inspec-core 5.17.4 → 5.21.29
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +20 -17
- data/etc/deprecations.json +4 -0
- data/inspec-core.gemspec +23 -23
- data/lib/inspec/base_cli.rb +7 -0
- data/lib/inspec/cli.rb +68 -11
- data/lib/inspec/dependencies/dependency_set.rb +6 -2
- data/lib/inspec/dsl.rb +24 -5
- data/lib/inspec/enhanced_outcomes.rb +19 -0
- data/lib/inspec/env_printer.rb +1 -1
- data/lib/inspec/errors.rb +2 -0
- data/lib/inspec/exceptions.rb +4 -0
- data/lib/inspec/fetcher/url.rb +1 -1
- data/lib/inspec/file_provider.rb +36 -0
- data/lib/inspec/formatters/base.rb +69 -16
- data/lib/inspec/iaf_file.rb +127 -0
- data/lib/inspec/plugin/v2/loader.rb +19 -8
- data/lib/inspec/plugin/v2/plugin_types/reporter.rb +1 -0
- data/lib/inspec/plugin/v2/plugin_types/streaming_reporter.rb +54 -0
- data/lib/inspec/profile.rb +17 -7
- data/lib/inspec/reporters/base.rb +1 -0
- data/lib/inspec/reporters/cli.rb +94 -3
- data/lib/inspec/reporters/json.rb +3 -1
- data/lib/inspec/reporters/yaml.rb +3 -1
- data/lib/inspec/reporters.rb +2 -1
- data/lib/inspec/resources/aide_conf.rb +4 -0
- data/lib/inspec/resources/apache.rb +4 -0
- data/lib/inspec/resources/apache_conf.rb +4 -0
- data/lib/inspec/resources/apt.rb +6 -1
- data/lib/inspec/resources/audit_policy.rb +5 -0
- data/lib/inspec/resources/auditd_conf.rb +4 -0
- data/lib/inspec/resources/bash.rb +4 -0
- data/lib/inspec/resources/bond.rb +4 -0
- data/lib/inspec/resources/bridge.rb +4 -0
- data/lib/inspec/resources/cassandradb_conf.rb +5 -0
- data/lib/inspec/resources/cassandradb_session.rb +8 -3
- data/lib/inspec/resources/chocolatey_package.rb +4 -0
- data/lib/inspec/resources/chrony_conf.rb +4 -0
- data/lib/inspec/resources/command.rb +5 -0
- data/lib/inspec/resources/cpan.rb +4 -0
- data/lib/inspec/resources/cran.rb +4 -0
- data/lib/inspec/resources/cron.rb +5 -0
- data/lib/inspec/resources/csv.rb +6 -1
- data/lib/inspec/resources/dh_params.rb +4 -0
- data/lib/inspec/resources/docker_container.rb +4 -0
- data/lib/inspec/resources/docker_image.rb +4 -0
- data/lib/inspec/resources/docker_plugin.rb +4 -0
- data/lib/inspec/resources/docker_service.rb +4 -0
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -0
- data/lib/inspec/resources/file.rb +7 -2
- data/lib/inspec/resources/filesystem.rb +4 -0
- data/lib/inspec/resources/gem.rb +4 -0
- data/lib/inspec/resources/groups.rb +4 -0
- data/lib/inspec/resources/grub_conf.rb +4 -0
- data/lib/inspec/resources/host.rb +4 -0
- data/lib/inspec/resources/http.rb +6 -2
- data/lib/inspec/resources/ibmdb2_conf.rb +8 -0
- data/lib/inspec/resources/ibmdb2_session.rb +12 -3
- data/lib/inspec/resources/iis_app.rb +4 -0
- data/lib/inspec/resources/iis_app_pool.rb +4 -0
- data/lib/inspec/resources/iis_site.rb +4 -0
- data/lib/inspec/resources/inetd_conf.rb +4 -0
- data/lib/inspec/resources/interface.rb +4 -0
- data/lib/inspec/resources/ip6tables.rb +4 -0
- data/lib/inspec/resources/ipfilter.rb +4 -0
- data/lib/inspec/resources/ipnat.rb +4 -0
- data/lib/inspec/resources/iptables.rb +4 -0
- data/lib/inspec/resources/json.rb +4 -0
- data/lib/inspec/resources/kernel_module.rb +4 -0
- data/lib/inspec/resources/kernel_parameter.rb +4 -0
- data/lib/inspec/resources/key_rsa.rb +4 -0
- data/lib/inspec/resources/ksh.rb +4 -0
- data/lib/inspec/resources/limits_conf.rb +4 -0
- data/lib/inspec/resources/login_defs.rb +4 -0
- data/lib/inspec/resources/lxc.rb +65 -9
- data/lib/inspec/resources/mongodb.rb +4 -0
