inspec 0.14.8 → 0.15.0

data/lib/resources/kernel_module.rb

@@ -3,39 +3,41 @@
 # author: Dominik Richter
 # license: All rights reserved
 
-class KernelModule < Inspec.resource(1)
-  name 'kernel_module'
-  desc 'Use the kernel_module InSpec audit resource to test kernel modules on Linux platforms. These parameters are located under /lib/modules. Any submodule may be tested using this resource.'
-  example "
-    describe kernel_module('bridge') do
-      it { should be_loaded }
-    end
-  "
+module Inspec::Resources
+  class KernelModule < Inspec.resource(1)
+    name 'kernel_module'
+    desc 'Use the kernel_module InSpec audit resource to test kernel modules on Linux platforms. These parameters are located under /lib/modules. Any submodule may be tested using this resource.'
+    example "
+      describe kernel_module('bridge') do
+        it { should be_loaded }
+      end
+    "
 
-  def initialize(modulename = nil)
-    @module = modulename
+    def initialize(modulename = nil)
+      @module = modulename
 
-    # this resource is only supported on Linux
-    return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
-  end
+      # this resource is only supported on Linux
+      return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
+    end
 
-  def loaded?
-    # default lsmod command
-    lsmod_cmd = 'lsmod'
-    # special care for CentOS 5 and sudo
-    lsmod_cmd = '/sbin/lsmod' if inspec.os[:family] == 'centos' && inspec.os[:release].to_i == 5
+    def loaded?
+      # default lsmod command
+      lsmod_cmd = 'lsmod'
+      # special care for CentOS 5 and sudo
+      lsmod_cmd = '/sbin/lsmod' if inspec.os[:family] == 'centos' && inspec.os[:release].to_i == 5
 
-    # get list of all modules
-    cmd = inspec.command(lsmod_cmd)
-    return false if cmd.exit_status != 0
+      # get list of all modules
+      cmd = inspec.command(lsmod_cmd)
+      return false if cmd.exit_status != 0
 
-    # check if module is loaded
-    re = Regexp.new('^'+Regexp.quote(@module)+'\s')
-    found = cmd.stdout.match(re)
-    !found.nil?
-  end
+      # check if module is loaded
+      re = Regexp.new('^'+Regexp.quote(@module)+'\s')
+      found = cmd.stdout.match(re)
+      !found.nil?
+    end
 
-  def to_s
-    "Kernel Module #{@module}"
+    def to_s
+      "Kernel Module #{@module}"
+    end
   end
 end

data/lib/resources/kernel_parameter.rb

@@ -2,56 +2,58 @@
 # author: Christoph Hartmann
 # license: All rights reserved
 
-class KernelParameter < Inspec.resource(1)
-  name 'kernel_parameter'
-  desc 'Use the kernel_parameter InSpec audit resource to test kernel parameters on Linux platforms.'
-  example "
-    describe kernel_parameter('net.ipv4.conf.all.forwarding') do
-      its(:value) { should eq 0 }
+module Inspec::Resources
+  class KernelParameter < Inspec.resource(1)
+    name 'kernel_parameter'
+    desc 'Use the kernel_parameter InSpec audit resource to test kernel parameters on Linux platforms.'
+    example "
+      describe kernel_parameter('net.ipv4.conf.all.forwarding') do
+        its(:value) { should eq 0 }
+      end
+    "
+
+    def initialize(parameter = nil)
+      @parameter = parameter
+
+      # this resource is only supported on Linux
+      return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
     end
-  "
 
-  def initialize(parameter = nil)
-    @parameter = parameter
-
-    # this resource is only supported on Linux
-    return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
-  end
-
-  def value
-    cmd = inspec.command("/sbin/sysctl -q -n #{@parameter}")
-    return nil if cmd.exit_status != 0
-    # remove whitespace
-    cmd = cmd.stdout.chomp.strip
-    # convert to number if possible
-    cmd = cmd.to_i if cmd =~ /^\d+$/
-    cmd
-  end
+    def value
+      cmd = inspec.command("/sbin/sysctl -q -n #{@parameter}")
+      return nil if cmd.exit_status != 0
+      # remove whitespace
+      cmd = cmd.stdout.chomp.strip
+      # convert to number if possible
+      cmd = cmd.to_i if cmd =~ /^\d+$/
+      cmd
+    end
 
-  def to_s
-    "Kernel Parameter #{@parameter}"
+    def to_s
+      "Kernel Parameter #{@parameter}"
+    end
   end
-end
 
-# for compatability with serverspec
-# this is deprecated syntax and will be removed in future versions
-class LinuxKernelParameter < KernelParameter
-  name 'linux_kernel_parameter'
+  # for compatability with serverspec
+  # this is deprecated syntax and will be removed in future versions
+  class LinuxKernelParameter < KernelParameter
+    name 'linux_kernel_parameter'
 
