RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/lib/resources/iptables.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Usage:
+# describe iptables do
+#   it { should have_rule('-P INPUT ACCEPT') }
+# end
+#
+# The following serverspec sytax is not implemented:
+# describe iptables do
+#   it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') }
+# end
+# Please use the new sytax:
+# describe iptables(table:'mangle', chain: 'input') do
+#   it { should have_rule('-P INPUT ACCEPT') }
+# end
+#
+# Note: Docker containers normally do not have iptables installed
+#
+# @see http://ipset.netfilter.org/iptables.man.html
+# @see http://ipset.netfilter.org/iptables.man.html
+# @see https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
+class IpTables < Inspec.resource(1)
+  name 'iptables'
+  def initialize(params = {})
+    @table = params[:table] || nil
+    @chain = params[:chain] || nil
+    # we're done if we are on linux
+    return if inspec.os.linux?
+    # ensures, all calls are aborted for non-supported os
+    @iptables_cache = []
+    skip_resource 'The `iptables` resource is not supported on your OS yet.'
+  end
+  def has_rule?(rule = nil, _table = nil, _chain = nil)
+    found = false
+    retrieve_rules.each { |line|
+      # checks if the rule is part of the ruleset
+      # for now, we expect an excact match
+      found = true if line.downcase == rule.downcase
+    }
+    found
+  end
+  def retrieve_rules
+    return @iptables_cache if defined?(@iptables_cache)
+    # construct iptables command to read all rules
+    @table.nil? ? table_cmd = '' : table_cmd = " -t #{@table} "
+    @chain.nil? ? chain_cmd = '' : chain_cmd = " #{@chain}"
+    cmd = inspec.command(format('iptables %s -S %s', table_cmd, chain_cmd).strip)
+    return [] if cmd.exit_status.to_i != 0
+    # split rules, returns array or rules
+    @iptables_cache = cmd.stdout.chomp.split("\n")
+  end
+  def to_s
+    format('Iptables %s %s', @table.nil? ? '' : "table: #{@table}", @chain.nil? ? '' : "chain: #{@chain}").strip
+  end
+end

data/lib/resources/json.rb ADDED Viewed

@@ -0,0 +1,64 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Parses a json document
+# Usage:
+# describe json('policyfile.lock.json') do
+#   its('cookbook_locks.omnibus.version') { should eq('2.2.0') }
+# end
+class JsonConfig < Inspec.resource(1)
+  name 'json'
+  # make params readable
+  attr_reader :params
+  def initialize(path)
+    @path = path
+    @file_content = inspec.file(@path).content
+    @params = parse(@file_content)
+  end
+  def parse(content)
+    require 'json'
+    JSON.parse(content)
+  end
+  def extract_value(keys, value)
+    key = keys.shift
+    return nil if key.nil?
+    # check if key is a num, try to extract from array
+    if key.to_i.to_s == key
+      value = value[key.to_i]
+    # if value is an array, iterate over each child
+    elsif value.is_a?(Array)
+      value = value.map { |i|
+        extract_value([key], i)
+      }
+    # normal value extraction
+    else
+      value = value[key].nil? ? nil : value[key]
+    end
+    # check if further keys exist
+    if !keys.first.nil?
+      return extract_value(keys.clone, value)
+    else
+      return value
+    end
+  end
+  # Shorthand to retrieve a parameter name via `#its`.
+  # Example: describe json('file') { its('paramX') { should eq 'Y' } }
+  #
+  # @param [String] name name of the field to retrieve
+  # @return [Object] the value stored at this position
+  def method_missing(name)
+    @params[name.to_s]
+  end
+  def to_s
+    "Json #{@path}"
+  end
+end

data/lib/resources/kernel_module.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+# Verifies if a kernel module is loaded
+# Usage:
+# describe kernel_module('bridge') do
+#   it { should be_loaded }
+# end
+class KernelModule < Inspec.resource(1)
+  name 'kernel_module'
+  def initialize(modulename = nil)
+    @module = modulename
+    # this resource is only supported on Linux
+    return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
+  end
+  def loaded?
+    # default lsmod command
+    lsmod_cmd = 'lsmod'
+    # special care for CentOS 5 and sudo
+    lsmod_cmd = '/sbin/lsmod' if inspec.os[:family] == 'centos' && inspec.os[:release].to_i == 5
+    # get list of all modules
+    cmd = inspec.command(lsmod_cmd)
+    return false if cmd.exit_status != 0
+    # check if module is loaded
+    re = Regexp.new('^'+Regexp.quote(@module)+'\s')
+    found = cmd.stdout.match(re)
+    !found.nil?
+  end
+  def to_s
+    "Kernel Module #{@module}"
+  end
+end

