inspec 0.9.0

data/lib/resources/apache.rb

@@ -0,0 +1,29 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+
+class Apache < Inspec.resource(1)
+  name 'apache'
+
+  attr_reader :service, :conf_dir, :conf_path, :user
+  def initialize
+    case inspec.os[:family]
+    when 'ubuntu', 'debian'
+      @service = 'apache2'
+      @conf_dir = '/etc/apache2/'
+      @conf_path = File.join @conf_dir, 'apache2.conf'
+      @user = 'www-data'
+    else
+      @service = 'httpd'
+      @conf_dir = '/etc/httpd/'
+      @conf_path = File.join @conf_dir, '/conf/httpd.conf'
+      @user = 'apache'
+    end
+  end
+
+  def to_s
+    'Apache Environment'
+  end
+end

data/lib/resources/apache_conf.rb

@@ -0,0 +1,113 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# author: Christoph Hartmann
+# license: All rights reserved
+
+require 'utils/simpleconfig'
+require 'utils/find_files'
+
+class ApacheConf < Inspec.resource(1)
+  name 'apache_conf'
+
+  include FindFiles
+
+  def initialize(conf_path = nil)
+    @conf_path = conf_path || inspec.apache.conf_path
+    @conf_dir = File.dirname(@conf_path)
+    @files_contents = {}
+    @content = nil
+    @params = nil
+    read_content
+  end
+
+  def content
+    @content ||= read_content
+  end
+
+  def params(*opts)
+    @params || read_content
+    res = @params
+    opts.each do |opt|
+      res = res[opt] unless res.nil?
+    end
+    res
+  end
+
+  def filter_comments(data)
+    content = ''
+    data.each_line do |line|
+      if !line.match(/^\s*#/)
+        content << line
+      end
+    end
+    content
+  end
+
+  def read_content
+    @content = ''
+    @params = {}
+
+    # skip if the main configuration file doesn't exist
+    file = inspec.file(@conf_path)
+    if !file.file?
+      return skip_resource "Can't find file \"#{@conf_path}\""
+    end
+
+    raw_conf = file.content
+    if raw_conf.empty? && file.size > 0
+      return skip_resource("Can't read file \"#{@conf_path}\"")
+    end
+
+    to_read = [@conf_path]
+    until to_read.empty?
+      raw_conf = read_file(to_read[0])
+      @content += raw_conf
+
+      # parse include file parameters
+      params = SimpleConfig.new(
+        raw_conf,
+        assignment_re: /^\s*(\S+)\s+(.*)\s*$/,
+        multiple_values: true,
+      ).params
+      @params.merge!(params)
+
+      to_read = to_read.drop(1)
+      to_read += include_files(params).find_all do |fp|
+        not @files_contents.key? fp
+      end
+    end
+
+    # fiter comments
+    @content = filter_comments @content
+    @content
+  end
+
+  def include_files(params)
+    # see if there is more config files to include
+    include_files = params['Include'] || []
+    include_files_optional = params['IncludeOptional'] || []
+
+    required = []
+    include_files.each do |f|
+      id = File.join(@conf_dir, f)
+      required.push(find_files(id, depth: 1, type: 'file'))
+    end
+
+    optional = []
+    include_files_optional.each do |f|
+      id = File.join(@conf_dir, f)
+      optional.push(find_files(id, depth: 1, type: 'file'))
+    end
+
+    required.flatten! + optional.flatten!
+  end
+
+  def read_file(path)
+    @files_contents[path] ||= inspec.file(path).content
+  end
+
+  def to_s
+    "Apache Config #{@conf_path}"
+  end
+end