-  def initialize(parameter)
-    super(parameter)
-  end
+    def initialize(parameter)
+      super(parameter)
+    end
 
-  def value
-    deprecated
-    super()
-  end
+    def value
+      deprecated
+      super()
+    end
 
-  def deprecated
-    warn '[DEPRECATION] `linux_kernel_parameter(parameter)` is deprecated.  Please use `kernel_parameter(parameter)` instead.'
-  end
+    def deprecated
+      warn '[DEPRECATION] `linux_kernel_parameter(parameter)` is deprecated.  Please use `kernel_parameter(parameter)` instead.'
+    end
 
-  def to_s
-    "Kernel Parameter #{@parameter}"
+    def to_s
+      "Kernel Parameter #{@parameter}"
+    end
   end
 end

data/lib/resources/limits_conf.rb

@@ -6,50 +6,52 @@
 
 require 'utils/simpleconfig'
 
-class LimitsConf < Inspec.resource(1)
-  name 'limits_conf'
-  desc 'Use the limits_conf InSpec audit resource to test configuration settings in the /etc/security/limits.conf file. The limits.conf defines limits for processes (by user and/or group names) and helps ensure that the system on which those processes are running remains stable. Each process may be assigned a hard or soft limit.'
-  example "
-    describe limits_conf do
-      its('*') { should include ['hard','core','0'] }
+module Inspec::Resources
+  class LimitsConf < Inspec.resource(1)
+    name 'limits_conf'
+    desc 'Use the limits_conf InSpec audit resource to test configuration settings in the /etc/security/limits.conf file. The limits.conf defines limits for processes (by user and/or group names) and helps ensure that the system on which those processes are running remains stable. Each process may be assigned a hard or soft limit.'
+    example "
+      describe limits_conf do
+        its('*') { should include ['hard','core','0'] }
+      end
+    "
+
+    def initialize(path = nil)
+      @conf_path = path || '/etc/security/limits.conf'
     end
-  "
 
-  def initialize(path = nil)
-    @conf_path = path || '/etc/security/limits.conf'
-  end
-
-  def method_missing(name)
-    read_params[name.to_s]
-  end
-
-  def read_params
-    return @params if defined?(@params)
-
-    # read the file
-    file = inspec.file(@conf_path)
-    if !file.file?
-      skip_resource "Can't find file \"#{@conf_path}\""
-      return @params = {}
+    def method_missing(name)
+      read_params[name.to_s]
     end
 
-    content = file.content
-    if content.empty? && file.size > 0
-      skip_resource "Can't read file \"#{@conf_path}\""
-      return @params = {}
+    def read_params
+      return @params if defined?(@params)
+
+      # read the file
+      file = inspec.file(@conf_path)
+      if !file.file?
+        skip_resource "Can't find file \"#{@conf_path}\""
+        return @params = {}
+      end
+
+      content = file.content
+      if content.empty? && file.size > 0
+        skip_resource "Can't read file \"#{@conf_path}\""
+        return @params = {}
+      end
+
+      # parse the file
+      conf = SimpleConfig.new(
+        content,
+        assignment_re: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
+        key_vals: 3,
+        multiple_values: true,
+      )
+      @params = conf.params
     end
 
-    # parse the file
-    conf = SimpleConfig.new(
-      content,
-      assignment_re: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
-      key_vals: 3,
-      multiple_values: true,
-    )
-    @params = conf.params
-  end
-
-  def to_s
-    'limits.conf'
+    def to_s
+      'limits.conf'
+    end
   end
 end

data/lib/resources/login_def.rb

@@ -18,49 +18,51 @@ require 'utils/simpleconfig'
 #   }
 # end
 
-class LoginDef < Inspec.resource(1)
-  name 'login_defs'
-  desc 'Use the login_defs InSpec audit resource to test configuration settings in the /etc/login.defs file. The logins.defs file defines site-specific configuration for the shadow password suite on Linux and UNIX platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.'
-  example "
-    describe login_defs do
-      its('ENCRYPT_METHOD') { should eq 'SHA512' }
+module Inspec::Resources
+  class LoginDef < Inspec.resource(1)
+    name 'login_defs'
+    desc 'Use the login_defs InSpec audit resource to test configuration settings in the /etc/login.defs file. The logins.defs file defines site-specific configuration for the shadow password suite on Linux and UNIX platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.'
+    example "
+      describe login_defs do
+        its('ENCRYPT_METHOD') { should eq 'SHA512' }
+      end
+    "
+
+    def initialize(path = nil)
+      @conf_path = path || '/etc/login.defs'
     end
-  "
 
