inspec 0.10.1 → 0.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +33 -2
- data/Gemfile +6 -0
- data/bin/inspec +5 -1
- data/docs/dsl_inspec.rst +1 -1
- data/docs/resources.rst +39 -2
- data/examples/resource/controls/tiny.rb +3 -0
- data/examples/resource/inspec.yml +10 -0
- data/examples/resource/libraries/tiny.rb +3 -0
- data/lib/bundles/inspec-compliance/cli.rb +1 -1
- data/lib/bundles/inspec-supermarket/README.md +0 -19
- data/lib/bundles/inspec-supermarket/api.rb +46 -22
- data/lib/bundles/inspec-supermarket/cli.rb +13 -18
- data/lib/bundles/inspec-supermarket/target.rb +6 -23
- data/lib/inspec/plugins.rb +4 -4
- data/lib/inspec/plugins/cli.rb +4 -4
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/apache_conf.rb +8 -0
- data/lib/resources/auditd_rules.rb +163 -14
- data/lib/resources/registry_key.rb +5 -5
- data/lib/resources/script.rb +7 -9
- data/lib/utils/filter_array.rb +28 -0
- data/test/helper.rb +5 -2
- data/test/integration/cookbooks/os_prepare/metadata.rb +2 -0
- data/test/integration/cookbooks/os_prepare/recipes/auditctl.rb +8 -0
- data/test/integration/cookbooks/os_prepare/recipes/default.rb +13 -3
- data/test/integration/test/integration/default/apache_conf_spec.rb +15 -0
- data/test/integration/test/integration/default/auditd_rules_spec.rb +32 -0
- data/test/unit/mock/cmd/auditctl +3 -7
- data/test/unit/mock/cmd/auditctl-legacy +7 -0
- data/test/unit/mock/cmd/auditctl-s +8 -0
- data/test/unit/mock/profiles/resource-tiny/inspec.yml +10 -0
- data/test/unit/mock/profiles/resource-tiny/libraries/resource.rb +3 -0
- data/test/unit/plugin_test.rb +5 -6
- data/test/unit/resources/auditd_rules_test.rb +80 -10
- data/test/unit/resources/script_test.rb +5 -1
- data/test/unit/utils/filter_array_test.rb +59 -0
- data/test/unit/{simpleconfig_test.rb → utils/simpleconfig_test.rb} +0 -0
- metadata +25 -542
- data/bin/os +0 -23
- data/examples/kitchen-ansible/.kitchen/default-ubuntu-1404.yml +0 -6
- data/examples/kitchen-ansible/.kitchen/kitchen-vagrant/kitchen-kitchen-ansible-default-ubuntu-1404/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/examples/kitchen-ansible/.kitchen/kitchen-vagrant/kitchen-kitchen-ansible-default-ubuntu-1404/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/examples/kitchen-ansible/.kitchen/kitchen-vagrant/kitchen-kitchen-ansible-default-ubuntu-1404/.vagrant/machines/default/virtualbox/id +0 -1
- data/examples/kitchen-ansible/.kitchen/kitchen-vagrant/kitchen-kitchen-ansible-default-ubuntu-1404/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/examples/kitchen-ansible/.kitchen/kitchen-vagrant/kitchen-kitchen-ansible-default-ubuntu-1404/.vagrant/machines/default/virtualbox/private_key +0 -27
- data/examples/kitchen-ansible/.kitchen/kitchen-vagrant/kitchen-kitchen-ansible-default-ubuntu-1404/.vagrant/machines/default/virtualbox/synced_folders +0 -1
- data/examples/kitchen-ansible/.kitchen/kitchen-vagrant/kitchen-kitchen-ansible-default-ubuntu-1404/Vagrantfile +0 -9
- data/examples/kitchen-ansible/.kitchen/logs/default-centos-71.log +0 -0
- data/examples/kitchen-ansible/.kitchen/logs/default-ubuntu-1204.log +0 -0
- data/examples/kitchen-ansible/.kitchen/logs/default-ubuntu-1404.log +0 -395
- data/examples/kitchen-ansible/.kitchen/logs/kitchen.log +0 -3
- data/examples/kitchen-ansible/Gemfile.lock +0 -158
- data/examples/kitchen-ansible/test/.DS_Store +0 -0
- data/examples/kitchen-ansible/test/integration/.DS_Store +0 -0
- data/examples/kitchen-azure/.kitchen.yml +0 -30
- data/examples/kitchen-azure/.kitchen/default-debian-80-20151022-x86-64.yml +0 -1
- data/examples/kitchen-azure/.kitchen/default-ubuntu-1204.yml +0 -9
- data/examples/kitchen-azure/.kitchen/logs/default-debian-80-20151022-x86-64.log +0 -59
- data/examples/kitchen-azure/.kitchen/logs/default-ubuntu-1204.log +0 -27
- data/examples/kitchen-azure/.kitchen/logs/default-windows2012-r2.log +0 -0
- data/examples/kitchen-azure/.kitchen/logs/kitchen.log +0 -29
- data/examples/kitchen-azure/Berksfile +0 -3
- data/examples/kitchen-azure/Gemfile +0 -20
- data/examples/kitchen-azure/Gemfile.lock +0 -273
- data/examples/kitchen-azure/README.md +0 -14
- data/examples/kitchen-azure/credentials.sh +0 -0
- data/examples/kitchen-azure/metadata.rb +0 -7
- data/examples/kitchen-azure/recipes/default.rb +0 -6
- data/examples/kitchen-azure/recipes/nginx.rb +0 -30
- data/examples/kitchen-azure/test/integration/default/web_spec.rb +0 -28
- data/examples/kitchen-chef/.kitchen/default-ubuntu-1404.yml +0 -6
- data/examples/kitchen-chef/.kitchen/kitchen-vagrant/kitchen-kitchen-chef-default-ubuntu-1404/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/examples/kitchen-chef/.kitchen/kitchen-vagrant/kitchen-kitchen-chef-default-ubuntu-1404/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/examples/kitchen-chef/.kitchen/kitchen-vagrant/kitchen-kitchen-chef-default-ubuntu-1404/.vagrant/machines/default/virtualbox/id +0 -1
- data/examples/kitchen-chef/.kitchen/kitchen-vagrant/kitchen-kitchen-chef-default-ubuntu-1404/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/examples/kitchen-chef/.kitchen/kitchen-vagrant/kitchen-kitchen-chef-default-ubuntu-1404/.vagrant/machines/default/virtualbox/private_key +0 -27
- data/examples/kitchen-chef/.kitchen/kitchen-vagrant/kitchen-kitchen-chef-default-ubuntu-1404/.vagrant/machines/default/virtualbox/synced_folders +0 -1
