inspec-core 4.41.20 → 4.52.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +4 -0
  3. data/etc/deprecations.json +1 -1
  4. data/lib/bundles/inspec-supermarket/README.md +21 -2
  5. data/lib/bundles/inspec-supermarket/cli.rb +20 -3
  6. data/lib/bundles/inspec-supermarket/target.rb +3 -2
  7. data/lib/inspec/base_cli.rb +12 -0
  8. data/lib/inspec/cli.rb +21 -4
  9. data/lib/inspec/control_eval_context.rb +40 -39
  10. data/lib/inspec/dsl.rb +18 -3
  11. data/lib/inspec/globals.rb +5 -0
  12. data/lib/inspec/plugin/v1/registry.rb +1 -1
  13. data/lib/inspec/profile.rb +115 -2
  14. data/lib/inspec/resources/auditd.rb +5 -4
  15. data/lib/inspec/resources/cassandra.rb +64 -0
  16. data/lib/inspec/resources/cassandradb_conf.rb +47 -0
  17. data/lib/inspec/resources/cassandradb_session.rb +68 -0
  18. data/lib/inspec/resources/chrony_conf.rb +55 -0
  19. data/lib/inspec/resources/csv.rb +26 -3
  20. data/lib/inspec/resources/groups.rb +22 -3
  21. data/lib/inspec/resources/http.rb +135 -54
  22. data/lib/inspec/resources/ibmdb2_conf.rb +57 -0
  23. data/lib/inspec/resources/ibmdb2_session.rb +69 -0
  24. data/lib/inspec/resources/mssql_sys_conf.rb +48 -0
  25. data/lib/inspec/resources/opa.rb +4 -1
  26. data/lib/inspec/resources/oracle.rb +66 -0
  27. data/lib/inspec/resources/oracledb_conf.rb +40 -0
  28. data/lib/inspec/resources/oracledb_listener_conf.rb +123 -0
  29. data/lib/inspec/resources/oracledb_session.rb +25 -6
  30. data/lib/inspec/resources/packages.rb +21 -0
  31. data/lib/inspec/resources/postgres_session.rb +15 -4
  32. data/lib/inspec/resources/service.rb +59 -10
  33. data/lib/inspec/resources/ssl.rb +7 -0
  34. data/lib/inspec/resources/sybase_conf.rb +37 -0
  35. data/lib/inspec/resources/sybase_session.rb +111 -0
  36. data/lib/inspec/resources/users.rb +16 -2
  37. data/lib/inspec/resources/windows_firewall.rb +1 -1
  38. data/lib/inspec/resources.rb +9 -0
  39. data/lib/inspec/run_data/profile.rb +0 -2
  40. data/lib/inspec/version.rb +1 -1
  41. metadata +14 -2
@@ -0,0 +1,48 @@
1
+ require "inspec/resources/mssql_session"
2
+
3
+ module Inspec::Resources
4
+ class MssqlSysConf < Inspec.resource(1)
5
+ name "mssql_sys_conf"
6
+ supports platform: "windows"
7
+ supports platform: "debian"
8
+ supports platform: "redhat"
9
+ supports platform: "suse"
10
+
11
+ desc "Use the mssql_sys_conf InSpec audit resource to test the database system configurations for Mssql DB"
12
+ example <<~EXAMPLE
13
+ describe mssql_sys_conf("clr_enabled", user: 'USER', password: 'PASSWORD') do
14
+ its("value_in_use") { should cmp "0" }
15
+ its("value_configured") { should cmp "0" }
16
+ end
17
+ EXAMPLE
18
+
19
+ attr_reader :mssql_session, :sql_query
20
+
21
+ def initialize(conf_param_name, opts = {})
22
+ opts[:username] ||= "SA"
23
+ @mssql_session = inspec.mssql_session(opts)
24
+ setting = conf_param_name.to_s.gsub("_", " ").split.map(&:capitalize).join(" ")
25
+ determine_system_configurations(setting)
26
+ end
27
+
28
+ def value_in_use
29
+ sql_query.row(0).column("value_in_use").value
30
+ end
31
+
32
+ def value_configured
33
+ sql_query.row(0).column("value_configured").value
34
+ end
35
+
36
+ def to_s
37
+ "MsSql DB Configuration"
38
+ end
39
+
40
+ private
41
+
42
+ def determine_system_configurations(setting)
43
+ @sql_query = mssql_session.query("SELECT name, CAST(value as int) as value_configured, CAST(value_in_use as int) as value_in_use FROM sys.configurations WHERE name = '#{setting}'")
44
+ rescue => e
45
+ raise Inspec::Exceptions::ResourceFailed, "Errors fetching database system configurations for Mssql database: #{e}"
46
+ end
47
+ end
48
+ end
@@ -6,12 +6,15 @@ module Inspec::Resources
6
6
  supports platform: "unix"
7
7
  supports platform: "windows"
8
8
 
