RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/lib/resources/iptables.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Usage:
+# describe iptables do
+#   it { should have_rule('-P INPUT ACCEPT') }
+# end
+#
+# The following serverspec sytax is not implemented:
+# describe iptables do
+#   it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') }
+# end
+# Please use the new sytax:
+# describe iptables(table:'mangle', chain: 'input') do
+#   it { should have_rule('-P INPUT ACCEPT') }
+# end
+#
+# Note: Docker containers normally do not have iptables installed
+#
+# @see http://ipset.netfilter.org/iptables.man.html
+# @see http://ipset.netfilter.org/iptables.man.html
+# @see https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
+class IpTables < Inspec.resource(1)
+  name 'iptables'
+  def initialize(params = {})
+    @table = params[:table] || nil
+    @chain = params[:chain] || nil
+    # we're done if we are on linux
+    return if inspec.os.linux?
+    # ensures, all calls are aborted for non-supported os
+    @iptables_cache = []
+    skip_resource 'The `iptables` resource is not supported on your OS yet.'
+  end
+  def has_rule?(rule = nil, _table = nil, _chain = nil)
+    found = false
+    retrieve_rules.each { |line|
+      # checks if the rule is part of the ruleset
+      # for now, we expect an excact match
+      found = true if line.downcase == rule.downcase
+    }
+    found
+  end
+  def retrieve_rules
+    return @iptables_cache if defined?(@iptables_cache)
+    # construct iptables command to read all rules
+    @table.nil? ? table_cmd = '' : table_cmd = " -t #{@table} "
+    @chain.nil? ? chain_cmd = '' : chain_cmd = " #{@chain}"
+    cmd = inspec.command(format('iptables %s -S %s', table_cmd, chain_cmd).strip)
+    return [] if cmd.exit_status.to_i != 0
+    # split rules, returns array or rules
+    @iptables_cache = cmd.stdout.chomp.split("\n")
+  end
+  def to_s
+    format('Iptables %s %s', @table.nil? ? '' : "table: #{@table}", @chain.nil? ? '' : "chain: #{@chain}").strip
+  end
+end

data/lib/resources/json.rb ADDED Viewed

@@ -0,0 +1,64 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Parses a json document
+# Usage:
+# describe json('policyfile.lock.json') do
+#   its('cookbook_locks.omnibus.version') { should eq('2.2.0') }
+# end
+class JsonConfig < Inspec.resource(1)
+  name 'json'
+  # make params readable
+  attr_reader :params
+  def initialize(path)
+    @path = path
+    @file_content = inspec.file(@path).content
+    @params = parse(@file_content)
+  end
+  def parse(content)
+    require 'json'
+    JSON.parse(content)
+  end
+  def extract_value(keys, value)
+    key = keys.shift
+    return nil if key.nil?
+    # check if key is a num, try to extract from array
+    if key.to_i.to_s == key
+      value = value[key.to_i]
+    # if value is an array, iterate over each child
+    elsif value.is_a?(Array)
+      value = value.map { |i|
+        extract_value([key], i)
+      }
+    # normal value extraction
+    else
+      value = value[key].nil? ? nil : value[key]
+    end
+    # check if further keys exist
+    if !keys.first.nil?
+      return extract_value(keys.clone, value)
+    else
+      return value
+    end
+  end
+  # Shorthand to retrieve a parameter name via `#its`.
+  # Example: describe json('file') { its('paramX') { should eq 'Y' } }
+  #
+  # @param [String] name name of the field to retrieve
+  # @return [Object] the value stored at this position
+  def method_missing(name)
+    @params[name.to_s]
+  end
+  def to_s
+    "Json #{@path}"
+  end
+end

data/lib/resources/kernel_module.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+# Verifies if a kernel module is loaded
+# Usage:
+# describe kernel_module('bridge') do
+#   it { should be_loaded }
+# end
+class KernelModule < Inspec.resource(1)
+  name 'kernel_module'
+  def initialize(modulename = nil)
+    @module = modulename
+    # this resource is only supported on Linux
+    return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
+  end
+  def loaded?
+    # default lsmod command
+    lsmod_cmd = 'lsmod'
+    # special care for CentOS 5 and sudo
+    lsmod_cmd = '/sbin/lsmod' if inspec.os[:family] == 'centos' && inspec.os[:release].to_i == 5
+    # get list of all modules
+    cmd = inspec.command(lsmod_cmd)
+    return false if cmd.exit_status != 0
+    # check if module is loaded
+    re = Regexp.new('^'+Regexp.quote(@module)+'\s')
+    found = cmd.stdout.match(re)
+    !found.nil?
+  end
+  def to_s
+    "Kernel Module #{@module}"
+  end
+end