- data/examples/kitchen-chef/.kitchen/kitchen-vagrant/kitchen-kitchen-chef-default-ubuntu-1404/Vagrantfile +0 -9
- data/examples/kitchen-chef/.kitchen/logs/default-centos-71.log +0 -0
- data/examples/kitchen-chef/.kitchen/logs/default-ubuntu-1204.log +0 -0
- data/examples/kitchen-chef/.kitchen/logs/default-ubuntu-1404.log +0 -3
- data/examples/kitchen-chef/.kitchen/logs/kitchen.log +0 -3
- data/examples/kitchen-chef/Berksfile.lock +0 -11
- data/examples/kitchen-chef/Gemfile.lock +0 -226
- data/examples/kitchen-chef/test/integration/.DS_Store +0 -0
- data/examples/kitchen-puppet/.bundle/config +0 -2
- data/examples/kitchen-puppet/.kitchen/default-ubuntu-1404.yml +0 -6
- data/examples/kitchen-puppet/.kitchen/kitchen-vagrant/kitchen-kitchen-puppet-default-ubuntu-1404/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/examples/kitchen-puppet/.kitchen/kitchen-vagrant/kitchen-kitchen-puppet-default-ubuntu-1404/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/examples/kitchen-puppet/.kitchen/kitchen-vagrant/kitchen-kitchen-puppet-default-ubuntu-1404/.vagrant/machines/default/virtualbox/id +0 -1
- data/examples/kitchen-puppet/.kitchen/kitchen-vagrant/kitchen-kitchen-puppet-default-ubuntu-1404/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/examples/kitchen-puppet/.kitchen/kitchen-vagrant/kitchen-kitchen-puppet-default-ubuntu-1404/.vagrant/machines/default/virtualbox/private_key +0 -27
- data/examples/kitchen-puppet/.kitchen/kitchen-vagrant/kitchen-kitchen-puppet-default-ubuntu-1404/.vagrant/machines/default/virtualbox/synced_folders +0 -1
- data/examples/kitchen-puppet/.kitchen/kitchen-vagrant/kitchen-kitchen-puppet-default-ubuntu-1404/Vagrantfile +0 -9
- data/examples/kitchen-puppet/.kitchen/logs/default-centos-71.log +0 -0
- data/examples/kitchen-puppet/.kitchen/logs/default-ubuntu-1204.log +0 -0
- data/examples/kitchen-puppet/.kitchen/logs/default-ubuntu-1404.log +0 -305
- data/examples/kitchen-puppet/.kitchen/logs/kitchen.log +0 -6
- data/examples/kitchen-puppet/.librarian/puppet/config +0 -2
- data/examples/kitchen-puppet/Gemfile.lock +0 -175
- data/examples/kitchen-puppet/Puppetfile.lock +0 -2
- data/examples/kitchen-puppet/test/integration/.DS_Store +0 -0
- data/examples/kitchen-puppet/test/integration/default/.DS_Store +0 -0
- data/examples/profile/libraries/.DS_Store +0 -0
- data/examples/test-kitchen/.kitchen/logs/default-centos-71.log +0 -5
- data/examples/test-kitchen/.kitchen/logs/default-ubuntu-1204.log +0 -5
- data/examples/test-kitchen/.kitchen/logs/default-ubuntu-1404.log +0 -5
- data/examples/test-kitchen/.kitchen/logs/kitchen.log +0 -5
- data/examples/test-kitchen/Berksfile.lock +0 -11
- data/examples/test-kitchen/Gemfile.lock +0 -233
- data/lib/.DS_Store +0 -0
- data/lib/bundles/inspec-compliance/TODO.md +0 -4
- data/lib/bundles/inspec-supermarket.rb +0 -14
- data/lib/bundles/inspec-supermarket/TODO.md +0 -5
- data/lib/bundles/inspec-supermarket/cache.rb +0 -30
- data/test/chefdk/.gitignore +0 -16
- data/test/chefdk/.kitchen.yml +0 -27
- data/test/chefdk/Policyfile.rb +0 -16
- data/test/chefdk/README.md +0 -4
- data/test/chefdk/chefignore +0 -100
- data/test/chefdk/metadata.rb +0 -7
- data/test/chefdk/recipes/default.rb +0 -5
- data/test/chefdk/spec/spec_helper.rb +0 -2
- data/test/chefdk/spec/unit/recipes/default_spec.rb +0 -20
- data/test/chefdk/test/integration/default/serverspec/default_spec.rb +0 -9
- data/test/chefdk/test/integration/helpers/serverspec/spec_helper.rb +0 -8
- data/test/integration/.kitchen.chef.yml +0 -29
- data/test/integration/.kitchen.shell.yml +0 -19
- data/test/integration/.kitchen/default-aws-linux.yml +0 -4
- data/test/integration/.kitchen/default-centos-7.yml +0 -4
- data/test/integration/.kitchen/default-chef-solaris-1011.yml +0 -6
- data/test/integration/.kitchen/default-chef-solaris-113.yml +0 -6
- data/test/integration/.kitchen/default-chef-windows-server-2008r2-standard.yml +0 -7
- data/test/integration/.kitchen/default-chris-rock-omnios-r151014.yml +0 -6
- data/test/integration/.kitchen/default-debian-8.yml +0 -4
- data/test/integration/.kitchen/default-debian-81.yml +0 -6
- data/test/integration/.kitchen/default-fedora-22.yml +0 -4
- data/test/integration/.kitchen/default-omniti-omnios-r151014.yml +0 -1
- data/test/integration/.kitchen/default-redhat-65.yml +0 -4
- data/test/integration/.kitchen/default-redhat-71.yml +0 -4
- data/test/integration/.kitchen/default-suse-11sp3.yml +0 -4
- data/test/integration/.kitchen/default-suse-12.yml +0 -4
- data/test/integration/.kitchen/default-suse-hi11sp3.yml +0 -4
- data/test/integration/.kitchen/default-ubuntu-1204.yml +0 -4
- data/test/integration/.kitchen/default-ubuntu-1404.yml +0 -4
- data/test/integration/.kitchen/default-ubuntu-1510.yml +0 -4
- data/test/integration/.kitchen/default-windows-2008.yml +0 -5
- data/test/integration/.kitchen/default-windows-2012.yml +0 -1
- data/test/integration/.kitchen/default-windows-2012r2.yml +0 -6
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-centos-67-i386/Vagrantfile +0 -9
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-1011/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-1011/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-1011/.vagrant/machines/default/virtualbox/id +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-1011/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-1011/.vagrant/machines/default/virtualbox/private_key +0 -27