9
- attr_reader :result
10
9
  def initialize(content)
11
10
  @content = content
12
11
  super({ content: @content })
13
12
  end
14
13
 
14
+ def result
15
+ @content == {} || @content["result"].empty? ? nil : @content
16
+ end
17
+
15
18
  private
16
19
 
17
20
  def parse(content)
@@ -0,0 +1,66 @@
1
+ require "inspec/resources/powershell"
2
+
3
+ module Inspec::Resources
4
+ class Oracle < Inspec.resource(1)
5
+ name "oracle"
6
+ supports platform: "unix"
7
+ supports platform: "windows"
8
+
9
+ desc "The 'oracle' resource is a helper for the 'oracledb_listener_conf'"
10
+
11
+ attr_reader :conf_path
12
+
13
+ def initialize
14
+ case inspec.os[:family]
15
+ when "debian", "redhat", "linux", "suse"
16
+ determine_conf_dir_and_path_in_linux
17
+ when "windows"
18
+ determine_conf_dir_and_path_in_windows
19
+ end
20
+ end
21
+
22
+ def to_s
23
+ "OracleDB"
24
+ end
25
+
26
+ private
27
+
28
+ def determine_conf_dir_and_path_in_linux
29
+ oracle_home = inspec.os_env("ORACLE_HOME").content
30
+
31
+ if oracle_home.nil? || oracle_home.empty?
32
+ warn "$ORACLE_HOME env value not set in the system"
33
+ nil
34
+ else
35
+ conf_path = "#{oracle_home}/network/admin/listener.ora"
36
+ if !inspec.file(conf_path).exist?
37
+ warn "No oracle listener settings found in $ORACLE_HOME/network/admin directory"
38
+ nil
39
+ else
40
+ @conf_path = conf_path
41
+ end
42
+ end
43
+ rescue => e
44
+ fail_resource "Errors reading listener settings: #{e}"
45
+ end
46
+
47
+ def determine_conf_dir_and_path_in_windows
48
+ oracle_home = inspec.os_env("ORACLE_HOME").content
49
+
50
+ if oracle_home.nil? || oracle_home.empty?
51
+ warn "ORACLE_HOME env value not set in the system"
52
+ nil
53
+ else
54
+ conf_path = "#{oracle_home}\\network\\admin\\listener.ora"
55
+ if !inspec.file(conf_path).exist?
56
+ warn "No oracle listener settings found in ORACLE_HOME\\network\\admin directory"
57
+ nil
58
+ else
59
+ @conf_path = conf_path
60
+ end
61
+ end
62
+ rescue => e
63
+ fail_resource "Errors reading listener settings: #{e}"
64
+ end
65
+ end
66
+ end
@@ -0,0 +1,40 @@
1
+ require "inspec/resources/oracledb_session"
2
+
3
+ module Inspec::Resources
4
+ class OracledbConf < Inspec.resource(1)
5
+ name "oracledb_conf"
6
+ supports platform: "unix"
7
+ supports platform: "windows"
8
+ desc "Use the oracledb_conf InSpec audit resource to test the database settings for Oracle DB"
9
+ example <<~EXAMPLE
10
+ describe oracledb_conf(user: 'USER', password: 'PASSWORD') do
11
+ its("audit_sys_operations") { should cmp "true" }
12
+ its("sql92_security") { should cmp "true" }
13
+ end
14
+ EXAMPLE
15
+
16
+ attr_reader :oracledb_session
17
+
18
+ def initialize(opts = {})
19
+ @oracledb_session = inspec.oracledb_session(opts)
20
+ end
21
+
22
+ def method_missing(name)
23
+ setting = name.to_s.upcase
24
+ determine_database_setting(setting)
25
+ end
26
+
27
+ def to_s
28
+ "Oracle DB Configuration"
29
+ end
30
+
31
+ private
32
+
33
+ def determine_database_setting(setting)
34
+ sql_query = oracledb_session.query("SELECT UPPER(VALUE) AS UPPER_VALUE FROM V$SYSTEM_PARAMETER WHERE UPPER(NAME) = '#{setting}'")
35
+ sql_query.row(0).column("UPPER_VALUE").value
36
+ rescue => e
37
+ raise Inspec::Exceptions::ResourceFailed, "Errors fetching database settings for Oracle database: #{e}"