-  def initialize(path = nil)
-    @conf_path = path || '/etc/login.defs'
-  end
+    def method_missing(name)
+      read_params[name.to_s]
+    end
 
-  def method_missing(name)
-    read_params[name.to_s]
-  end
+    def read_params
+      return @params if defined?(@params)
 
-  def read_params
-    return @params if defined?(@params)
+      # read the file
+      file = inspec.file(@conf_path)
+      if !file.file?
+        skip_resource "Can't find file \"#{@conf_path}\""
+        return @params = {}
+      end
 
-    # read the file
-    file = inspec.file(@conf_path)
-    if !file.file?
-      skip_resource "Can't find file \"#{@conf_path}\""
-      return @params = {}
-    end
+      content = file.content
+      if content.empty? && file.size > 0
+        skip_resource "Can't read file \"#{@conf_path}\""
+        return @params = {}
+      end
 
-    content = file.content
-    if content.empty? && file.size > 0
-      skip_resource "Can't read file \"#{@conf_path}\""
-      return @params = {}
+      # parse the file
+      conf = SimpleConfig.new(
+        content,
+        assignment_re: /^\s*(\S+)\s+(\S*)\s*$/,
+        multiple_values: false,
+      )
+      @params = conf.params
     end
 
-    # parse the file
-    conf = SimpleConfig.new(
-      content,
-      assignment_re: /^\s*(\S+)\s+(\S*)\s*$/,
-      multiple_values: false,
-    )
-    @params = conf.params
-  end
-
-  def to_s
-    'login.defs'
+    def to_s
+      'login.defs'
+    end
   end
 end

data/lib/resources/mount.rb

@@ -4,54 +4,56 @@
 
 require 'utils/simpleconfig'
 
-class Mount < Inspec.resource(1)
-  name 'mount'
-  desc 'Use the mount InSpec audit resource to test if mount points.'
-  example "
-    describe mount('/') do
-      it { should be_mounted }
-      its(:count) { should eq 1 }
-      its('device') { should eq  '/dev/mapper/VolGroup-lv_root' }
-      its('type') { should eq  'ext4' }
-      its('options') { should eq ['rw', 'mode=620'] }
+module Inspec::Resources
+  class Mount < Inspec.resource(1)
+    name 'mount'
+    desc 'Use the mount InSpec audit resource to test if mount points.'
+    example "
+      describe mount('/') do
+        it { should be_mounted }
+        its(:count) { should eq 1 }
+        its('device') { should eq  '/dev/mapper/VolGroup-lv_root' }
+        its('type') { should eq  'ext4' }
+        its('options') { should eq ['rw', 'mode=620'] }
+      end
+    "
+    include MountParser
+
+    attr_reader :file
+
+    def initialize(path)
+      @path = path
+      return skip_resource 'The `mount` resource is not supported on your OS yet.' if !inspec.os.linux?
+      @file = inspec.backend.file(@path)
     end
-  "
-  include MountParser
 
-  attr_reader :file
-
-  def initialize(path)
-    @path = path
-    return skip_resource 'The `mount` resource is not supported on your OS yet.' if !inspec.os.linux?
-    @file = inspec.backend.file(@path)
-  end
-
-  def mounted?
-    file.mounted?
-  end
+    def mounted?
+      file.mounted?
+    end
 
-  def count
-    mounted = file.mounted
-    return nil if mounted.nil? || mounted.stdout.nil?
-    mounted.stdout.lines.count
-  end
+    def count
+      mounted = file.mounted
+      return nil if mounted.nil? || mounted.stdout.nil?
+      mounted.stdout.lines.count
+    end
 
-  def method_missing(name)
-    return nil if !file.mounted?
+    def method_missing(name)
+      return nil if !file.mounted?
 
-    mounted = file.mounted
-    return nil if mounted.nil? || mounted.stdout.nil?
+      mounted = file.mounted
+      return nil if mounted.nil? || mounted.stdout.nil?
 
-    line = mounted.stdout
-    # if we got multiple lines, only use the last entry
-    line = mounted.stdout.lines.to_a.last if mounted.stdout.lines.count > 1
+      line = mounted.stdout
+      # if we got multiple lines, only use the last entry
+      line = mounted.stdout.lines.to_a.last if mounted.stdout.lines.count > 1
 
-    # parse content if we are on linux
-    @mount_options ||= parse_mount_options(line)
-    @mount_options[name]
-  end
+      # parse content if we are on linux
+      @mount_options ||= parse_mount_options(line)
+      @mount_options[name]
+    end
 
-  def to_s
-    "Mount #{@path}"
+    def to_s
+      "Mount #{@path}"
+    end
   end
 end