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-1011/.vagrant/machines/default/virtualbox/synced_folders +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-1011/Vagrantfile +0 -8
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-113/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-113/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-113/.vagrant/machines/default/virtualbox/id +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-113/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-113/.vagrant/machines/default/virtualbox/private_key +0 -27
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-113/.vagrant/machines/default/virtualbox/synced_folders +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-113/Vagrantfile +0 -8
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2008r2-standard/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2008r2-standard/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2008r2-standard/.vagrant/machines/default/virtualbox/id +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2008r2-standard/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2008r2-standard/.vagrant/machines/default/virtualbox/synced_folders +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2008r2-standard/Vagrantfile +0 -7
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/.vagrant/machines/default/virtualbox/id +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/.vagrant/machines/default/virtualbox/private_key +0 -27
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/.vagrant/machines/default/virtualbox/synced_folders +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/Vagrantfile +0 -8
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/.vagrant/machines/default/virtualbox/id +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/.vagrant/machines/default/virtualbox/private_key +0 -27
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/.vagrant/machines/default/virtualbox/synced_folders +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/Vagrantfile +0 -9
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-modernIE-w10-edge/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-modernIE-w10-edge/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-modernIE-w10-edge/.vagrant/machines/default/virtualbox/id +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-modernIE-w10-edge/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-modernIE-w10-edge/Vagrantfile +0 -8
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-omniti-omnios-r151014/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-omniti-omnios-r151014/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-omniti-omnios-r151014/.vagrant/machines/default/virtualbox/id +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-omniti-omnios-r151014/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-omniti-omnios-r151014/.vagrant/machines/default/virtualbox/private_key +0 -27
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-omniti-omnios-r151014/Vagrantfile +0 -8
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1204/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1204/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1204/.vagrant/machines/default/virtualbox/id +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1204/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1204/.vagrant/machines/default/virtualbox/private_key +0 -27
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1204/.vagrant/machines/default/virtualbox/synced_folders +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1204/Vagrantfile +0 -9
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1404/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1404/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1404/.vagrant/machines/default/virtualbox/id +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1404/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1404/.vagrant/machines/default/virtualbox/private_key +0 -27
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1404/.vagrant/machines/default/virtualbox/synced_folders +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1404/Vagrantfile +0 -9
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-windows-2012R2-matt/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-windows-2012R2-matt/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-windows-2012R2-matt/.vagrant/machines/default/virtualbox/id +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-windows-2012R2-matt/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-windows-2012R2-matt/Vagrantfile +0 -8
- data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-new-ubuntu-1404/Vagrantfile +0 -9
- data/test/integration/.kitchen/logs/default-aws-linux.log +0 -0
- data/test/integration/.kitchen/logs/default-centos-511-i386.log +0 -0
- data/test/integration/.kitchen/logs/default-centos-511.log +0 -0
- data/test/integration/.kitchen/logs/default-centos-67-i386.log +0 -0
- data/test/integration/.kitchen/logs/default-centos-67.log +0 -0
- data/test/integration/.kitchen/logs/default-centos-7.log +0 -0