data/lib/resources/apt.rb

@@ -0,0 +1,140 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+# Verifies apt and ppa repositories
+#
+# Usage:
+# describe apt('ubuntu-wine/ppa') do
+#   it { should exist }
+#   it { should be_enabled }
+# end
+#
+# it also understands a ppa url
+# describe apt('ppa:ubuntu-wine/ppa') do
+#   it { should exist }
+#   it { should be_enabled }
+# end
+#
+# The following ppa formats are supported:
+# - ubuntu-wine/ppa
+# - ppa:ubuntu-wine/ppa
+# - http://ppa.launchpad.net/juju/stable/ubuntu
+#
+# Install a ppa as following:
+# apt-get install python-software-properties
+# apt-get install software-properties-common
+# add-apt-repository ppa:ubuntu-wine/ppa
+
+require 'uri'
+
+class AptRepository < Inspec.resource(1)
+  name 'apt'
+
+  def initialize(ppa_name)
+    @deb_url = nil
+    # check if the os is ubuntu or debian
+    if inspec.os.debian?
+      @deb_url = determine_ppa_url(ppa_name)
+    else
+      # this resource is only supported on ubuntu and debian
+      skip_resource 'The `apt` resource is not supported on your OS yet.'
+    end
+  end
+
+  def exists?
+    find_repo.count > 0
+  end
+
+  def enabled?
+    return false if find_repo.count == 0
+    actives = find_repo.map { |repo| repo[:active] }
+    actives = actives.uniq
+    actives.size == 1 && actives[0] = true
+  end
+
+  def to_s
+    "Apt Repository #{@deb_url}"
+  end
+
+  private
+
+  def find_repo
+    read_debs.select { |repo| repo[:url] == @deb_url && repo[:type] == 'deb' }
+  end
+
+  HTTP_URL_RE = /\A#{URI::DEFAULT_PARSER.make_regexp(%w{http https})}\z/
+
+  # read
+  def read_debs
+    return @repo_cache if defined?(@repo_cache)
+
+    # load all lists
+    cmd = inspec.command("find /etc/apt/ -name \*.list -exec sh -c 'cat {} || echo -n' \\;")
+
+    # @see https://help.ubuntu.com/community/Repositories/CommandLine#Explanation_of_the_Repository_Format
+    @repo_cache = cmd.stdout.chomp.split("\n").each_with_object([]) do |raw_line, lines|
+      active = true
+
+      # detect if the repo is commented out
+      line = raw_line.gsub(/^(#\s*)*/, '')
+      active = false if raw_line != line
+
+      # eg.: deb http://archive.ubuntu.com/ubuntu/ wily main restricted
+      parse_repo = /^\s*(\S+)\s+"?([^ "\t\r\n\f]+)"?\s+(\S+)\s+(.*)$/.match(line)
+
+      # check if we got any result and the second param is an url
+      next if parse_repo.nil? || !parse_repo[2] =~ HTTP_URL_RE
+
+      # map data
+      repo = {
+        type: parse_repo[1],
+        url: parse_repo[2],
+        distro: parse_repo[3],
+        components: parse_repo[4].chomp.split(' '),
+        active: active,
+      }
+      next unless ['deb', 'deb-src'].include? repo[:type]
+
+      lines.push(repo)
+    end
+  end
+
+  # resolves ppa urls
+  # @see http://bazaar.launchpad.net/~ubuntu-core-dev/software-properties/main/view/head:/softwareproperties/ppa.py
+  def determine_ppa_url(ppa_url)
+    # verify if we have the url already, then just return
+    return ppa_url if ppa_url =~ HTTP_URL_RE
+    # otherwise start generating the ppa url
+
+    # special care if the name stats with :
+    ppa_url = ppa_url.split(':')[1] if ppa_url.start_with?('ppa:')
+
+    # parse ppa owner and repo
+    ppa_owner, ppa_repo = ppa_url.split('/')
+    ppa_repo = 'ppa' if ppa_repo.nil?
+
+    # construct new ppa url and return it
+    format('http://ppa.launchpad.net/%s/%s/ubuntu', ppa_owner, ppa_repo)
+  end
+end
+
+# for compatability with serverspec
+# this is deprecated syntax and will be removed in future versions
+class PpaRepository < AptRepository
+  name 'ppa'
+
+  def exists?
+    deprecated
+    super()
+  end
+
+  def enabled?
+    deprecated
+    super()
+  end
+
+  def deprecated
+    warn '[DEPRECATION] `ppa(reponame)` is deprecated.  Please use `apt(reponame)` instead.'
+  end
+end