- data/lib/inspec/resources/mongodb_conf.rb +5 -0
- data/lib/inspec/resources/mongodb_session.rb +6 -1
- data/lib/inspec/resources/mount.rb +4 -0
- data/lib/inspec/resources/mssql_session.rb +4 -0
- data/lib/inspec/resources/mssql_sys_conf.rb +7 -0
- data/lib/inspec/resources/mysql_conf.rb +4 -0
- data/lib/inspec/resources/mysql_session.rb +8 -1
- data/lib/inspec/resources/nginx.rb +6 -1
- data/lib/inspec/resources/nginx_conf.rb +4 -0
- data/lib/inspec/resources/noop.rb +4 -0
- data/lib/inspec/resources/npm.rb +4 -0
- data/lib/inspec/resources/ntp_conf.rb +4 -0
- data/lib/inspec/resources/oneget.rb +4 -0
- data/lib/inspec/resources/opa_api.rb +10 -0
- data/lib/inspec/resources/opa_cli.rb +14 -0
- data/lib/inspec/resources/oracledb_conf.rb +5 -0
- data/lib/inspec/resources/oracledb_listener_conf.rb +4 -0
- data/lib/inspec/resources/oracledb_session.rb +23 -4
- data/lib/inspec/resources/os.rb +4 -0
- data/lib/inspec/resources/os_env.rb +4 -0
- data/lib/inspec/resources/package.rb +4 -0
- data/lib/inspec/resources/parse_config.rb +10 -1
- data/lib/inspec/resources/pip.rb +4 -0
- data/lib/inspec/resources/platform.rb +4 -0
- data/lib/inspec/resources/podman.rb +353 -0
- data/lib/inspec/resources/podman_container.rb +84 -0
- data/lib/inspec/resources/podman_image.rb +108 -0
- data/lib/inspec/resources/podman_network.rb +81 -0
- data/lib/inspec/resources/podman_pod.rb +101 -0
- data/lib/inspec/resources/podman_volume.rb +87 -0
- data/lib/inspec/resources/postfix_conf.rb +4 -0
- data/lib/inspec/resources/postgres_conf.rb +4 -0
- data/lib/inspec/resources/postgres_session.rb +8 -4
- data/lib/inspec/resources/powershell.rb +4 -0
- data/lib/inspec/resources/processes.rb +6 -4
- data/lib/inspec/resources/rabbitmq_config.rb +4 -0
- data/lib/inspec/resources/registry_key.rb +4 -0
- data/lib/inspec/resources/security_identifier.rb +4 -0
- data/lib/inspec/resources/security_policy.rb +4 -0
- data/lib/inspec/resources/service.rb +5 -1
- data/lib/inspec/resources/ssh_config.rb +4 -0
- data/lib/inspec/resources/sybase_conf.rb +4 -0
- data/lib/inspec/resources/sybase_session.rb +4 -0
- data/lib/inspec/resources/sys_info.rb +4 -0
- data/lib/inspec/resources/timezone.rb +4 -0
- data/lib/inspec/resources/users.rb +4 -0
- data/lib/inspec/resources/vbscript.rb +5 -0
- data/lib/inspec/resources/virtualization.rb +4 -0
- data/lib/inspec/resources/windows_feature.rb +5 -1
- data/lib/inspec/resources/windows_firewall.rb +4 -0
- data/lib/inspec/resources/windows_firewall_rule.rb +4 -0
- data/lib/inspec/resources/windows_hotfix.rb +4 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +4 -0
- data/lib/inspec/resources/x509_certificate.rb +59 -0
- data/lib/inspec/resources/yum.rb +4 -0
- data/lib/inspec/resources/zfs_dataset.rb +4 -0
- data/lib/inspec/resources/zfs_pool.rb +4 -0
- data/lib/inspec/rule.rb +55 -18
- data/lib/inspec/run_data/control.rb +6 -0
- data/lib/inspec/run_data/statistics.rb +8 -2
- data/lib/inspec/runner.rb +18 -8
- data/lib/inspec/runner_rspec.rb +3 -2
- data/lib/inspec/schema/exec_json.rb +78 -2
- data/lib/inspec/schema/output_schema.rb +4 -1
- data/lib/inspec/schema/profile_json.rb +46 -0
- data/lib/inspec/schema.rb +91 -0
- data/lib/inspec/secrets/yaml.rb +7 -1
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/convert.rb +8 -0
- data/lib/inspec/utils/podman.rb +24 -0
- data/lib/inspec/utils/waivers/csv_file_reader.rb +34 -0
- data/lib/inspec/utils/waivers/excel_file_reader.rb +39 -0