data/lib/resources/kernel_parameter.rb ADDED Viewed

@@ -0,0 +1,55 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# license: All rights reserved
+# Verifies if a kernel parameter is set
+# describe kernel_parameter('net.ipv4.conf.all.forwarding') do
+#   its(:value) { should eq 0 }
+# end
+class KernelParameter < Inspec.resource(1)
+  name 'kernel_parameter'
+  def initialize(parameter = nil)
+    @parameter = parameter
+    # this resource is only supported on Linux
+    return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
+  end
+  def value
+    cmd = inspec.command("/sbin/sysctl -q -n #{@parameter}")
+    return nil if cmd.exit_status != 0
+    # remove whitespace
+    cmd = cmd.stdout.chomp.strip
+    # convert to number if possible
+    cmd = cmd.to_i if cmd.match(/^\d+$/)
+    cmd
+  end
+  def to_s
+    "Kernel Parameter #{@parameter}"
+  end
+end
+# for compatability with serverspec
+# this is deprecated syntax and will be removed in future versions
+class LinuxKernelParameter < KernelParameter
+  name 'linux_kernel_parameter'
+  def initialize(parameter)
+    super(parameter)
+  end
+  def value
+    deprecated
+    super()
+  end
+  def deprecated
+    warn '[DEPRECATION] `linux_kernel_parameter(parameter)` is deprecated.  Please use `kernel_parameter(parameter)` instead.'
+  end
+  def to_s
+    "Kernel Parameter #{@parameter}"
+  end
+end

data/lib/resources/limits_conf.rb ADDED Viewed

@@ -0,0 +1,55 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+require 'utils/simpleconfig'
+# Usage:
+#
+# describe limits_conf do
+#   its('*') { should include ['hard','core','0'] }
+# end
+class LimitsConf < Inspec.resource(1)
+  name 'limits_conf'
+  def initialize(path = nil)
+    @conf_path = path || '/etc/security/limits.conf'
+  end
+  def method_missing(name)
+    read_params[name.to_s]
+  end
+  def read_params
+    return @params if defined?(@params)
+    # read the file
+    file = inspec.file(@conf_path)
+    if !file.file?
+      skip_resource "Can't find file \"#{@conf_path}\""
+      return @params = {}
+    end
+    content = file.content
+    if content.empty? && file.size > 0
+      skip_resource "Can't read file \"#{@conf_path}\""
+      return @params = {}
+    end
+    # parse the file
+    conf = SimpleConfig.new(
+      content,
+      assignment_re: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
+      key_vals: 3,
+      multiple_values: true,
+    )
+    @params = conf.params
+  end
+  def to_s
+    'limits.conf'
+  end
+end

data/lib/resources/login_def.rb ADDED Viewed

@@ -0,0 +1,60 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+require 'utils/simpleconfig'
+# Usage:
+#
+# describe login_def do
+#   its('UMASK') {
+#     should eq '077'
+#   }
+#
+#   its('PASS_MAX_DAYS.to_i') {
+#     should be <= 90
+#   }
+# end
+class LoginDef < Inspec.resource(1)
+  name 'login_defs'
+  def initialize(path = nil)
+    @conf_path = path || '/etc/login.defs'
+  end
+  def method_missing(name)
+    read_params[name.to_s]
+  end
+  def read_params
+    return @params if defined?(@params)
+    # read the file
+    file = inspec.file(@conf_path)
+    if !file.file?
+      skip_resource "Can't find file \"#{@conf_path}\""
+      return @params = {}
+    end
+    content = file.content
+    if content.empty? && file.size > 0
+      skip_resource "Can't read file \"#{@conf_path}\""
+      return @params = {}
+    end
+    # parse the file
+    conf = SimpleConfig.new(
+      content,
+      assignment_re: /^\s*(\S+)\s+(\S*)\s*$/,
+      multiple_values: false,
+    )
+    @params = conf.params
+  end
+  def to_s
+    'login.defs'
+  end
+end

