inspec 0.29.0 → 0.30.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +32 -2
- data/Rakefile +53 -0
- data/docs/cli.rst +442 -0
- data/examples/inheritance/inspec.yml +3 -0
- data/inspec.gemspec +1 -0
- data/lib/inspec/cli.rb +10 -1
- data/lib/inspec/completions/bash.sh.erb +45 -0
- data/lib/inspec/completions/zsh.sh.erb +61 -0
- data/lib/inspec/dependencies.rb +307 -0
- data/lib/inspec/dsl.rb +5 -20
- data/lib/inspec/env_printer.rb +149 -0
- data/lib/inspec/errors.rb +17 -0
- data/lib/inspec/metadata.rb +4 -0
- data/lib/inspec/profile.rb +12 -0
- data/lib/inspec/profile_context.rb +5 -2
- data/lib/inspec/shell.rb +7 -2
- data/lib/inspec/shell_detector.rb +90 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/postgres.rb +94 -12
- data/lib/resources/registry_key.rb +106 -27
- data/lib/utils/hash_map.rb +37 -0
- data/test/bench/startup.flat.txt +998 -0
- data/test/bench/startup.graph.html +71420 -0
- data/test/bench/startup.grind.dat +103554 -0
- data/test/bench/startup.stack.html +25015 -0
- data/test/bench/startup/startup.flat.txt +1005 -0
- data/test/bench/startup/startup.graph.html +71958 -0
- data/test/bench/startup/startup.grind.dat +101602 -0
- data/test/bench/startup/startup.stack.html +24516 -0
- data/test/cookbooks/os_prepare/metadata.rb +1 -0
- data/test/cookbooks/os_prepare/recipes/file.rb +5 -0
- data/test/cookbooks/os_prepare/recipes/registry_key.rb +13 -0
- data/test/docker_run.rb +3 -1
- data/test/functional/inheritance_test.rb +26 -13
- data/test/helper.rb +2 -2
- data/test/integration/default/file_spec.rb +16 -0
- data/test/integration/default/powershell_spec.rb +4 -1
- data/test/integration/default/registry_key_spec.rb +47 -4
- data/test/integration/default/secpol_spec.rb +4 -1
- data/test/integration/default/wmi_spec.rb +4 -1
- data/test/unit/mock/profiles/resource-tiny/inspec.yml +10 -0
- data/test/unit/mock/profiles/resource-tiny/libraries/resource.rb +3 -0
- data/test/unit/shell_detector_test.rb +78 -0
- metadata +47 -4
- data/docs/ctl_inspec.rst +0 -247
data/docs/ctl_inspec.rst
DELETED
@@ -1,247 +0,0 @@
|
|
1
|
-
=====================================================
|
2
|
-
InSpec CLI
|
3
|
-
=====================================================
|
4
|
-
|
5
|
-
Use the InSpec CLI to run audit tests against targets using locally, SSH, |winrm|, or on |docker| containers.
|
6
|
-
|
7
|
-
Common Options
|
8
|
-
=====================================================
|
9
|
-
The following options may be used with any of the InSpec CLI subcommands:
|
10
|
-
|
11
|
-
``-b``, ``--backend``
|
12
|
-
Specify the backend. Possible values: ``local`` (default), ``ssh``, ``winrm``, or ``docker``.
|
13
|
-
|
14
|
-
``--sudo``
|
15
|
-
Run scans with sudo. Only activates on Unix and non-root user. Default value: ``false``.
|
16
|
-
|
17
|
-
``--host``
|
18
|
-
The remote host to be tested.
|
19
|
-
|
20
|
-
``-i``, ``--key_files``
|
21
|
-
The login key or certificate file required for remote scanning.
|
22
|
-
|
23
|
-
``--password``
|
24
|
-
The login password for remote scanning.
|
25
|
-
|
26
|
-
``--path``
|
27
|
-
The login path used to connect to the target for |winrm|.
|
28
|
-
|
29
|
-
``-p``, ``--port``
|
30
|
-
The port over which remote scanning will occur.
|
31
|
-
|
32
|
-
``--self_signed``
|
33
|
-
Use to allow remote scanning with self-signed certificates for |winrm| targets. Default value: ``false``.