- data/lib/inspec/utils/waivers/json_file_reader.rb +15 -0
- data/lib/inspec/utils/yaml_profile_summary.rb +34 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/inspec/waiver_file_reader.rb +61 -0
- data/lib/matchers/matchers.rb +7 -1
- data/lib/plugins/inspec-init/templates/profiles/alicloud/README.md +27 -0
- data/lib/plugins/inspec-init/templates/profiles/alicloud/controls/example.rb +10 -0
- data/lib/plugins/inspec-init/templates/profiles/alicloud/inputs.yml +1 -0
- data/lib/plugins/inspec-init/templates/profiles/alicloud/inspec.yml +14 -0
- data/lib/plugins/inspec-reporter-html2/README.md +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/body.html.erb +11 -5
- data/lib/plugins/inspec-reporter-html2/templates/control.html.erb +11 -7
- data/lib/plugins/inspec-reporter-html2/templates/default.css +12 -0
- data/lib/plugins/inspec-reporter-html2/templates/profile.html.erb +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/selector.html.erb +7 -1
- data/lib/plugins/{inspec-artifact/inspec-artifact.gemspec → inspec-sign/inspec-sign.gemspec} +2 -2
- data/lib/plugins/inspec-sign/lib/inspec-sign/base.rb +164 -0
- data/lib/plugins/{inspec-artifact/lib/inspec-artifact → inspec-sign/lib/inspec-sign}/cli.rb +14 -23
- data/lib/plugins/inspec-sign/lib/inspec-sign.rb +12 -0
- data/lib/plugins/inspec-streaming-reporter-progress-bar/lib/inspec-streaming-reporter-progress-bar/streaming_reporter.rb +39 -13
- data/lib/source_readers/inspec.rb +8 -2
- metadata +33 -15
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +0 -187
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +0 -12
@@ -0,0 +1,101 @@
|
|
1
|
+
require "inspec/resources/command"
|
2
|
+
require "inspec/utils/podman"
|
3
|
+
|
4
|
+
module Inspec::Resources
|
5
|
+
class PodmanPod < Inspec.resource(1)
|
6
|
+
include Inspec::Utils::Podman
|
7
|
+
|
8
|
+
name "podman_pod"
|
9
|
+
supports platform: "unix"
|
10
|
+
|
11
|
+
desc "InSpec core resource to retrieve information about podman pod"
|
12
|
+
|
13
|
+
example <<~EXAMPLE
|
14
|
+
describe podman_pod("nginx-frontend") do
|
15
|
+
it { should exist }
|
16
|
+
its("id") { should eq "fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4" }
|
17
|
+
its("name") { should eq "nginx-frontend" }
|
18
|
+
its("created_at") { should eq "2022-07-14T15:47:47.978078124+05:30" }
|
19
|
+
its("create_command") { should include "new:nginx-frontend" }
|
20
|
+
its("state") { should eq "Running" }
|
21
|
+
its("hostname") { should eq "" }
|
22
|
+
its("create_cgroup") { should eq true }
|
23
|
+
its("cgroup_parent") { should eq "user.slice" }
|
24
|
+
its("cgroup_path") { should eq "user.slice/user-libpod_pod_fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4.slice" }
|
25
|
+
its("create_infra") { should eq true }
|
26
|
+
its("infra_container_id") { should eq "727538044b32a165934729dc2d47d9d5e981b6496aebfad7de470f7e76ea4251" }
|
27
|
+
its("infra_config") { should include "DNSOption" }
|
28
|
+
its("shared_namespaces") { should include "ipc" }
|
29
|
+
its("num_containers") { should eq 2 }
|
30
|
+
its("containers") { should_not be nil }
|
31
|
+
end
|
32
|
+
|
33
|
+
describe podman_pod("non-existing-pod") do
|
34
|
+
it { should_not exist }
|
35
|
+
end
|
36
|
+
EXAMPLE
|
37
|
+
|
38
|
+
attr_reader :pod_info, :pod_id
|
39
|
+
|
40
|
+
def initialize(pod_id)
|
41
|
+
skip_resource "The `podman_pod` resource is not yet available on your OS." unless inspec.os.unix?
