inspec 0.29.0 → 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +32 -2
  3. data/Rakefile +53 -0
  4. data/docs/cli.rst +442 -0
  5. data/examples/inheritance/inspec.yml +3 -0
  6. data/inspec.gemspec +1 -0
  7. data/lib/inspec/cli.rb +10 -1
  8. data/lib/inspec/completions/bash.sh.erb +45 -0
  9. data/lib/inspec/completions/zsh.sh.erb +61 -0
  10. data/lib/inspec/dependencies.rb +307 -0
  11. data/lib/inspec/dsl.rb +5 -20
  12. data/lib/inspec/env_printer.rb +149 -0
  13. data/lib/inspec/errors.rb +17 -0
  14. data/lib/inspec/metadata.rb +4 -0
  15. data/lib/inspec/profile.rb +12 -0
  16. data/lib/inspec/profile_context.rb +5 -2
  17. data/lib/inspec/shell.rb +7 -2
  18. data/lib/inspec/shell_detector.rb +90 -0
  19. data/lib/inspec/version.rb +1 -1
  20. data/lib/resources/postgres.rb +94 -12
  21. data/lib/resources/registry_key.rb +106 -27
  22. data/lib/utils/hash_map.rb +37 -0
  23. data/test/bench/startup.flat.txt +998 -0
  24. data/test/bench/startup.graph.html +71420 -0
  25. data/test/bench/startup.grind.dat +103554 -0
  26. data/test/bench/startup.stack.html +25015 -0
  27. data/test/bench/startup/startup.flat.txt +1005 -0
  28. data/test/bench/startup/startup.graph.html +71958 -0
  29. data/test/bench/startup/startup.grind.dat +101602 -0
  30. data/test/bench/startup/startup.stack.html +24516 -0
  31. data/test/cookbooks/os_prepare/metadata.rb +1 -0
  32. data/test/cookbooks/os_prepare/recipes/file.rb +5 -0
  33. data/test/cookbooks/os_prepare/recipes/registry_key.rb +13 -0
  34. data/test/docker_run.rb +3 -1
  35. data/test/functional/inheritance_test.rb +26 -13
  36. data/test/helper.rb +2 -2
  37. data/test/integration/default/file_spec.rb +16 -0
  38. data/test/integration/default/powershell_spec.rb +4 -1
  39. data/test/integration/default/registry_key_spec.rb +47 -4
  40. data/test/integration/default/secpol_spec.rb +4 -1
  41. data/test/integration/default/wmi_spec.rb +4 -1
  42. data/test/unit/mock/profiles/resource-tiny/inspec.yml +10 -0
  43. data/test/unit/mock/profiles/resource-tiny/libraries/resource.rb +3 -0
  44. data/test/unit/shell_detector_test.rb +78 -0
  45. metadata +47 -4
  46. data/docs/ctl_inspec.rst +0 -247
data/docs/ctl_inspec.rst DELETED
@@ -1,247 +0,0 @@
1
- =====================================================
2
- InSpec CLI
3
- =====================================================
4
-
5
- Use the InSpec CLI to run audit tests against targets using locally, SSH, |winrm|, or on |docker| containers.
6
-
7
- Common Options
8
- =====================================================
9
- The following options may be used with any of the InSpec CLI subcommands:
10
-
11
- ``-b``, ``--backend``
12
- Specify the backend. Possible values: ``local`` (default), ``ssh``, ``winrm``, or ``docker``.
13
-
14
- ``--sudo``
15
- Run scans with sudo. Only activates on Unix and non-root user. Default value: ``false``.
16
-
17
- ``--host``
18
- The remote host to be tested.
19
-
20
- ``-i``, ``--key_files``
21
- The login key or certificate file required for remote scanning.
22
-
23
- ``--password``
24
- The login password for remote scanning.
25
-
26
- ``--path``
27
- The login path used to connect to the target for |winrm|.
28
-
29
- ``-p``, ``--port``
30
- The port over which remote scanning will occur.
31
-
32
- ``--self_signed``
33
- Use to allow remote scanning with self-signed certificates for |winrm| targets. Default value: ``false``.
34
-
35
- ``--ssl``
36
- Use to require transport-layer encryption via SSL for |winrm| targets. Default value: ``false``.
37
-
38
- ``--sudo_options``
39
- Additional options that may be required by the sudo password for remote scanning. Default value: ``''``.
40
-
41
- ``--sudo_password``
42
- The sudo password, if required.
43
-
44
- ``--sudo_command``
45
- Alternate sudo command, if required.
46
-
47
- ``-t``, ``--target``
48
- The URI for the target of a remote scan, preceded by the target's backend. For example: ``backend://user:pass@host:port``, where ``backend`` is one of ``docker``, ``local``, ``ssh``, or ``winrm``.
49
-
50
- ``--user``
51
- The login user for remote scanning.
52
-
53
- ``--json_config``
54
- A JSON file containing configuration options. Use `--json_config=-` to read from standard input. The file's format corresponds to the command line argument options. For example, `{"host": "example.com", "sudo": true}` is equivalent to `--host=example.com --sudo`. Command line switches override the configuration file.