|
34
|
-
|
35
|
-
``--ssl``
|
36
|
-
Use to require transport-layer encryption via SSL for |winrm| targets. Default value: ``false``.
|
37
|
-
|
38
|
-
``--sudo_options``
|
39
|
-
Additional options that may be required by the sudo password for remote scanning. Default value: ``''``.
|
40
|
-
|
41
|
-
``--sudo_password``
|
42
|
-
The sudo password, if required.
|
43
|
-
|
44
|
-
``--sudo_command``
|
45
|
-
Alternate sudo command, if required.
|
46
|
-
|
47
|
-
``-t``, ``--target``
|
48
|
-
The URI for the target of a remote scan, preceded by the target's backend. For example: ``backend://user:pass@host:port``, where ``backend`` is one of ``docker``, ``local``, ``ssh``, or ``winrm``.
|
49
|
-
|
50
|
-
``--user``
|
51
|
-
The login user for remote scanning.
|
52
|
-
|
53
|
-
``--json_config``
|
54
|
-
A JSON file containing configuration options. Use `--json_config=-` to read from standard input. The file's format corresponds to the command line argument options. For example, `{"host": "example.com", "sudo": true}` is equivalent to `--host=example.com --sudo`. Command line switches override the configuration file.
|
55
|
-
|
56
|
-
``--diagnose``
|
57
|
-
Dump configuration values from a command line options, the configuration file, and the merged effective options.
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
check
|
62
|
-
=====================================================
|
63
|
-
Use ``inspec check`` to verify all tests the specified path.
|
64
|
-
|
65
|
-
Syntax
|
66
|
-
-----------------------------------------------------
|
67
|
-
This subcommand has the following syntax:
|
68
|
-
|
69
|
-
.. code-block:: bash
|
70
|
-
|
71
|
-
$ inspec check PATH (options)
|
72
|
-
|
73
|
-
where:
|
74
|
-
|
75
|
-
* ``PATH`` is the location against which tests are run
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
detect
|
80
|
-
=====================================================
|
81
|
-
Use ``inspec detect`` to detect the platform for the target.
|
82
|
-
|
83
|
-
For example, if the configuration on the target is:
|
84
|
-
|
85
|
-
.. code-block:: bash
|
86
|
-
|
87
|
-
id=$( docker run -dti ubuntu:14.04 /bin/bash )
|
88
|
-
|
89
|
-
the following command:
|
90
|
-
|
91
|
-
.. code-block:: bash
|
92
|
-
|
93
|
-
$ inspec detect -t docker://$id
|
94
|
-
|
95
|
-
will return:
|
96
|
-
|
97
|
-
.. code-block:: javascript
|
98
|
-
|
99
|
-
{"family":"ubuntu","release":"14.04","arch":null}
|
100
|
-
|
101
|
-
|
102
|
-
exec
|
103
|
-
=====================================================
|
104
|
-
Use ``inspec exec`` to run all tests at the specified path.
|
105
|
-
|
106
|
-
Syntax
|
107
|
-
-----------------------------------------------------
|
108
|
-
This subcommand has the following syntax:
|
109
|
-
|
110
|
-
.. code-block:: bash
|
111
|
-
|
112
|
-
$ inspec exec PATH(S) (options)
|
113
|
-
|
114
|
-
where:
|
115
|
-
|
116
|
-
* ``PATH(S)`` is one (or more) locations against which tests are run
|
117
|
-
|
118
|
-
Options
|
119
|
-
-----------------------------------------------------
|
120
|
-
This subcommand has additional options:
|
121
|
-
|
122
|
-
``--id=``
|
123
|
-
Use to attach a profile identifier to all test results.
|
124
|
-
|
125
|
-
``--controls="a b c"``
|
126
|
-
A list of controls to run. Ignore all other tests.
|
127
|
-
|
128
|
-
``--format=FORMAT``
|
129
|
-
Which formatter to use: progress, documentation, json
|
130
|
-
|
131
|
-
|
132
|
-
Examples
|
133
|
-
-----------------------------------------------------
|
134
|
-
The following examples show how to use this subcommand.