|
42
|
+
raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
|
43
|
+
|
44
|
+
@pod_id = pod_id
|
45
|
+
@pod_info = get_pod_info
|
46
|
+
end
|
47
|
+
|
48
|
+
LABELS = {
|
49
|
+
"id" => "ID",
|
50
|
+
"name" => "Name",
|
51
|
+
"created_at" => "Created",
|
52
|
+
"create_command" => "CreateCommand",
|
53
|
+
"state" => "State",
|
54
|
+
"hostname" => "Hostname",
|
55
|
+
"create_cgroup" => "CreateCgroup",
|
56
|
+
"cgroup_parent" => "CgroupParent",
|
57
|
+
"cgroup_path" => "CgroupPath",
|
58
|
+
"create_infra" => "CreateInfra",
|
59
|
+
"infra_container_id" => "InfraContainerID",
|
60
|
+
"infra_config" => "InfraConfig",
|
61
|
+
"shared_namespaces" => "SharedNamespaces",
|
62
|
+
"num_containers" => "NumContainers",
|
63
|
+
"containers" => "Containers",
|
64
|
+
}.freeze
|
65
|
+
|
66
|
+
# This creates all the required properties methods dynamically.
|
67
|
+
LABELS.each do |k, _|
|
68
|
+
define_method(k) do
|
69
|
+
pod_info[k.to_s]
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def exist?
|
74
|
+
!pod_info.empty?
|
75
|
+
end
|
76
|
+
|
77
|
+
def resource_id
|
78
|
+
pod_id
|
79
|
+
end
|
80
|
+
|
81
|
+
def to_s
|
82
|
+
"Podman Pod #{resource_id}"
|
83
|
+
end
|
84
|
+
|
85
|
+
private
|
86
|
+
|
87
|
+
def get_pod_info
|
88
|
+
json_key_label = generate_go_template(LABELS)
|
89
|
+
|
90
|
+
inspect_pod_cmd = inspec.command("podman pod inspect #{pod_id} --format '{#{json_key_label}}'")
|
91
|
+
|
92
|
+
if inspect_pod_cmd.exit_status == 0
|
93
|
+
parse_command_output(inspect_pod_cmd.stdout)
|
94
|
+
elsif inspect_pod_cmd.stderr =~ /no pod with name or ID/
|
95
|
+
{}
|
96
|
+
else
|
97
|
+
raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman pod information for #{pod_id}.\nError message: #{inspect_pod_cmd.stderr}"
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
@@ -0,0 +1,87 @@
|
|
1
|
+
require "inspec/resources/command"
|
2
|
+
require "inspec/utils/podman"
|
3
|
+
|
4
|
+
module Inspec::Resources
|
5
|
+
class PodmanVolume < Inspec.resource(1)
|
6
|
+
include Inspec::Utils::Podman
|
7
|
+
|
8
|
+
name "podman_volume"
|
9
|
+
supports platform: "unix"
|
10
|
+
|
11
|
+
desc "InSpec core resource to retrieve information about podman volume"
|
12
|
+
|
13
|
+
example <<~EXAMPLE
|
14
|
+
describe podman_volume("my_volume") do
|
15
|
+
it { should exist }
|
16
|
+
its("name") { should eq "my_volume" }
|
17
|
+
its("driver") { should eq "local" }
|
18
|
+
its("mountpoint") { should eq "/var/home/core/.local/share/containers/storage/volumes/my_volume/_data" }
|
19
|
+
its("created_at") { should eq "2022-07-14T13:21:19.965421792+05:30" }
|
20
|
+
its("labels") { should eq({}) }
|
21
|
+
its("scope") { should eq "local" }
|
22
|
+
its("options") { should eq({}) }
|
23
|
+
its("mount_count") { should eq 0 }
|
24
|
+
its("needs_copy_up") { should eq true }
|
25
|
+
its("needs_chown") { should eq true }
|
26
|
+
end
|
27
|
+
EXAMPLE
|
28
|
+
|
29
|
+
attr_reader :volume_info, :volume_name
|
30
|
+
|
31
|
+
def initialize(volume_name)
|
32
|
+
skip_resource "The `podman_volume` resource is not yet available on your OS." unless inspec.os.unix?