55
-
56
- ``--diagnose``
57
- Dump configuration values from a command line options, the configuration file, and the merged effective options.
58
-
59
-
60
-
61
- check
62
- =====================================================
63
- Use ``inspec check`` to verify all tests the specified path.
64
-
65
- Syntax
66
- -----------------------------------------------------
67
- This subcommand has the following syntax:
68
-
69
- .. code-block:: bash
70
-
71
- $ inspec check PATH (options)
72
-
73
- where:
74
-
75
- * ``PATH`` is the location against which tests are run
76
-
77
-
78
-
79
- detect
80
- =====================================================
81
- Use ``inspec detect`` to detect the platform for the target.
82
-
83
- For example, if the configuration on the target is:
84
-
85
- .. code-block:: bash
86
-
87
- id=$( docker run -dti ubuntu:14.04 /bin/bash )
88
-
89
- the following command:
90
-
91
- .. code-block:: bash
92
-
93
- $ inspec detect -t docker://$id
94
-
95
- will return:
96
-
97
- .. code-block:: javascript
98
-
99
- {"family":"ubuntu","release":"14.04","arch":null}
100
-
101
-
102
- exec
103
- =====================================================
104
- Use ``inspec exec`` to run all tests at the specified path.
105
-
106
- Syntax
107
- -----------------------------------------------------
108
- This subcommand has the following syntax:
109
-
110
- .. code-block:: bash
111
-
112
- $ inspec exec PATH(S) (options)
113
-
114
- where:
115
-
116
- * ``PATH(S)`` is one (or more) locations against which tests are run
117
-
118
- Options
119
- -----------------------------------------------------
120
- This subcommand has additional options:
121
-
122
- ``--id=``
123
- Use to attach a profile identifier to all test results.
124
-
125
- ``--controls="a b c"``
126
- A list of controls to run. Ignore all other tests.
127
-
128
- ``--format=FORMAT``
129
- Which formatter to use: progress, documentation, json
130
-
131
-
132
- Examples
133
- -----------------------------------------------------
134
- The following examples show how to use this subcommand.
135
-
136
- **Run a test locally**
137
-
138
- .. code-block:: bash
139
-
140
- $ inspec exec test.rb
141
-
142
- **Run test 'tmp-01' locally and ignore other tests**
143
-
144
- .. code-block:: bash
145
-
146
- $ inspec exec test.rb --controls="tmp-01"
147
-
148
- **Run a test on a remote host using SSH**
149
-
150
- .. code-block:: bash
151
-
152
- $ inspec exec test.rb -t ssh://user@hostname
153
-
154
- **Run a test on a remote host using WinRM**
155
-
156
- .. code-block:: bash
157
-
158
- $ inspec exec test.rb -t winrm://Administrator@windowshost --password 'password'
159
-
160
- **Run a test against a Docker container**
161
-
162
- .. code-block:: bash
163
-
164
- $ inspec exec test.rb -t docker://container_id
165
-
166
-
167
-
168
- help
169
- =====================================================
170
- Use ``inspec help`` to print help for the |ctl inspec| from the command shell.
171
-
172
-
173
-
174
- init
175
- =====================================================
176
- Use ``inspec init`` to initialize a new inspec profile
177
-
178
- Syntax
179
- -----------------------------------------------------
180
- This command has the following syntax:
181
- .. code-block:: bash
182
-
183
- $ inspec init profile PROFILE (options)
184
-
185
- where:
186
-
187
- * ``PROFILE`` is the name of the profile you wish to create
188
-
189
- Options
190
- -----------------------------------------------------
191
- This subcommand has additional options:
192
-
193
- ``--overwrite``
194
- Overwite directory if it exists
195
-
196
- ``--no-overwrite``
197
- Converse of ``--overwrite``. (default)
198
-
199
-
200
-
201
- json
202
- =====================================================
203
- Use ``inspec json`` to read all tests at the specified path, and then generate a |json| profile to standard output (stdout).
204
-
205
- Syntax
206
- -----------------------------------------------------
207
- This subcommand has the following syntax:
208
-
209
- .. code-block:: bash
210
-
211
- $ inspec json PATH (options)
212
-
213
- where:
214
-
215
- * ``PATH`` is the location against which tests are run
216
-
217
- Options
218
- -----------------------------------------------------
219
- This subcommand has additional options:
220
-
221
- ``--controls="a b c"``
222
- Use to read only specific subset of controls in the PATH profile.
223
-
224
- ``--id``
225
- Use to attach a profile identifier to all test results.
226
-
227
- ``-o``, ``--output``
228
- Use to save the |json| profile to a file instead of printing to stdout.
229
-
230
-
231
-
232
- shell
233
- =====================================================
234
- Use ``inspec shell`` to open an interactive debugging shell.
235
-
236
-
237
-
238
- version
239
- =====================================================
240
- Use ``inspec version`` to print the version of the InSpec CLI.
241
-
242
-
243
- .. |winrm| replace:: Windows Remote Management
244
- .. _winrm: https://msdn.microsoft.com/en-us/library/aa384426(v=vs.85).aspx
245
- .. |docker| replace:: Docker
246
- .. _docker: https://www.docker.com/
247
- .. |json| replace:: JSON