data/lib/resources/mysql.rb ADDED Viewed

@@ -0,0 +1,81 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# author: Christoph Hartmann
+# license: All rights reserved
+class Mysql < Inspec.resource(1)
+  name 'mysql'
+  attr_reader :package, :service, :conf_dir, :conf_path, :data_dir, :log_dir, :log_path, :log_group, :log_dir_group
+  def initialize
+    # set OS-dependent filenames and paths
+    case inspec.os[:family]
+    when 'ubuntu', 'debian'
+      init_ubuntu
+    when 'redhat', 'fedora'
+      init_redhat
+    when 'arch'
+      init_arch
+    else
+      # TODO: could not detect
+      init_default
+    end
+  end
+  def init_ubuntu
+    @package = 'mysql-server'
+    @service = 'mysql'
+    @conf_path = '/etc/mysql/my.cnf'
+    @conf_dir = '/etc/mysql/'
+    @data_dir = '/var/lib/mysql/'
+    @log_dir = '/var/log/'
+    @log_path = '/var/log/mysql.log'
+    @log_group = 'adm'
+    case os[:release]
+    when '14.04'
+      @log_dir_group = 'syslog'
+    else
+      @log_dir_group = 'root'
+    end
+  end
+  def init_redhat
+    @package = 'mysql-server'
+    @service = 'mysqld'
+    @conf_path = '/etc/my.cnf'
+    @conf_dir = '/etc/'
+    @data_dir = '/var/lib/mysql/'
+    @log_dir = '/var/log/'
+    @log_path = '/var/log/mysqld.log'
+    @log_group = 'mysql'
+    @log_dir_group = 'root'
+  end
+  def init_arch
+    @package = 'mariadb'
+    @service = 'mysql'
+    @conf_path = '/etc/mysql/my.cnf'
+    @conf_dir = '/etc/mysql/'
+    @data_dir = '/var/lib/mysql/'
+    @log_dir = '/var/log/'
+    @log_path = '/var/log/mysql.log'
+    @log_group = 'mysql'
+    @log_dir_group = 'root'
+  end
+  def init_default
+    @service = 'mysqld'
+    @conf_path = '/etc/my.cnf'
+    @conf_dir = '/etc/'
+    @data_dir = '/var/lib/mysql/'
+    @log_dir = '/var/log/'
+    @log_path = '/var/log/mysqld.log'
+    @log_group = 'mysql'
+    @log_dir_group = 'root'
+  end
+  def to_s
+    'MySQL'
+  end
+end

data/lib/resources/mysql_conf.rb ADDED Viewed

@@ -0,0 +1,116 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# license: All rights reserved
+require 'utils/simpleconfig'
+require 'utils/find_files'
+require 'utils/hash'
+require 'resources/mysql'
+class MysqlConfEntry
+  def initialize(path, params)
+    @params = params
+    @path = path
+  end
+  def method_missing(name, *_)
+    k = name.to_s
+    res = @params[k]
+    return true if res.nil? && @params.key?(k)
+    @params[k]
+  end
+  def to_s
+    "MySQL Config entry [#{@path.join(' ')}]"
+  end
+end
+class MysqlConf < Inspec.resource(1)
+  name 'mysql_conf'
+  include FindFiles
+  def initialize(conf_path = nil)
+    @conf_path = conf_path || inspec.mysql.conf_path
+    @files_contents = {}
+    @content = nil
+    @params = nil
+    read_content
+  end
+  def content
+    @content ||= read_content
+  end
+  def params(*opts)
+    @params || read_content
+    res = @params
+    opts.each do |opt|
+      res = res[opt] unless res.nil?
+    end
+    MysqlConfEntry.new(opts, res)
+  end
+  def method_missing(name)
+    @params || read_content
+    @params[name.to_s]
+  end
+  def read_content
+    @content = ''
+    @params = {}
+    # skip if the main configuration file doesn't exist
+    if !inspec.file(@conf_path).file?
+      return skip_resource "Can't find file \"#{@conf_path}\""
+    end
+    raw_conf = read_file(@conf_path)
+    if raw_conf.empty? && inspec.file(@conf_path).size > 0
+      return skip_resource("Can't read file \"#{@conf_path}\"")
+    end
+    to_read = [@conf_path]
+    until to_read.empty?
+      cur_file = to_read[0]
+      raw_conf = read_file(cur_file)
+      @content += raw_conf
+      params = SimpleConfig.new(raw_conf).params
+      @params = @params.deep_merge(params)
+      to_read = to_read.drop(1)
+      # see if there is more stuff to include
+      dir = File.dirname(cur_file)
+      to_read += include_files(dir, raw_conf).find_all do |fp|
+        not @files_contents.key? fp
+      end
+    end
+    #
+    @content
+  end
+  def include_files(reldir, conf)
+    files = conf.scan(/^!include\s+(.*)\s*/).flatten.compact.map { |x| abs_path(reldir, x) }
+    dirs = conf.scan(/^!includedir\s+(.*)\s*/).flatten.compact.map { |x| abs_path(reldir, x) }
+    dirs.map do |dir|
+      # @TODO: non local glob
+      files += find_files(dir, depth: 1, type: 'file')
+    end
+    files
+  end
+  def abs_path(dir, f)
+    return f if f.start_with? '/'
+    File.join(dir, f)
+  end
+  def read_file(path)
+    @files_contents[path] ||= inspec.file(path).content
+  end
+  def to_s
+    'MySQL Configuration'
+  end
+end