data/lib/resources/audit_policy.rb

@@ -0,0 +1,63 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+
+# Advanced Auditing:
+# As soon as you start applying Advanced Audit Configuration Policy, legacy policies will be completely ignored.
+# reference: https://technet.microsoft.com/en-us/library/cc753632.aspx
+# use:
+#  - list all categories: Auditpol /list /subcategory:* /r
+#  - list parameters: Auditpol /get /category:"System" /subcategory:"IPsec Driver"
+#  - list specific parameter: Auditpol /get /subcategory:"IPsec Driver"
+#
+# @link: http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx
+#
+# Valid values are:
+#
+# - "No Auditing"
+# - "Not Specified"
+# - "Success"
+# - "Success and Failure"
+# - "Failure"
+#
+# Further information is available at: https://msdn.microsoft.com/en-us/library/dd973859.aspx
+#
+# Usage:
+#
+# describe audit_policy do
+#   its('Other Account Logon Events') { should_not eq 'No Auditing' }
+# end
+
+class AuditPolicy < Inspec.resource(1)
+  name 'audit_policy'
+
+  def method_missing(method)
+    key = method.to_s
+
+    # expected result:
+    # Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
+    # WIN-MB8NINQ388J,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,
+    result ||= inspec.command("Auditpol /get /subcategory:'#{key}' /r").stdout
+
+    # find line
+    target = nil
+    result.each_line {|s|
+      target = s.strip if s.match(/\b.*#{key}.*\b/)
+    }
+
+    # extract value
+    values = nil
+    unless target.nil?
+      # split csv values and return value
+      values = target.split(',')[4]
+    end
+
+    values
+  end
+
+  def to_s
+    'Audit Policy'
+  end
+end

data/lib/resources/auditd_conf.rb

@@ -0,0 +1,56 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+
+require 'utils/simpleconfig'
+
+# Usage:
+# describe audit_daemon_conf do
+#   its("space_left_action") { should eq "email" }
+#   its("action_mail_acct") { should eq "root" }
+#   its("admin_space_left_action") { should eq "halt" }
+# end
+
+class AuditDaemonConf < Inspec.resource(1)
+  name 'auditd_conf'
+
+  def initialize(path = nil)
+    @conf_path = path || '/etc/audit/auditd.conf'
+  end
+
+  def method_missing(name)
+    read_params[name.to_s]
+  end
+
+  def to_s
+    'Audit Daemon Config'
+  end
+
+  private
+
+  def read_params
+    return @params if defined?(@params)
+
+    # read the file
+    file = inspec.file(@conf_path)
+    if !file.file?
+      skip_resource "Can't find file '#{@conf_path}'"
+      return @params = {}
+    end
+
+    content = file.content
+    if content.empty? && file.size > 0
+      skip_resource "Can't read file '#{@conf_path}'"
+      return @params = {}
+    end
+
+    # parse the file
+    conf = SimpleConfig.new(
+      content,
+      multiple_values: false,
+    )
+    @params = conf.params
+  end
+end

data/lib/resources/auditd_rules.rb

@@ -0,0 +1,53 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+
+# Usage:
+# describe audit_daemon_rules do
+#   its("LIST_RULES") {should contain_match(/^exit,always arch=.* key=time-change syscall=adjtimex,settimeofday/) }
+#   its("LIST_RULES") {should contain_match(/^exit,always arch=.* key=time-change syscall=stime,settimeofday,adjtimex/) }
+#   its("LIST_RULES") {should contain_match(/^exit,always arch=.* key=time-change syscall=clock_settime/)}
+#   its("LIST_RULES") {should contain_match(/^exit,always watch=\/etc\/localtime perm=wa key=time-change/)}
+# end
+
+class AuditDaemonRules < Inspec.resource(1)
+  name 'auditd_rules'
+
+  def initialize
+    @content = inspec.command('/sbin/auditctl -l').stdout.chomp
+
+    @opts = {
+      assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+      multiple_values: true,
+    }
+  end
+
+  def params
+    @params ||= SimpleConfig.new(@content, @opts).params
+  end
+
+  def method_missing(name)
+    params[name.to_s]
+  end
+
+  def status(name)
+    @status_opts = {
+      assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+      multiple_values: false,
+    }
+    @status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp
+    @status_params = SimpleConfig.new(@status_content, @status_opts).params
+
+    status = @status_params['AUDIT_STATUS']
+    return nil if status.nil?
+
+    items = Hash[status.scan(/([^=]+)=(\w*)\s*/)]
+    items[name]
+  end
+
+  def to_s
+    'Audit Daemon Rules'
+  end
+end