38
+ end
39
+ end
40
+ end
@@ -0,0 +1,123 @@
1
+ require "inspec/utils/object_traversal"
2
+ require "inspec/utils/simpleconfig"
3
+ require "inspec/utils/find_files"
4
+ require "inspec/utils/file_reader"
5
+ require "inspec/resources/oracle"
6
+
7
+ module Inspec::Resources
8
+ class OracledbListenerConf < Inspec.resource(1)
9
+ name "oracledb_listener_conf"
10
+ supports platform: "unix"
11
+ supports platform: "windows"
12
+ desc "Use the oracledb_listener_conf InSpec audit resource to test the listener settings for Oracle DB"
13
+ example <<~EXAMPLE
14
+ describe oracledb_listener_conf do
15
+ its('DEFAULT_SERVICE_LISTENER') { should eq 'XE' }
16
+ end
17
+ EXAMPLE
18
+
19
+ include FindFiles
20
+ include FileReader
21
+ include ObjectTraverser
22
+
23
+ def initialize(conf_path = nil)
24
+ oracle = nil
25
+ if conf_path.nil?
26
+ oracle = inspec.oracle
27
+ @conf_path = oracle.conf_path
28
+ else
29
+ @conf_path = conf_path
30
+ end
31
+
32
+ if oracle && oracle.resource_failed?
33
+ raise oracle.resource_exception_message
34
+ elsif @conf_path.nil?
35
+ return skip_resource "Oracle Listener conf path is not set"
36
+ end
37
+
38
+ @conf_dir = File.expand_path(File.dirname(@conf_path))
39
+ @files_contents = {}
40
+ @content = nil
41
+ @params = nil
42
+ read_content
43
+ end
44
+
45
+ def content
46
+ @content ||= read_content
47
+ end
48
+
49
+ def params(*opts)
50
+ @params || read_content
51
+ res = @params
52
+ opts.each do |opt|
53
+ res = res[opt] unless res.nil?
54
+ end
55
+ res
56
+ end
57
+
58
+ def value(key)
59
+ extract_value(key, @params)
60
+ end
61
+
62
+ def method_missing(*keys)
63
+ keys.shift if keys.is_a?(Array) && keys[0] == :[]
64
+ param = value(keys)
65
+ return nil if param.nil?
66
+ # extract first value if we have only one value in array
67
+ return param[0] if param.length == 1
68
+
69
+ param
70
+ end
71
+
72
+ def to_s
73
+ "Oracle Listener Configuration"
74
+ end
75
+
76
+ private
77
+
78
+ def read_content
79
+ @content = ""
80
+ @params = {}
81
+
82
+ to_read = [@conf_path]
83
+ until to_read.empty?
84
+ base_dir = File.dirname(to_read[0])
85
+ raw_conf = read_file(to_read[0])
86
+ @content += raw_conf
87
+
88
+ opts = {
89
+ assignment_regex: /^\s*([^=]*?)\s*=\s*[']?\s*(.*?)\s*[']?\s*$/,
90
+ }
91
+ params = SimpleConfig.new(raw_conf, opts).params
92
+ @params.merge!(params)
93
+
94
+ to_read = to_read.drop(1)
95
+ # see if there is more config files to include
96
+
97
+ to_read += include_files(params, base_dir).find_all do |fp|
98
+ not @files_contents.key? fp
99
+ end
100
+ end
101
+ @content
102
+ end
103
+
104
+ def include_files(params, base_dir)
105
+ include_files = Array(params["include"]) || []
106
+ include_files += Array(params["include_if_exists"]) || []
107
+ include_files.map! do |f|
108
+ Pathname.new(f).absolute? ? f : File.join(base_dir, f)
109
+ end
110
+
111
+ dirs = Array(params["include_dir"]) || []
112
+ dirs.each do |dir|
113
+ dir = File.join(base_dir, dir) if dir[0] != "/"
114
+ include_files += find_files(dir, depth: 1, type: "file")
115
+ end
116
+ include_files
117
+ end
118
+
119
+ def read_file(path)
120
+ @files_contents[path] ||= read_file_content(path)
121
+ end
122
+ end
123
+ end
@@ -42,6 +42,7 @@ module Inspec::Resources
42
42
  end
43
43
 