- data/test/integration/.kitchen/logs/default-centos-71.log +0 -0
- data/test/integration/.kitchen/logs/default-chef-solaris-1011.log +0 -0
- data/test/integration/.kitchen/logs/default-chef-solaris-113.log +0 -0
- data/test/integration/.kitchen/logs/default-chef-windows-server-2008r2-standard.log +0 -43
- data/test/integration/.kitchen/logs/default-chef-windows-server-2012r2-standard.log +0 -0
- data/test/integration/.kitchen/logs/default-chris-rock-omnios-r151014.log +0 -41
- data/test/integration/.kitchen/logs/default-debian-6010-i386.log +0 -0
- data/test/integration/.kitchen/logs/default-debian-6010.log +0 -0
- data/test/integration/.kitchen/logs/default-debian-78-i386.log +0 -0
- data/test/integration/.kitchen/logs/default-debian-78.log +0 -0
- data/test/integration/.kitchen/logs/default-debian-8.log +0 -0
- data/test/integration/.kitchen/logs/default-debian-81-i386.log +0 -0
- data/test/integration/.kitchen/logs/default-debian-81.log +0 -240
- data/test/integration/.kitchen/logs/default-dusank-oi-server.log +0 -0
- data/test/integration/.kitchen/logs/default-fedora-21-i386.log +0 -0
- data/test/integration/.kitchen/logs/default-fedora-21.log +0 -0
- data/test/integration/.kitchen/logs/default-fedora-22.log +0 -0
- data/test/integration/.kitchen/logs/default-freebsd-102.log +0 -0
- data/test/integration/.kitchen/logs/default-freebsd-93.log +0 -0
- data/test/integration/.kitchen/logs/default-livinginthepast-smartos-base64.log +0 -0
- data/test/integration/.kitchen/logs/default-mint-172-cinnamon.log +0 -0
- data/test/integration/.kitchen/logs/default-modernIE-w10-edge.log +0 -2
- data/test/integration/.kitchen/logs/default-modernIE-w7-ie11.log +0 -2
- data/test/integration/.kitchen/logs/default-modernIE-w81-ie11.log +0 -2
- data/test/integration/.kitchen/logs/default-omniti-omnios-r151014.log +0 -0
- data/test/integration/.kitchen/logs/default-opensuse-132-i386.log +0 -0
- data/test/integration/.kitchen/logs/default-opensuse-132-x86-64.log +0 -0
- data/test/integration/.kitchen/logs/default-opentable-win-2008r2-standard-amd64-nocm.log +0 -0
- data/test/integration/.kitchen/logs/default-opentable-win-2012r2-standard-amd64-nocm.log +0 -0
- data/test/integration/.kitchen/logs/default-redhat-65.log +0 -0
- data/test/integration/.kitchen/logs/default-redhat-71.log +0 -0
- data/test/integration/.kitchen/logs/default-suse-11sp3.log +0 -0
- data/test/integration/.kitchen/logs/default-suse-12.log +0 -0
- data/test/integration/.kitchen/logs/default-suse-hi11sp3.log +0 -37
- data/test/integration/.kitchen/logs/default-ubuntu-1004-i386.log +0 -0
- data/test/integration/.kitchen/logs/default-ubuntu-1004.log +0 -0
- data/test/integration/.kitchen/logs/default-ubuntu-1204-i386.log +0 -0
- data/test/integration/.kitchen/logs/default-ubuntu-1204.log +0 -23
- data/test/integration/.kitchen/logs/default-ubuntu-1404-i386.log +0 -0
- data/test/integration/.kitchen/logs/default-ubuntu-1404.log +0 -0
- data/test/integration/.kitchen/logs/default-ubuntu-1510.log +0 -0
- data/test/integration/.kitchen/logs/default-windows-2008-opentable.log +0 -2
- data/test/integration/.kitchen/logs/default-windows-2008.log +0 -0
- data/test/integration/.kitchen/logs/default-windows-2012.log +0 -0
- data/test/integration/.kitchen/logs/default-windows-2012R2-matt.log +0 -2
- data/test/integration/.kitchen/logs/default-windows-2012r2-opentable.log +0 -2
- data/test/integration/.kitchen/logs/default-windows-2012r2.log +0 -0
- data/test/integration/.kitchen/logs/default-winrm.log +0 -0
- data/test/integration/.kitchen/logs/kitchen.log +0 -3
- data/test/integration/.kitchen/logs/new-centos-511-i386.log +0 -0
- data/test/integration/.kitchen/logs/new-centos-511.log +0 -0
- data/test/integration/.kitchen/logs/new-centos-67-i386.log +0 -0
- data/test/integration/.kitchen/logs/new-centos-67.log +0 -0
- data/test/integration/.kitchen/logs/new-centos-71.log +0 -0
- data/test/integration/.kitchen/logs/new-debian-6010-i386.log +0 -0
- data/test/integration/.kitchen/logs/new-debian-6010.log +0 -0
- data/test/integration/.kitchen/logs/new-debian-78-i386.log +0 -0
- data/test/integration/.kitchen/logs/new-debian-78.log +0 -0
- data/test/integration/.kitchen/logs/new-debian-81-i386.log +0 -0
- data/test/integration/.kitchen/logs/new-debian-81.log +0 -0
- data/test/integration/.kitchen/logs/new-fedora-21-i386.log +0 -0
- data/test/integration/.kitchen/logs/new-fedora-21.log +0 -0
- data/test/integration/.kitchen/logs/new-fedora-22.log +0 -0
- data/test/integration/.kitchen/logs/new-freebsd-102.log +0 -0
- data/test/integration/.kitchen/logs/new-freebsd-93.log +0 -0
- data/test/integration/.kitchen/logs/new-opensuse-132-i386.log +0 -0
- data/test/integration/.kitchen/logs/new-opensuse-132-x86-64.log +0 -0
- data/test/integration/.kitchen/logs/new-ubuntu-1004-i386.log +0 -0
- data/test/integration/.kitchen/logs/new-ubuntu-1004.log +0 -0
- data/test/integration/.kitchen/logs/new-ubuntu-1204-i386.log +0 -0
- data/test/integration/.kitchen/logs/new-ubuntu-1204.log +0 -0
- data/test/integration/.kitchen/logs/new-ubuntu-1404-i386.log +0 -0
- data/test/integration/.kitchen/logs/new-ubuntu-1404.log +0 -3
- data/test/integration/.kitchen/logs/test-centos-511-i386.log +0 -0
- data/test/integration/.kitchen/logs/test-centos-511.log +0 -0
- data/test/integration/.kitchen/logs/test-centos-67-i386.log +0 -0