data/lib/resources/kernel_parameter.rb ADDED Viewed

@@ -0,0 +1,55 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# license: All rights reserved
+# Verifies if a kernel parameter is set
+# describe kernel_parameter('net.ipv4.conf.all.forwarding') do
+#   its(:value) { should eq 0 }
+# end
+class KernelParameter < Inspec.resource(1)
+  name 'kernel_parameter'
+  def initialize(parameter = nil)
+    @parameter = parameter
+    # this resource is only supported on Linux
+    return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
+  end
+  def value
+    cmd = inspec.command("/sbin/sysctl -q -n #{@parameter}")
+    return nil if cmd.exit_status != 0
+    # remove whitespace
+    cmd = cmd.stdout.chomp.strip
+    # convert to number if possible
+    cmd = cmd.to_i if cmd.match(/^\d+$/)
+    cmd
+  end
+  def to_s
+    "Kernel Parameter #{@parameter}"
+  end
+end
+# for compatability with serverspec
+# this is deprecated syntax and will be removed in future versions
+class LinuxKernelParameter < KernelParameter
+  name 'linux_kernel_parameter'
+  def initialize(parameter)
+    super(parameter)
+  end
+  def value
+    deprecated
+    super()
+  end
+  def deprecated
+    warn '[DEPRECATION] `linux_kernel_parameter(parameter)` is deprecated.  Please use `kernel_parameter(parameter)` instead.'
+  end
+  def to_s
+    "Kernel Parameter #{@parameter}"
+  end
+end

data/lib/resources/limits_conf.rb ADDED Viewed

@@ -0,0 +1,55 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+require 'utils/simpleconfig'
+# Usage:
+#
+# describe limits_conf do
+#   its('*') { should include ['hard','core','0'] }
+# end
+class LimitsConf < Inspec.resource(1)
+  name 'limits_conf'
+  def initialize(path = nil)
+    @conf_path = path || '/etc/security/limits.conf'
+  end
+  def method_missing(name)
+    read_params[name.to_s]
+  end
+  def read_params
+    return @params if defined?(@params)
+    # read the file
+    file = inspec.file(@conf_path)
+    if !file.file?
+      skip_resource "Can't find file \"#{@conf_path}\""
+      return @params = {}
+    end
+    content = file.content
+    if content.empty? && file.size > 0
+      skip_resource "Can't read file \"#{@conf_path}\""
+      return @params = {}
+    end
+    # parse the file
+    conf = SimpleConfig.new(
+      content,
+      assignment_re: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
+      key_vals: 3,
+      multiple_values: true,
+    )
+    @params = conf.params
+  end
+  def to_s
+    'limits.conf'
+  end
+end

data/lib/resources/login_def.rb ADDED Viewed

@@ -0,0 +1,60 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+require 'utils/simpleconfig'
+# Usage:
+#
+# describe login_def do
+#   its('UMASK') {
+#     should eq '077'
+#   }
+#
+#   its('PASS_MAX_DAYS.to_i') {
+#     should be <= 90
+#   }
+# end
+class LoginDef < Inspec.resource(1)
+  name 'login_defs'
+  def initialize(path = nil)
+    @conf_path = path || '/etc/login.defs'
+  end
+  def method_missing(name)
+    read_params[name.to_s]
+  end
+  def read_params
+    return @params if defined?(@params)
+    # read the file
+    file = inspec.file(@conf_path)
+    if !file.file?
+      skip_resource "Can't find file \"#{@conf_path}\""
+      return @params = {}
+    end
+    content = file.content
+    if content.empty? && file.size > 0
+      skip_resource "Can't read file \"#{@conf_path}\""
+      return @params = {}
+    end
+    # parse the file
+    conf = SimpleConfig.new(
+      content,
+      assignment_re: /^\s*(\S+)\s+(\S*)\s*$/,
+      multiple_values: false,
+    )
+    @params = conf.params
+  end
+  def to_s
+    'login.defs'
+  end
+end