44
44
  def query(sql)
45
+ raise Inspec::Exceptions::ResourceSkipped, "#{resource_exception_message}" if resource_skipped?
45
46
  raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
46
47
 
47
48
  if @sqlcl_bin && inspec.command(@sqlcl_bin).exist?
@@ -78,7 +79,14 @@ module Inspec::Resources
78
79
  # using a db_role
79
80
  # su, using a db_role
80
81
  def command_builder(format_options, query)
81
- verified_query = verify_query(query)
82
+ if @db_role.nil? || @su_user.nil?
83
+ verified_query = verify_query(query)
84
+ else
85
+ escaped_query = query.gsub(/\\\\/, "\\").gsub(/"/, '\\"')
86
+ escaped_query = escaped_query.gsub("$", '\\$') unless escaped_query.include? "\\$"
87
+ verified_query = verify_query(escaped_query)
88
+ end
89
+
82
90
  sql_prefix, sql_postfix = "", ""
83
91
  if inspec.os.windows?
84
92
  sql_prefix = %{@'\n#{format_options}\n#{verified_query}\nEXIT\n'@ | }
@@ -87,11 +95,14 @@ module Inspec::Resources
87
95
  end
88
96
 
89
97
  if @db_role.nil?
90
- "#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}"
98
+ %{#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}}
91
99
  elsif @su_user.nil?
92
- "#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}"
100
+ %{#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
93
101
  else
94
- "su - #{@su_user} -c env ORACLE_SID=#{@service} #{@bin} / as #{@db_role}#{sql_postfix}"
102
+ # oracle_query_string is echoed to be able to extract the query output clearly
103
+ # su - su_user in certain versions of oracle returns a message
104
+ # Example of msg with query output: The Oracle base remains unchanged with value /oracle\n\nVALUE\n3\n
105
+ %{su - #{@su_user} -c "echo 'oracle_query_string'; env ORACLE_SID=#{@service} #{@bin} / as #{@db_role}#{sql_postfix}"}
95
106
  end
96
107
  end
97
108
 