|
33
|
+
raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
|
34
|
+
|
35
|
+
@volume_name = volume_name
|
36
|
+
@volume_info = get_volume_info
|
37
|
+
end
|
38
|
+
|
39
|
+
LABELS = {
|
40
|
+
"name" => "Name",
|
41
|
+
"driver" => "Driver",
|
42
|
+
"mountpoint" => "Mountpoint",
|
43
|
+
"created_at" => "CreatedAt",
|
44
|
+
"labels" => "Labels",
|
45
|
+
"scope" => "Scope",
|
46
|
+
"options" => "Options",
|
47
|
+
"mount_count" => "MountCount",
|
48
|
+
"needs_copy_up" => "NeedsCopyUp",
|
49
|
+
"needs_chown" => "NeedsChown",
|
50
|
+
}.freeze
|
51
|
+
|
52
|
+
# This creates all the required properties methods dynamically.
|
53
|
+
LABELS.each do |k, _|
|
54
|
+
define_method(k) do
|
55
|
+
volume_info[k.to_s]
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
def exist?
|
60
|
+
!volume_info.empty?
|
61
|
+
end
|
62
|
+
|
63
|
+
def resource_id
|
64
|
+
volume_name
|
65
|
+
end
|
66
|
+
|
67
|
+
def to_s
|
68
|
+
"podman_volume #{resource_id}"
|
69
|
+
end
|
70
|
+
|
71
|
+
private
|
72
|
+
|
73
|
+
def get_volume_info
|
74
|
+
json_key_label = generate_go_template(LABELS)
|
75
|
+
|
76
|
+
inspect_volume_cmd = inspec.command("podman volume inspect #{volume_name} --format '{#{json_key_label}}'")
|
77
|
+
|
78
|
+
if inspect_volume_cmd.exit_status == 0
|
79
|
+
parse_command_output(inspect_volume_cmd.stdout)
|
80
|
+
elsif inspect_volume_cmd.stderr =~ /inspecting object: no such/
|
81
|
+
{}
|
82
|
+
else
|
83
|
+
raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman volume information for #{volume_name}.\nError message: #{inspect_volume_cmd.stderr}"
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
@@ -4,9 +4,9 @@ require "shellwords" unless defined?(Shellwords)
|
|
4
4
|
|
5
5
|
module Inspec::Resources
|
6
6
|
class Lines
|
7
|
-
attr_reader :output
|
7
|
+
attr_reader :output, :exit_status
|
8
8
|
|
9
|
-
def initialize(raw, desc)
|
9
|
+
def initialize(raw, desc, exit_status)
|
10
10
|
@output = raw
|
11
11
|
@desc = desc
|
12
12
|
end
|
@@ -58,12 +58,16 @@ module Inspec::Resources
|
|
58
58
|
if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && out.downcase =~ /error:/
|
59
59
|
raise Inspec::Exceptions::ResourceFailed, "PostgreSQL connection error: #{out}"
|
60
60
|
elsif cmd.exit_status != 0 && out.downcase =~ /error:/
|
61
|
-
Lines.new(out, "PostgreSQL query with error: #{query}")
|
61
|
+
Lines.new(out, "PostgreSQL query with error: #{query}", cmd.exit_status)
|
62
62
|
else
|
63
|
-
Lines.new(cmd.stdout.strip, "PostgreSQL query: #{query}")
|
63
|
+
Lines.new(cmd.stdout.strip, "PostgreSQL query: #{query}", cmd.exit_status)
|
64
64
|
end
|
65
65
|
end
|
66
66
|
|
67
|
+
def resource_id
|
68
|
+
"postgress_session:User:#{@user}:Host:#{@host}"
|
69
|
+
end
|
70
|
+
|
67
71
|
private
|
68
72
|
|
69
73
|
def escaped_query(query)
|
@@ -43,7 +43,7 @@ module Inspec::Resources
|
|
43
43
|
|
44
44
|
all_cmds = ps_axo
|
45
45
|
@list = all_cmds.find_all do |hm|
|
46
|
-
hm[:command] =~ grep
|
46
|
+
hm[:command] =~ grep || hm[:process_name] =~ grep
|
47
47
|
end
|
48
48
|
end
|
49
49
|
|
@@ -84,6 +84,7 @@ module Inspec::Resources
|
|
84
84
|
.register_column(:time, field: "time")
|
85
85
|
.register_column(:users, field: "user")
|
86
86
|
.register_column(:commands, field: "command")
|
87
|
+
.register_column(:process_name, field: "process_name")
|
87
88
|
.install_filter_methods_on_resource(self, :filtered_processes)
|
88
89
|
|
89
90
|
private
|
@@ -98,9 +99,9 @@ module Inspec::Resources
|
|
98
99
|
if os.linux?