- data/test/integration/.kitchen/logs/test-centos-67.log +0 -0
- data/test/integration/.kitchen/logs/test-centos-71.log +0 -0
- data/test/integration/.kitchen/logs/test-debian-6010-i386.log +0 -0
- data/test/integration/.kitchen/logs/test-debian-6010.log +0 -0
- data/test/integration/.kitchen/logs/test-debian-78-i386.log +0 -0
- data/test/integration/.kitchen/logs/test-debian-78.log +0 -0
- data/test/integration/.kitchen/logs/test-debian-81-i386.log +0 -0
- data/test/integration/.kitchen/logs/test-debian-81.log +0 -0
- data/test/integration/.kitchen/logs/test-fedora-21-i386.log +0 -0
- data/test/integration/.kitchen/logs/test-fedora-21.log +0 -0
- data/test/integration/.kitchen/logs/test-fedora-22.log +0 -0
- data/test/integration/.kitchen/logs/test-freebsd-102.log +0 -0
- data/test/integration/.kitchen/logs/test-freebsd-93.log +0 -0
- data/test/integration/.kitchen/logs/test-opensuse-132-i386.log +0 -0
- data/test/integration/.kitchen/logs/test-opensuse-132-x86-64.log +0 -0
- data/test/integration/.kitchen/logs/test-ubuntu-1004-i386.log +0 -0
- data/test/integration/.kitchen/logs/test-ubuntu-1004.log +0 -0
- data/test/integration/.kitchen/logs/test-ubuntu-1204-i386.log +0 -0
- data/test/integration/.kitchen/logs/test-ubuntu-1204.log +0 -0
- data/test/integration/.kitchen/logs/test-ubuntu-1404-i386.log +0 -0
- data/test/integration/.kitchen/logs/test-ubuntu-1404.log +0 -0
- data/test/integration/.kitchen/new-ubuntu-1404.yml +0 -1
- data/test/integration/Berksfile.lock +0 -27
- data/test/integration/TODO.md +0 -15
- data/test/integration/bootstrap.sh +0 -3
- data/test/integration/test/.DS_Store +0 -0
- data/test/integration/test/integration/.DS_Store +0 -0
- data/test/integration/test/integration/default/.DS_Store +0 -0
- data/test/integration/test/integration/default/certificate_spec.rb +0 -7
- data/test/mac/service_spec.rb +0 -5
- data/test/serverspec/.kitchen.yml +0 -18
- data/test/serverspec/.kitchen/default-ubuntu-1404.yml +0 -6
- data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/action_set_name +0 -1
- data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/creator_uid +0 -1
- data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/id +0 -1
- data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/index_uuid +0 -1
- data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/private_key +0 -27
- data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/synced_folders +0 -1
- data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/Vagrantfile +0 -9
- data/test/serverspec/.kitchen/logs/default-ubuntu-1404.log +0 -2
- data/test/serverspec/.kitchen/logs/kitchen.log +0 -3
- data/test/serverspec/Berksfile +0 -3
- data/test/serverspec/Berksfile.lock +0 -5
- data/test/serverspec/TODO.md +0 -2
- data/test/serverspec/test/integration/default/serverspec/os_spec.rb +0 -25
- data/test/serverspec/test/integration/default/serverspec/spec_helper.rb +0 -48
- data/test/serverspec/test/integration/default/serverspec/sysctl_spec.rb +0 -37
- data/test/solaris_test.rb +0 -70
data/lib/inspec/version.rb
CHANGED
|
@@ -40,6 +40,14 @@ class ApacheConf < Inspec.resource(1)
|
|
|
40
40
|
res
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
+
def method_missing(name)
|
|
44
|
+
# ensure params are loaded
|
|
45
|
+
@params || read_content
|
|
46
|
+
|
|
47
|
+
# extract values
|
|
48
|
+
@params[name.to_s] unless @params.nil?
|
|
49
|
+
end
|
|
50
|
+
|
|
43
51
|
def filter_comments(data)
|
|
44
52
|
content = ''
|
|
45
53
|
data.each_line do |line|
|
|
@@ -4,21 +4,12 @@
|
|
|
4
4
|
# author: Dominik Richter
|
|
5
5
|
# license: All rights reserved
|
|
6
6
|
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
desc 'Use the auditd_rules InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files.'
|
|
10
|
-
example "
|
|
11
|
-
describe auditd_rules do
|
|
12
|
-
its('LIST_RULES') {should contain_match(/^exit,always arch=.* key=time-change syscall=adjtimex,settimeofday/) }
|
|
13
|
-
its('LIST_RULES') {should contain_match(/^exit,always arch=.* key=time-change syscall=stime,settimeofday,adjtimex/) }
|
|
14
|
-
its('LIST_RULES') {should contain_match(/^exit,always arch=.* key=time-change syscall=clock_settime/)}
|
|
15
|
-
its('LIST_RULES') {should contain_match(/^exit,always watch=\/etc\/localtime perm=wa key=time-change/)}
|
|
16
|
-
end
|
|
17
|
-
"
|
|
18
|
-
|
|
19
|
-
def initialize
|
|
20
|
-
@content = inspec.command('/sbin/auditctl -l').stdout.chomp
|
|
7
|
+
require 'forwardable'
|
|
8
|
+
require 'utils/filter_array'
|
|
21
9
|
|
|
10
|
+
class AuditdRulesLegacy
|
|
11
|
+
def initialize(content)
|
|
12
|
+
@content = content
|
|
22
13
|
@opts = {
|
|
23
14
|
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
|
24
15
|
multiple_values: true,
|
|
@@ -48,7 +39,165 @@ class AuditDaemonRules < Inspec.resource(1)
|
|
|
48
39
|
items[name]
|
|
49
40
|
end
|
|
50
41
|
|
|
42
|
+
def to_s
|
|
43
|
+
'Audit Daemon Rules (for auditd version < 2.3)'
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
# rubocop:disable Metrics/ClassLength
|
|
48
|
+
class AuditDaemonRules < Inspec.resource(1)
|
|
49
|
+
extend Forwardable
|
|
50
|
+
attr_accessor :rules, :lines
|
|
51
|
+
|
|
52
|
+
name 'auditd_rules'
|
|
53
|
+
desc 'Use the auditd_rules InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files.'