@@ -101,9 +112,17 @@ module Inspec::Resources
101
112
  end
102
113
 
103
114
  def parse_csv_result(stdout)
104
- output = stdout.sub(/\r/, "").strip
115
+ output = stdout.split("oracle_query_string")[-1]
116
+ # comma_query_sub replaces the csv delimiter "," in the output.
117
+ # Handles CSV parsing of data like this (DROP,3) etc
118
+ output = output.sub(/\r/, "").strip.gsub(",", "comma_query_sub")
105
119
  converter = ->(header) { header.downcase }
106
- CSV.parse(output, headers: true, header_converters: converter).map { |row| Hashie::Mash.new(row.to_h) }
120
+ CSV.parse(output, headers: true, header_converters: converter).map do |row|
121
+ next if row.entries.flatten.empty?
122
+
123
+ revised_row = row.entries.flatten.map { |entry| entry&.gsub("comma_query_sub", ",") }
124
+ Hashie::Mash.new([revised_row].to_h)
125
+ end
107
126
  end
108
127
  end
109
128
  end
@@ -26,6 +26,8 @@ module Inspec::Resources
26
26
  @pkgs = Debs.new(inspec)
27
27
  elsif os.redhat? || %w{suse amazon fedora}.include?(os[:family])
28
28
  @pkgs = Rpms.new(inspec)
29
+ elsif ["alpine"].include?(os[:name])
30
+ @pkgs = AlpinePkgs.new(inspec)
29
31
  else
30
32
  return skip_resource "The packages resource is not yet supported on OS #{inspec.os.name}"
31
33
  end
@@ -108,4 +110,23 @@ module Inspec::Resources
108
110
  end
109
111
  end
110
112
  end
113
+
114
+ # RedHat family
115
+ class AlpinePkgs < PkgsManagement
116
+ def build_package_list
117
+ command = "apk list --no-network --installed"
118
+ cmd = inspec.command(command)
119
+ all = cmd.stdout.split("\n")
120
+ return [] if all.nil? || cmd.exit_status.to_i != 0
121
+
122
+ all.map do |m|
123
+ next if m =~ /^WARNING/i
124
+
125
+ a = m.split(" ")
126
+ version = a[0].split("-")[-2]
127
+ name = a[2].gsub(/[{}^]*/, "")
128
+ PackageStruct.new("installed", name, version, a[1])
129
+ end
130
+ end
131
+ end
111
132
  end
@@ -40,11 +40,12 @@ module Inspec::Resources
40
40
  end
41
41
  EXAMPLE
42
42
 
43
- def initialize(user, pass, host = nil, port = nil)
43
+ def initialize(user, pass, host = nil, port = nil, socket_path = nil)
44
44
  @user = user || "postgres"
45
45
  @pass = pass
46
46
  @host = host || "localhost"
47
47
  @port = port || 5432
48
+ @socket_path = socket_path
48
49
  raise Inspec::Exceptions::ResourceFailed, "Can't run PostgreSQL SQL checks without authentication." if @user.nil? || @pass.nil?
49
50
  end
50
51
 
@@ -69,10 +70,20 @@ module Inspec::Resources
69
70
 
70
71
  def create_psql_cmd(query, db = [])
71
72
  dbs = db.map { |x| "#{x}" }.join(" ")
72
- if inspec.os.windows?
73
- "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
73
+
74
+ if @socket_path && !inspec.os.windows?
75
+ # Socket path and empty host in the connection string establishes socket connection
76
+ # Socket connection only enabled for non-windows platforms
77
+ # Windows does not support unix domain sockets
78
+ "psql -d postgresql://#{@user}:#{@pass}@/#{dbs}?host=#{@socket_path} -A -t -w -c #{escaped_query(query)}"
74
79
  else
75
- "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
80
+ # Host in connection string establishes tcp/ip connection
81
+ if inspec.os.windows?
82
+ warn "Socket based connection not supported in windows, connecting using host" if @socket_path
83
+ "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
84
+ else
85
+ "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
86
+ end
76
87
  end
77
88
  end
78
89
  end
@@ -141,7 +141,7 @@ module Inspec::Resources
141
141
  elsif version > 0
142
142
  SysV.new(inspec, service_ctl || "/usr/sbin/service")
143
143
  end
144
- when "redhat", "fedora", "centos", "oracle", "cloudlinux", "scientific"
144
+ when "redhat", "fedora", "centos", "oracle", "cloudlinux", "scientific", "rocky", "almalinux"
145
145
  version = os[:release].to_i
146
146
 