data/lib/resources/mysql.rb ADDED Viewed

@@ -0,0 +1,81 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# author: Christoph Hartmann
+# license: All rights reserved
+class Mysql < Inspec.resource(1)
+  name 'mysql'
+  attr_reader :package, :service, :conf_dir, :conf_path, :data_dir, :log_dir, :log_path, :log_group, :log_dir_group
+  def initialize
+    # set OS-dependent filenames and paths
+    case inspec.os[:family]
+    when 'ubuntu', 'debian'
+      init_ubuntu
+    when 'redhat', 'fedora'
+      init_redhat
+    when 'arch'
+      init_arch
+    else
+      # TODO: could not detect
+      init_default
+    end
+  end
+  def init_ubuntu
+    @package = 'mysql-server'
+    @service = 'mysql'
+    @conf_path = '/etc/mysql/my.cnf'
+    @conf_dir = '/etc/mysql/'
+    @data_dir = '/var/lib/mysql/'
+    @log_dir = '/var/log/'
+    @log_path = '/var/log/mysql.log'
+    @log_group = 'adm'
+    case os[:release]
+    when '14.04'
+      @log_dir_group = 'syslog'
+    else
+      @log_dir_group = 'root'
+    end
+  end
+  def init_redhat
+    @package = 'mysql-server'
+    @service = 'mysqld'
+    @conf_path = '/etc/my.cnf'
+    @conf_dir = '/etc/'
+    @data_dir = '/var/lib/mysql/'
+    @log_dir = '/var/log/'
+    @log_path = '/var/log/mysqld.log'
+    @log_group = 'mysql'
+    @log_dir_group = 'root'
+  end
+  def init_arch
+    @package = 'mariadb'
+    @service = 'mysql'
+    @conf_path = '/etc/mysql/my.cnf'
+    @conf_dir = '/etc/mysql/'
+    @data_dir = '/var/lib/mysql/'
+    @log_dir = '/var/log/'
+    @log_path = '/var/log/mysql.log'
+    @log_group = 'mysql'
+    @log_dir_group = 'root'
+  end
+  def init_default
+    @service = 'mysqld'
+    @conf_path = '/etc/my.cnf'
+    @conf_dir = '/etc/'
+    @data_dir = '/var/lib/mysql/'
+    @log_dir = '/var/log/'
+    @log_path = '/var/log/mysqld.log'
+    @log_group = 'mysql'
+    @log_dir_group = 'root'
+  end
+  def to_s
+    'MySQL'
+  end
+end

data/lib/resources/mysql_conf.rb ADDED Viewed

@@ -0,0 +1,116 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# license: All rights reserved
+require 'utils/simpleconfig'
+require 'utils/find_files'
+require 'utils/hash'
+require 'resources/mysql'
+class MysqlConfEntry
+  def initialize(path, params)
+    @params = params
+    @path = path
+  end
+  def method_missing(name, *_)
+    k = name.to_s
+    res = @params[k]
+    return true if res.nil? && @params.key?(k)
+    @params[k]
+  end
+  def to_s
+    "MySQL Config entry [#{@path.join(' ')}]"
+  end
+end
+class MysqlConf < Inspec.resource(1)
+  name 'mysql_conf'
+  include FindFiles
+  def initialize(conf_path = nil)
+    @conf_path = conf_path || inspec.mysql.conf_path
+    @files_contents = {}
+    @content = nil
+    @params = nil
+    read_content
+  end
+  def content
+    @content ||= read_content
+  end
+  def params(*opts)
+    @params || read_content
+    res = @params
+    opts.each do |opt|
+      res = res[opt] unless res.nil?
+    end
+    MysqlConfEntry.new(opts, res)
+  end
+  def method_missing(name)
+    @params || read_content
+    @params[name.to_s]
+  end
+  def read_content
+    @content = ''
+    @params = {}
+    # skip if the main configuration file doesn't exist
+    if !inspec.file(@conf_path).file?
+      return skip_resource "Can't find file \"#{@conf_path}\""
+    end
+    raw_conf = read_file(@conf_path)
+    if raw_conf.empty? && inspec.file(@conf_path).size > 0
+      return skip_resource("Can't read file \"#{@conf_path}\"")
+    end
+    to_read = [@conf_path]
+    until to_read.empty?
+      cur_file = to_read[0]
+      raw_conf = read_file(cur_file)
+      @content += raw_conf
+      params = SimpleConfig.new(raw_conf).params
+      @params = @params.deep_merge(params)
+      to_read = to_read.drop(1)
+      # see if there is more stuff to include
+      dir = File.dirname(cur_file)
+      to_read += include_files(dir, raw_conf).find_all do |fp|
+        not @files_contents.key? fp
+      end
+    end
+    #
+    @content
+  end
+  def include_files(reldir, conf)
+    files = conf.scan(/^!include\s+(.*)\s*/).flatten.compact.map { |x| abs_path(reldir, x) }
+    dirs = conf.scan(/^!includedir\s+(.*)\s*/).flatten.compact.map { |x| abs_path(reldir, x) }
+    dirs.map do |dir|
+      # @TODO: non local glob
+      files += find_files(dir, depth: 1, type: 'file')
+    end
+    files
+  end
+  def abs_path(dir, f)
+    return f if f.start_with? '/'
+    File.join(dir, f)
+  end
+  def read_file(path)
+    @files_contents[path] ||= inspec.file(path).content
+  end
+  def to_s
+    'MySQL Configuration'
+  end
+end