|
|
54
|
+
example "
|
|
55
|
+
# syntax for auditd < 2.3
|
|
56
|
+
describe auditd_rules do
|
|
57
|
+
its('LIST_RULES') {should contain_match(/^exit,always arch=.* key=time-change syscall=adjtimex,settimeofday/) }
|
|
58
|
+
its('LIST_RULES') {should contain_match(/^exit,always arch=.* key=time-change syscall=stime,settimeofday,adjtimex/) }
|
|
59
|
+
its('LIST_RULES') {should contain_match(/^exit,always arch=.* key=time-change syscall=clock_settime/)}
|
|
60
|
+
its('LIST_RULES') {should contain_match(/^exit,always watch=\/etc\/localtime perm=wa key=time-change/)}
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
# syntax for auditd >= 2.3
|
|
64
|
+
describe auditd_rules.syscall('open').action do
|
|
65
|
+
it { should eq(['always']) }
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
describe auditd_rules.key('sshd_config') do
|
|
69
|
+
its(:permissions) { should contain_match(/x/) }
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
describe auditd_rules do
|
|
73
|
+
its(:lines) { should contain_match(%r{-w /etc/ssh/sshd_config/}) }
|
|
74
|
+
end
|
|
75
|
+
"
|
|
76
|
+
|
|
77
|
+
def initialize
|
|
78
|
+
@content = inspec.command('/sbin/auditctl -l').stdout.chomp
|
|
79
|
+
|
|
80
|
+
if @content =~ /^LIST_RULES:/
|
|
81
|
+
# do not warn on centos 5
|
|
82
|
+
unless inspec.os[:family] == 'centos' && inspec.os[:release].to_i == 5
|
|
83
|
+
warn '[WARN] this version of auditd is outdated. Updating it allows for using more precise matchers.'
|
|
84
|
+
end
|
|
85
|
+
@legacy = AuditdRulesLegacy.new(@content)
|
|
86
|
+
else
|
|
87
|
+
parse_content
|
|
88
|
+
end
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
# non-legacy instances are not asked for `its('LIST_RULES')`
|
|
92
|
+
# rubocop:disable Style/MethodName
|
|
93
|
+
def LIST_RULES
|
|
94
|
+
return @legacy.LIST_RULES if @legacy
|
|
95
|
+
fail 'Using legacy auditd_rules LIST_RULES interface with non-legacy audit package. Please use the new syntax.'
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
def status(name = nil)
|
|
99
|
+
return @legacy.status(name) if @legacy
|
|
100
|
+
|
|
101
|
+
@status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp
|
|
102
|
+
@status_params ||= Hash[@status_content.scan(/^([^ ]+) (.*)$/)]
|
|
103
|
+
|
|
104
|
+
return @status_params[name] if name
|
|
105
|
+
@status_params
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
def parse_content
|
|
109
|
+
@rules = {
|
|
110
|
+
syscalls: [],
|
|
111
|
+
files: [],
|
|
112
|
+
}
|
|
113
|
+
@lines = @content.lines.map(&:chomp)
|
|
114
|
+
|
|
115
|
+
lines.each do |line|
|
|
116
|
+
if is_syscall?(line)
|
|
117
|
+
syscalls = get_syscalls line
|
|
118
|
+
action, list = get_action_list line
|
|
119
|
+
fields, opts = get_fields line
|
|
120
|
+
|
|
121
|
+
# create a 'flatter' structure because sanity
|
|
122
|
+
syscalls.each do |s|
|
|
123
|
+
@rules[:syscalls] << { syscall: s, list: list, action: action, fields: fields }.merge(opts)
|
|
124
|
+
end
|
|
125
|
+
elsif is_file?(line)
|
|
126
|
+
file = get_file line
|
|
127
|
+
perms = get_permissions line
|
|
128
|
+
key = get_key line
|
|
129
|
+
|
|
130
|
+
@rules[:files] << { file: file, key: key, permissions: perms }
|
|
131
|
+
end
|
|
132
|
+
end
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
def syscall(name)
|
|
136
|
+
select_name(:syscall, name)
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
def file(name)
|
|
140
|
+
select_name(:file, name)
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
# both files and syscalls have `key` identifiers
|
|
144
|
+
def key(name)
|
|
145
|
+
res = rules.values.flatten.find_all { |rule| rule[:key] == name }
|
|
146
|
+
FilterArray.new(res)
|
|
147
|
+
end
|
|
148
|
+
|
|
51
149
|
def to_s
|
|
52
150
|
'Audit Daemon Rules'
|
|
53
151
|
end
|
|