|
135
|
-
|
136
|
-
**Run a test locally**
|
137
|
-
|
138
|
-
.. code-block:: bash
|
139
|
-
|
140
|
-
$ inspec exec test.rb
|
141
|
-
|
142
|
-
**Run test 'tmp-01' locally and ignore other tests**
|
143
|
-
|
144
|
-
.. code-block:: bash
|
145
|
-
|
146
|
-
$ inspec exec test.rb --controls="tmp-01"
|
147
|
-
|
148
|
-
**Run a test on a remote host using SSH**
|
149
|
-
|
150
|
-
.. code-block:: bash
|
151
|
-
|
152
|
-
$ inspec exec test.rb -t ssh://user@hostname
|
153
|
-
|
154
|
-
**Run a test on a remote host using WinRM**
|
155
|
-
|
156
|
-
.. code-block:: bash
|
157
|
-
|
158
|
-
$ inspec exec test.rb -t winrm://Administrator@windowshost --password 'password'
|
159
|
-
|
160
|
-
**Run a test against a Docker container**
|
161
|
-
|
162
|
-
.. code-block:: bash
|
163
|
-
|
164
|
-
$ inspec exec test.rb -t docker://container_id
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
help
|
169
|
-
=====================================================
|
170
|
-
Use ``inspec help`` to print help for the |ctl inspec| from the command shell.
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
init
|
175
|
-
=====================================================
|
176
|
-
Use ``inspec init`` to initialize a new inspec profile
|
177
|
-
|
178
|
-
Syntax
|
179
|
-
-----------------------------------------------------
|
180
|
-
This command has the following syntax:
|
181
|
-
.. code-block:: bash
|
182
|
-
|
183
|
-
$ inspec init profile PROFILE (options)
|
184
|
-
|
185
|
-
where:
|
186
|
-
|
187
|
-
* ``PROFILE`` is the name of the profile you wish to create
|
188
|
-
|
189
|
-
Options
|
190
|
-
-----------------------------------------------------
|
191
|
-
This subcommand has additional options:
|
192
|
-
|
193
|
-
``--overwrite``
|
194
|
-
Overwite directory if it exists
|
195
|
-
|
196
|
-
``--no-overwrite``
|
197
|
-
Converse of ``--overwrite``. (default)
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
json
|
202
|
-
=====================================================
|
203
|
-
Use ``inspec json`` to read all tests at the specified path, and then generate a |json| profile to standard output (stdout).
|
204
|
-
|
205
|
-
Syntax
|
206
|
-
-----------------------------------------------------
|
207
|
-
This subcommand has the following syntax:
|
208
|
-
|
209
|
-
.. code-block:: bash
|
210
|
-
|
211
|
-
$ inspec json PATH (options)
|
212
|
-
|
213
|
-
where:
|
214
|
-
|
215
|
-
* ``PATH`` is the location against which tests are run
|
216
|
-
|
217
|
-
Options
|
218
|
-
-----------------------------------------------------
|
219
|
-
This subcommand has additional options:
|
220
|
-
|
221
|
-
``--controls="a b c"``
|
222
|
-
Use to read only specific subset of controls in the PATH profile.
|
223
|
-
|
224
|
-
``--id``
|
225
|
-
Use to attach a profile identifier to all test results.
|
226
|
-
|
227
|
-
``-o``, ``--output``
|
228
|
-
Use to save the |json| profile to a file instead of printing to stdout.
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
shell
|
233
|
-
=====================================================
|
234
|
-
Use ``inspec shell`` to open an interactive debugging shell.
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
version
|
239
|
-
=====================================================
|
240
|
-
Use ``inspec version`` to print the version of the InSpec CLI.
|
241
|
-
|
242
|
-
|
243
|
-
.. |winrm| replace:: Windows Remote Management
|
244
|
-
.. _winrm: https://msdn.microsoft.com/en-us/library/aa384426(v=vs.85).aspx
|
245
|
-
.. |docker| replace:: Docker
|
246
|
-
.. _docker: https://www.docker.com/
|
247
|
-
.. |json| replace:: JSON
|