147
147
  systemd = ((platform != "fedora" && version >= 7) ||
@@ -163,7 +163,12 @@ module Inspec::Resources
163
163
  when "mac_os_x", "darwin"
164
164
  LaunchCtl.new(inspec, service_ctl)
165
165
  when "freebsd"
166
- BSDInit.new(inspec, service_ctl)
166
+ version = os[:release].to_f
167
+ if version < 10
168
+ BSDInit.new(inspec, service_ctl)
169
+ else
170
+ FreeBSD10Init.new(inspec, service_ctl)
171
+ end
167
172
  when "arch"
168
173
  Systemd.new(inspec, service_ctl)
169
174
  when "coreos"
@@ -186,6 +191,8 @@ module Inspec::Resources
186
191
  Svcs.new(inspec)
187
192
  when "yocto"
188
193
  Systemd.new(inspec, service_ctl)
194
+ when "alpine"
195
+ SysV.new(inspec, service_ctl)
189
196
  end
190
197
  end
191
198
 
@@ -478,6 +485,7 @@ module Inspec::Resources
478
485
 
479
486
  # @see: https://www.freebsd.org/doc/en/articles/linux-users/startup.html
480
487
  # @see: https://www.freebsd.org/cgi/man.cgi?query=rc.conf&sektion=5
488
+ # @see: https://www.freebsd.org/cgi/man.cgi?query=rc&apropos=0&sektion=8&manpath=FreeBSD+9.3-RELEASE&arch=default&format=html
481
489
  class BSDInit < ServiceManager
482
490
  def initialize(service_name, service_ctl = nil)
483
491
  @service_ctl = service_ctl || "service"
@@ -485,17 +493,20 @@ module Inspec::Resources
485
493
  end
486
494
 
487
495
  def info(service_name)
488
- # check if service is enabled
489
- # services are enabled in /etc/rc.conf and /etc/defaults/rc.conf
490
- # via #{service_name}_enable="YES"
491
- # service SERVICE status returns the following result if not activated:
492
- # Cannot 'status' sshd. Set sshd_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.
493
- # gather all enabled services
496
+ # `service -e` lists all enabled services. Output format:
497
+ # % service -e
498
+ # /etc/rc.d/hostid
499
+ # /etc/rc.d/hostid_save
500
+ # /etc/rc.d/cleanvar
501
+ # /etc/rc.d/ip6addrctl
502
+ # /etc/rc.d/devd
503
+
494
504
  cmd = inspec.command("#{service_ctl} -e")
495
505
  return nil if cmd.exit_status != 0
496
506
 
497
507
  # search for the service
498
- srv = /(^.*#{service_name}$)/.match(cmd.stdout)
508
+
509
+ srv = %r{^.*/(#{service_name}$)}.match(cmd.stdout)
499
510
  return nil if srv.nil? || srv[0].nil?
500
511
 
501
512
  enabled = true
@@ -516,6 +527,37 @@ module Inspec::Resources
516
527
  end
517
528
  end
518
529
 
530
+ # @see: https://www.freebsd.org/doc/en/articles/linux-users/startup.html
531
+ # @see: https://www.freebsd.org/cgi/man.cgi?query=rc.conf&sektion=5
532
+ # @see: https://www.freebsd.org/cgi/man.cgi?query=rc&apropos=0&sektion=8&manpath=FreeBSD+10.0-RELEASE&arch=default&format=html
533
+ class FreeBSD10Init < ServiceManager
534
+ def initialize(service_name, service_ctl = nil)
535
+ @service_ctl = service_ctl || "service"
536
+ super
537
+ end
538
+
539
+ def info(service_name)
540
+ # check if service is enabled
541
+ cmd = inspec.command("#{service_ctl} #{service_name} enabled")
542
+
543
+ enabled = cmd.exit_status == 0
544
+
545
+ # check if the service is running
546
+ # if the service is not available or not running, we always get an error code
547
+ cmd = inspec.command("#{service_ctl} #{service_name} onestatus")
548
+ running = cmd.exit_status == 0
549
+
550
+ {
551
+ name: service_name,
552
+ description: nil,
553
+ installed: true,
554
+ running: running,
555
+ enabled: enabled,
556
+ type: "bsd-init",
557
+ }
558
+ end
559
+ end
560
+
519
561
  class Runit < ServiceManager
520
562
  def initialize(service_name, service_ctl = nil)
521
563
  @service_ctl = service_ctl || "sv"
@@ -782,7 +824,14 @@ module Inspec::Resources
782
824
  EXAMPLE
783
825
 