|
99
100
|
command, regex, field_map = ps_configuration_for_linux
|
100
101
|
elsif os.windows?
|
101
|
-
command = '$Proc = Get-Process -IncludeUserName |
|
102
|
+
command = '$Proc = Get-Process -IncludeUserName | Select-Object PriorityClass,Id,CPU,PM,VirtualMemorySize,NPM,SessionId,Responding,StartTime,TotalProcessorTime,UserName,Path,ProcessName | ConvertTo-Csv -NoTypeInformation;$Proc.Replace("""","").Replace("`r`n","`n")'
|
102
103
|
# Wanted to use /(?:^|,)([^,]*)/; works on rubular.com not sure why here?
|
103
|
-
regex = /^(
|
104
|
+
regex = /^(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*)$/
|
104
105
|
field_map = {
|
105
106
|
pid: 2,
|
106
107
|
cpu: 3,
|
@@ -113,6 +114,7 @@ module Inspec::Resources
|
|
113
114
|
time: 10,
|
114
115
|
user: 11,
|
115
116
|
command: 12,
|
117
|
+
process_name: 13,
|
116
118
|
}
|
117
119
|
else
|
118
120
|
command = "ps axo pid,pcpu,pmem,vsz,rss,tty,stat,start,time,user,command"
|
@@ -204,7 +206,7 @@ module Inspec::Resources
|
|
204
206
|
|
205
207
|
# build a hash of process data that we'll turn into a struct for FilterTable
|
206
208
|
process_data = {}
|
207
|
-
%i{label pid cpu mem vsz rss tty stat start time user command}.each do |param|
|
209
|
+
%i{label pid cpu mem vsz rss tty stat start time user command process_name}.each do |param|
|
208
210
|
# not all operating systems support all fields, so skip the field if we don't have it
|
209
211
|
process_data[param] = line[field_map[param]] if field_map.key?(param)
|
210
212
|
end
|
@@ -297,6 +297,10 @@ module Inspec::Resources
|
|
297
297
|
current_monitoring_tool.is_service_monitored?
|
298
298
|
end
|
299
299
|
|
300
|
+
def resource_id
|
301
|
+
@service_name || "Service"
|
302
|
+
end
|
303
|
+
|
300
304
|
def to_s
|
301
305
|
"Service #{@service_name}"
|
302
306
|
end
|
@@ -642,7 +646,7 @@ module Inspec::Resources
|
|
642
646
|
return nil if srv.nil? || srv[0].nil?
|
643
647
|
|
644
648
|
# extract values from service
|
645
|
-
parsed_srv = /^(?<pid>[0-9-]+)\t(?<exit>[0-9]+)\t(?<name>\S*)$/.match(srv[0])
|
649
|
+
parsed_srv = /^(?<pid>[0-9-]+)\t(?<exit>[\-0-9]+)\t(?<name>\S*)$/.match(srv[0])
|
646
650
|
enabled = !parsed_srv["name"].nil? # it's in the list
|
647
651
|
|
648
652
|
# check if the service is running
|
@@ -51,6 +51,11 @@ module Inspec::Resources
|
|
51
51
|
@result ||= parse_stdout
|
52
52
|
end
|
53
53
|
|
54
|
+
# vbscript can be of multiple lines so that can't be used as UUID so using the hardcoded string.
|
55
|
+
def resource_id
|
56
|
+
"Windows VBScript"
|
57
|
+
end
|
58
|
+
|
54
59
|
def to_s
|
55
60
|
"Windows VBScript"
|
56
61
|
end
|
data/lib/inspec/resources/wmi.rb
CHANGED
@@ -83,6 +83,11 @@ module Inspec::Resources
|
|
83
83
|
@parsed_subject = Hashie::Mash.new(Hash[@cert.subject.to_a.map { |k, v, _| [k, v] }])
|
84
84
|
end
|
85
85
|
|
86
|
+
# This property is equivalent to subject.emailAddress
|
87
|
+
def email
|
88
|
+
subject.emailAddress
|
89
|
+
end
|
90
|
+
|
86
91
|
def issuer_dn
|
87
92
|
return if @cert.nil?