152
|
+
|
|
153
|
+
private
|
|
154
|
+
|
|
155
|
+
def select_name(key, name)
|
|
156
|
+
plural = "#{key}s".to_sym
|
|
157
|
+
res = rules[plural].find_all { |rule| rule[key] == name }
|
|
158
|
+
FilterArray.new(res)
|
|
159
|
+
end
|
|
160
|
+
|
|
161
|
+
def is_syscall?(line)
|
|
162
|
+
line.match(/\ -S /)
|
|
163
|
+
end
|
|
164
|
+
|
|
165
|
+
def is_file?(line)
|
|
166
|
+
line.match(/-w /)
|
|
167
|
+
end
|
|
168
|
+
|
|
169
|
+
def get_syscalls(line)
|
|
170
|
+
line.scan(/-S ([^ ]+) /).flatten.first.split(',')
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
def get_action_list(line)
|
|
174
|
+
line.scan(/-a ([^,]+),([^ ]+)/).flatten
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
# NB only in file lines
|
|
178
|
+
def get_key(line)
|
|
179
|
+
line.match(/-k ([^ ]+)/)[1]
|
|
180
|
+
end
|
|
181
|
+
|
|
182
|
+
# NOTE there are NO precautions wrt. filenames containing spaces in auditctl
|
|
183
|
+
# `auditctl -w /foo\ bar` gives the following line: `-w /foo bar -p rwxa`
|
|
184
|
+
def get_file(line)
|
|
185
|
+
line.match(/-w (.+) -p/)[1]
|
|
186
|
+
end
|
|
187
|
+
|
|
188
|
+
def get_permissions(line)
|
|
189
|
+
line.match(/-p ([^ ]+)/)[1]
|
|
190
|
+
end
|
|
191
|
+
|
|
192
|
+
def get_fields(line)
|
|
193
|
+
fields = line.gsub(/-[aS] [^ ]+ /, '').split('-F ').map { |l| l.split(' ') }.flatten
|
|
194
|
+
|
|
195
|
+
opts = {}
|
|
196
|
+
fields.find_all { |x| x.match(/[a-z]+=.*/) }.each do |kv|
|
|
197
|
+
k, v = kv.split('=')
|
|
198
|
+
opts[k.to_sym] = v
|
|
199
|
+
end
|
|
200
|
+
|
|
201
|
+
[fields, opts]
|
|
202
|
+
end
|
|
54
203
|
end
|
|
@@ -92,7 +92,7 @@ class RegistryKey < Inspec.resource(1)
|
|
|
92
92
|
end
|
|
93
93
|
|
|
94
94
|
def registry_key(path)
|
|
95
|
-
return @
|
|
95
|
+
return @registry_cache if defined?(@registry_cache)
|
|
96
96
|
|
|
97
97
|
# load registry key and all properties
|
|
98
98
|
script = <<-EOH
|
|
@@ -115,16 +115,16 @@ class RegistryKey < Inspec.resource(1)
|
|
|
115
115
|
# cannot rely on exit code for now, successful command returns exit code 1
|
|
116
116
|
# return nil if cmd.exit_status != 0, try to parse json
|
|
117
117
|
begin
|
|
118
|
-
@
|
|
118
|
+
@registry_cache = JSON.parse(cmd.stdout)
|
|
119
119
|
# convert keys to lower case
|
|
120
|
-
@
|
|
120
|
+
@registry_cache = Hash[@registry_cache.map do |key, value|
|
|
121
121
|
[key.downcase, value]
|
|
122
122
|
end]
|
|
123
123
|
rescue JSON::ParserError => _e
|
|
124
|
-
@
|
|
124
|
+
@registry_cache = nil
|
|
125
125
|
end
|
|
126
126
|
|
|
127
|
-
@
|
|
127
|
+
@registry_cache
|
|
128
128
|
end
|
|
129
129
|
|
|
130
130
|
# Registry key value types
|
data/lib/resources/script.rb
CHANGED
|
@@ -18,17 +18,15 @@ class Script < Cmd
|
|
|
18
18
|
"
|
|
19
19
|
|
|
20
20
|
def initialize(script)
|
|
21
|
-
|
|
22
|
-
when 'windows'
|
|
23
|
-
# encodes a script as base64 to run as powershell encodedCommand
|
|
24
|
-
# this comes with performance issues: @see https://gist.github.com/fnichol/7b20596b950e65fb96f9
|
|
25
|
-
require 'winrm'
|
|
26
|
-
script = WinRM::PowershellScript.new(script)
|
|
27
|
-
cmd = "powershell -encodedCommand #{script.encoded}"
|
|
28
|
-
else
|
|
29
|
-
cmd = ''
|
|
21
|
+
unless inspec.os.windows?
|
|
30
22
|
return skip_resource 'The `script` resource is not supported on your OS yet.'
|
|
31
23
|
end
|
|
24
|
+
|
|
25
|
+
# encodes a script as base64 to run as powershell encodedCommand
|
|
26
|
+
# this comes with performance issues: @see https://gist.github.com/fnichol/7b20596b950e65fb96f9
|
|
27
|
+
require 'winrm'
|
|
28
|
+
script = WinRM::PowershellScript.new(script)
|
|
29
|
+
cmd = "powershell -encodedCommand #{script.encoded}"
|
|
32
30
|
super(cmd)
|
|
33
31
|
end
|
|
34
32
|
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# copyright: 2015, Chef Software, Inc.