784
826
  def select_service_mgmt
785
- BSDInit.new(inspec, service_ctl)
827
+ os = inspec.os
828
+ version = os[:release].to_f
829
+
830
+ if version >= 10
831
+ FreeBSD10Init.new(inspec, service_ctl)
832
+ else
833
+ BSDInit.new(inspec, service_ctl)
834
+ end
786
835
  end
787
836
  end
788
837
 
@@ -38,6 +38,7 @@ module Inspec::Resources
38
38
  "tls1.0",
39
39
  "tls1.1",
40
40
  "tls1.2",
41
+ "tls1.3",
41
42
  ].freeze
42
43
 
43
44
  attr_reader :host, :port, :timeout, :retries
@@ -72,6 +73,11 @@ module Inspec::Resources
72
73
  protocol: proto, ciphers: e.map(&:cipher),
73
74
  timeout: x.resource.timeout, retries: x.resource.retries, servername: x.resource.host)]
74
75
  end
76
+
77
+ if !res[0].empty? && res[0][1].key?("error") && res[0][1]["error"].include?("Connection error Errno::ECONNREFUSED")
78
+ raise "#{res[0][1]["error"]}"
79
+ end
80
+
75
81
  Hash[res]
76
82
  end
77
83
  .install_filter_methods_on_resource(self, :scan_config)
@@ -89,6 +95,7 @@ module Inspec::Resources
89
95
  { "protocol" => "tls1.0", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys },
90
96
  { "protocol" => "tls1.1", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys },
91
97
  { "protocol" => "tls1.2", "ciphers" => SSLShake::TLS::TLS_CIPHERS.keys },
98
+ { "protocol" => "tls1.3", "ciphers" => SSLShake::TLS::TLS13_CIPHERS.keys },
92
99
  ].map do |line|
93
100
  line["ciphers"].map do |cipher|
94
101
  { "protocol" => line["protocol"], "cipher" => cipher }
@@ -0,0 +1,37 @@
1
+ require "inspec/resources/sybase_session"
2
+
3
+ module Inspec::Resources
4
+ class SybaseConf < Inspec.resource(1)
5
+ name "sybase_conf"
6
+ supports platform: "unix"
7
+ # supports platform: "windows" # TODO
8
+ desc "Use the sybase_conf InSpec resource to test Sybase config settings"
9
+ example <<~EXAMPLE
10
+ describe sybase_conf("max memory", password: 'password', server: 'SYBASE') do
11
+ its("run_value") { should cmp 180224 }
12
+ end
13
+ EXAMPLE
14
+
15
+ attr_reader :conf_param, :sql_query
16
+ def initialize(conf_param_name, opts = {})
17
+ @conf_param = conf_param_name
18
+ opts[:username] ||= "sa"
19
+ opts[:database] ||= "master"
20
+ sql_session = inspec.sybase_session(opts)
21
+ @sql_query = sql_session.query("sp_configure \"#{conf_param}\"")
22
+ end
23
+
24
+ def run_value
25
+ sql_query.row(0).column("Run Value").value
26
+ end
27
+
28
+ def config_value
29
+ sql_query.row(0).column("Config Value").value
30
+ end
31
+
32
+ def to_s
33
+ "Sybase Conf #{conf_param}"
34
+ end
35
+
36
+ end
37
+ end