|
88
93
|
|
@@ -104,6 +109,8 @@ module Inspec::Resources
|
|
104
109
|
@cert.public_key.n.num_bytes * 8
|
105
110
|
end
|
106
111
|
|
112
|
+
alias :keylength :key_length
|
113
|
+
|
107
114
|
def validity_in_days
|
108
115
|
(not_after - Time.now.utc) / 86400
|
109
116
|
end
|
@@ -138,6 +145,50 @@ module Inspec::Resources
|
|
138
145
|
@extensions
|
139
146
|
end
|
140
147
|
|
148
|
+
# check purpose of the certificate
|
149
|
+
def has_purpose?(purpose)
|
150
|
+
# If we have the filepath in our options we use the filepath to fetch the purposes.
|
151
|
+
# Else, we create a temporary file and write the content to that file.
|
152
|
+
# Then, use the temporary file to fetch the purposes.
|
153
|
+
# Todo: Check if this can be optimized or improved.
|
154
|
+
|
155
|
+
if @opts[:filepath]
|
156
|
+
cert_purpose = fetch_purpose(@opts[:filepath])
|
157
|
+
else
|
158
|
+
begin
|
159
|
+
f = File.open("temporary_certificate.pem", "w")
|
160
|
+
f.write(@cert.to_pem)
|
161
|
+
f.rewind
|
162
|
+
cert_purpose = fetch_purpose("temporary_certificate.pem")
|
163
|
+
ensure
|
164
|
+
f.close unless f.nil? || f.closed?
|
165
|
+
File.delete("temporary_certificate.pem") if File.exist? "temporary_certificate.pem"
|
166
|
+
end
|
167
|
+
end
|
168
|
+
cert_purpose =~ /purpose/ ? true : false
|
169
|
+
end
|
170
|
+
|
171
|
+
def fetch_purpose(cert_file_or_path)
|
172
|
+
openssl_utility = check_openssl_or_error
|
173
|
+
|
174
|
+
# The below command is used to view the Certificate purposes
|
175
|
+
# The -in argument expects a certificate file or path to certificate file.
|
176
|
+
cert_purpose_cmd = "#{openssl_utility} x509 -noout -purpose -in #{cert_file_or_path}"
|
177
|
+
cert_purpose = inspec.command(cert_purpose_cmd)
|
178
|
+
|
179
|
+
raise Inspec::Exceptions::ResourceFailed, "Executing #{cert_purpose_cmd} failed: #{cert_purpose.stderr}" if cert_purpose.exit_status.to_i != 0
|
180
|
+
|
181
|
+
cert_purpose.stdout
|
182
|
+
end
|
183
|
+
|
184
|
+
def subject_alt_names
|
185
|
+
extensions["subjectAltName"]
|
186
|
+
end
|
187
|
+
|
188
|
+
def resource_id
|
189
|
+
@opts[:filepath] || subject.CN || "x509 Certificate"
|
190
|
+
end
|
191
|
+
|
141
192
|
def to_s
|
142
193
|
cert = @opts[:filepath]
|
143
194
|
cert ||= subject.CN
|
@@ -153,5 +204,13 @@ module Inspec::Resources
|
|
153
204
|
opts
|
154
205
|
end
|
155
206
|
end
|
207
|
+
|
208
|
+
def check_openssl_or_error
|
209
|
+
%w{/usr/sbin/openssl /usr/bin/openssl /sbin/openssl /bin/openssl openssl}.each do |cmd|
|
210
|
+
return cmd if inspec.command(cmd).exist?
|
211
|
+
end
|
212
|
+
|
213
|
+
raise Inspec::Exceptions::ResourceFailed, "Could not find `openssl` on your system."
|
214
|
+
end
|
156
215
|
end
|
157
216
|
end
|
data/lib/inspec/resources/yum.rb
CHANGED