|
|
3
|
+
# license: All rights reserved
|
|
4
|
+
# author: Stephan Renatus
|
|
5
|
+
|
|
6
|
+
class FilterArray
|
|
7
|
+
attr_accessor :rules
|
|
8
|
+
alias content rules
|
|
9
|
+
|
|
10
|
+
def initialize(rules)
|
|
11
|
+
@rules = rules
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
# allows for chaining
|
|
15
|
+
# .field('arch', 'b32').field('key', 'access').rules
|
|
16
|
+
def field(key, value = nil)
|
|
17
|
+
if value
|
|
18
|
+
res = rules.find_all { |r| r[key.to_sym] == value }
|
|
19
|
+
FilterArray.new(res)
|
|
20
|
+
else
|
|
21
|
+
rules.map { |h| h[key.to_sym] }.uniq
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def method_missing(meth, *args)
|
|
26
|
+
field(meth, args[0])
|
|
27
|
+
end
|
|
28
|
+
end
|
data/test/helper.rb
CHANGED
|
@@ -121,10 +121,12 @@ class MockLoader
|
|
|
121
121
|
'Remove-Item win_secpol.cfg' => cmd.call('success'),
|
|
122
122
|
'env' => cmd.call('env'),
|
|
123
123
|
'$Env:PATH' => cmd.call('$env-PATH'),
|
|
124
|
-
# registry key test
|
|
124
|
+
# registry key test (winrm 1.6.0, 1.6.1)
|
|
125
125
|
'2790db1e88204a073ed7fd3493f5445e5ce531afd0d2724a0e36c17110c535e6' => cmd.call('reg_schedule'),
|
|
126
|
+
'b00eb49a98c96a808c469e4894b5123a913e354c9ffea5b785898fe30d288ee0' => cmd.call('reg_schedule'),
|
|
126
127
|
'Auditpol /get /subcategory:\'User Account Management\' /r' => cmd.call('auditpol'),
|
|
127
128
|
'/sbin/auditctl -l' => cmd.call('auditctl'),
|
|
129
|
+
'/sbin/auditctl -s' => cmd.call('auditctl-s'),
|
|
128
130
|
'yum -v repolist all' => cmd.call('yum-repolist-all'),
|
|
129
131
|
'dpkg -s curl' => cmd.call('dpkg-s-curl'),
|
|
130
132
|
'rpm -qia curl' => cmd.call('rpm-qia-curl'),
|
|
@@ -179,8 +181,9 @@ class MockLoader
|
|
|
179
181
|
'dscl -q . -read /Users/chartmann NFSHomeDirectory PrimaryGroupID RecordName UniqueID UserShell' => cmd.call('dscl'),
|
|
180
182
|
# user info for freebsd
|
|
181
183
|
'pw usershow root -7' => cmd.call('pw-usershow-root-7'),
|
|
182
|
-
# user info for windows
|
|
184
|
+
# user info for windows (winrm 1.6.0, 1.6.1)
|
|
183
185
|
'650b6b72a66316418b25421a54afe21a230704558082914c54711904bb10e370' => cmd.call('GetUserAccount'),
|
|
186
|
+
'272e1d767fe6e28c86cfba1a75c3d458acade1f4a36cfd5e711b97884879de24' => cmd.call('GetUserAccount'),
|
|
184
187
|
# group info for windows
|
|
185
188
|
'Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json' => cmd.call('GetWin32Group'),
|
|
186
189
|
# network interface
|
|
@@ -4,11 +4,21 @@
|
|
|
4
4
|
#
|
|
5
5
|
# prepare all operating systems with the required configuration
|
|
6
6
|
|
|
7
|
-
|
|
7
|
+
|
|
8
|
+
# basic tests
|
|
8
9
|
include_recipe('os_prepare::file')
|
|
9
10
|
include_recipe('os_prepare::mount')
|
|
10
|
-
include_recipe('os_prepare::
|
|
11
|
+
include_recipe('os_prepare::service')
|
|
11
12
|
include_recipe('os_prepare::package')
|
|
12
13
|
include_recipe('os_prepare::registry_key')
|
|
13
|
-
|
|
14
|
+
|
|
15
|
+
# configure repos, eg. nginx
|
|
16
|
+
include_recipe('os_prepare::apt')
|
|
17
|
+
|
|
18
|
+
# application configuration
|
|
14
19
|
include_recipe('os_prepare::postgres')
|
|
20
|
+
include_recipe('os_prepare::auditctl')
|
|
21
|
+
include_recipe('os_prepare::apache')
|
|
22
|
+
|
|
23
|
+
# config file parsing
|
|
24
|
+
include_recipe('os_prepare::json_yaml_csv_ini')
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
|
|
3
|
+
if os.linux?
|
|
4
|
+
|
|
5
|
+
# direct access to params of apache conf
|
|
6
|
+
describe apache_conf do
|
|
7
|
+
its('LogLevel') { should eq 'warn' }
|
|
8
|
+
its('MaxKeepAliveRequests') { should eq '100' }
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
# only read one param
|
|
12
|
+
describe apache_conf.params('LogLevel') do
|
|
13
|
+
it { should include 'warn' }
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
|
|
3
|
+
# based on operating system we select the available service
|
|
4
|
+
return unless os[:family] == 'centos'
|
|
5
|
+
|
|
6
|
+
describe auditd_rules.syscall('open') do
|
|
7
|
+
its(:action) { should eq(['always']) }
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
describe auditd_rules.syscall('open').action do
|
|
11
|
+
it { should eq(['always']) }
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
describe auditd_rules.key('sshd_config') do
|
|
15
|
+
its(:permissions) { should contain_match(/x/) }
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
describe auditd_rules.file('/etc/ssh/sshd_config').permissions do
|
|
19
|
+
it { should eq(['rwxa']) }
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
describe auditd_rules do
|
|
23
|
+
its(:lines) { should contain_match(%r{-w /etc/ssh/sshd_config/}) }
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
describe auditd_rules.syscall('open').action('always').list do
|
|
27
|
+
it { should eq(['exit']) }
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
describe auditd_rules.status('backlog') do
|
|
31
|
+
it { should cmp 0 }
|
|
32
|
+
end
|
data/test/unit/mock/cmd/auditctl
CHANGED
|
@@ -1,7 +1,3 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
LIST_RULES: exit,always watch=/etc/passwd perm=wa
|
|
5
|
-
LIST_RULES: exit,always watch=/etc/shadow perm=wa
|
|
6
|
-
LIST_RULES: exit,always watch=/etc/sudoers perm=wa
|
|
7
|
-
LIST_RULES: exit,always watch=/etc/secret_directory perm=r
|
|
1
|
+
-a always,exit -F arch=b64 -S open,openat -F exit=-EACCES -F key=access
|
|
2
|
+
-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=500 f24!=0 -F key=perm_mod
|
|
3
|
+
-w /etc/ssh/sshd_config -p rwxa -k CFG_sshd_config
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
LIST_RULES: exit,always syscall=rmdir,unlink
|
|
2
|
+
LIST_RULES: exit,always auid=1001 (0x3e9) syscall=open
|
|
3
|
+
LIST_RULES: exit,always watch=/etc/group perm=wa
|
|
4
|
+
LIST_RULES: exit,always watch=/etc/passwd perm=wa
|
|
5
|
+
LIST_RULES: exit,always watch=/etc/shadow perm=wa
|
|
6
|
+
LIST_RULES: exit,always watch=/etc/sudoers perm=wa
|
|
7
|
+
LIST_RULES: exit,always watch=/etc/secret_directory perm=r
|