
|
def create_mysql_cmd(q, db = "")
|
|
76
76
|
# TODO: simple escape, must be handled by a library
|
|
77
77
|
# that does this securely
|
|
78
|
-
escaped_query = q.gsub(/\\/,
|
|
78
|
+
escaped_query = q.gsub(/\\/, "\\\\").gsub(/"/, '\\"').gsub(/\$/, '\\$')
|
|
79
79
|
|
|
80
80
|
# construct the query
|
|
81
81
|
command = "mysql"
|
data/lib/inspec/resources/pip.rb
CHANGED
|
@@ -117,7 +117,7 @@ module Inspec::Resources
|
|
|
117
117
|
if defined?(windows_paths["Python"]) && pipcmd.nil?
|
|
118
118
|
return nil if windows_paths["Pip"].nil?
|
|
119
119
|
|
|
120
|
-
pipdir = windows_paths["Python"].split(
|
|
120
|
+
pipdir = windows_paths["Python"].split("\\")
|
|
121
121
|
# remove python.exe
|
|
122
122
|
pipdir.pop
|
|
123
123
|
pipcmd = pipdir.push("Scripts").push("pip.exe").join("/")
|
|
@@ -54,7 +54,7 @@ module Inspec::Resources
|
|
|
54
54
|
def port_manager_for_os
|
|
55
55
|
os = inspec.os
|
|
56
56
|
if os.linux?
|
|
57
|
-
LinuxPorts.new(inspec)
|
|
57
|
+
LinuxPorts.new(inspec, @port)
|
|
58
58
|
elsif os.aix?
|
|
59
59
|
# AIX: see http://www.ibm.com/developerworks/aix/library/au-lsof.html#resources
|
|
60
60
|
# and https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp
|
|
@@ -102,8 +102,9 @@ module Inspec::Resources
|
|
|
102
102
|
# }]
|
|
103
103
|
class PortsInfo
|
|
104
104
|
attr_reader :inspec
|
|
105
|
-
def initialize(inspec)
|
|
105
|
+
def initialize(inspec, port = nil)
|
|
106
106
|
@inspec = inspec
|
|
107
|
+
@port = port
|
|
107
108
|
end
|
|
108
109
|
end
|
|
109
110
|
|
|
@@ -394,7 +395,12 @@ module Inspec::Resources
|
|
|
394
395
|
def ports_via_ss
|
|
395
396
|
return nil unless inspec.command("ss").exist?
|
|
396
397
|
|
|
397
|
-
|
|
398
|
+
if @port.nil?
|
|
399
|
+
cmd = inspec.command("ss -tulpen")
|
|
400
|
+
else
|
|
401
|
+
cmd = inspec.command("ss -tulpen '( dport = #{@port} or sport = #{@port} )'")
|
|
402
|
+
end
|
|
403
|
+
|
|
398
404
|
return nil unless cmd.exit_status.to_i == 0
|
|
399
405
|
|
|
400
406
|
ports = []
|