inspec 0.9.9 → 0.9.10

data/lib/inspec/resource.rb

@@ -11,8 +11,31 @@ module Inspec
     def self.registry
       @registry ||= {}
     end
+
+    # Creates the inner DSL which includes all resources for
+    # creating tests. It is always connected to one target,
+    # which is specified via the backend argument.
+    #
+    # @param backend [BackendRunner] exposing the target to resources
+    # @return [ResourcesDSL]
+    def self.create_dsl(backend)
+      # need the local name, to use it in the module creation further down
+      my_registry = registry
+      Module.new do
+        my_registry.each do |id, r|
+          define_method id.to_sym do |*args|
+            r.new(backend, id.to_s, *args)
+          end
+        end
+      end
+    end
   end
 
+  # Retrieve the base class for creating a new resource.
+  # Create classes that inherit from this class.
+  #
+  # @param [int] version the resource version to use
+  # @return [Resource] base class for creating a new resource
   def self.resource(version)
     if version != 1
       fail 'Only resource version 1 is supported!'

data/lib/inspec/runner.rb

@@ -10,27 +10,28 @@ require 'inspec/profile_context'
 require 'inspec/targets'
 require 'inspec/metadata'
 # spec requirements
-require 'rspec'
-require 'rspec/its'
-require 'inspec/rspec_json_formatter'
 
 module Inspec
   class Runner # rubocop:disable Metrics/ClassLength
-    attr_reader :tests, :backend, :rules
+    attr_reader :backend, :rules
     def initialize(conf = {})
       @rules = {}
       @profile_id = conf[:id]
       @conf = conf.dup
       @conf[:logger] ||= Logger.new(nil)
-      @tests = RSpec::Core::World.new
 
-      # resets "pending examples" in reporter
-      RSpec.configuration.reset
+      @test_collector = @conf.delete(:test_collector) || begin
+        require 'inspec/runner_rspec'
+        RunnerRspec.new(@conf)
+      end
 
-      configure_output
       configure_transport
     end
 
+    def tests
+      @test_collector.tests
+    end
+
     def normalize_map(hm)
       res = {}
       hm.each {|k, v|
@@ -39,10 +40,6 @@ module Inspec
       res
     end
 
-    def configure_output
-      RSpec.configuration.add_formatter(@conf['format'] || 'progress')
-    end
-
     def configure_transport
       @backend = Inspec::Backend.create(@conf)
     end
@@ -105,16 +102,12 @@ module Inspec
 
       # process the resulting rules
       ctx.rules.each do |rule_id, rule|
-        register_rule(ctx, rule_id, rule)
+        register_rule(rule_id, rule)
       end
     end
 
-    def run
-      run_with(RSpec::Core::Runner.new(nil))
-    end
-
-    def run_with(rspec_runner)
-      rspec_runner.run_specs(@tests.ordered_example_groups)
+    def run(with = nil)
+      @test_collector.run(with)
     end
 
     private
@@ -130,14 +123,14 @@ module Inspec
       if !arg.empty? &&
          arg[0].respond_to?(:resource_skipped) &&
          !arg[0].resource_skipped.nil?
-        return RSpec::Core::ExampleGroup.describe(*arg, opts) do
+        return @test_collector.example_group(*arg, opts) do
           it arg[0].resource_skipped
         end
       else
         # add the resource
         case method_name
         when 'describe'
-          return RSpec::Core::ExampleGroup.describe(*arg, opts, &block)
+          return @test_collector.example_group(*arg, opts, &block)
         when 'expect'
           return block.example_group
         else
@@ -148,7 +141,7 @@ module Inspec
       nil
     end
 
-    def register_rule(ctx, rule_id, rule)
+    def register_rule(rule_id, rule)
       @rules[rule_id] = rule
       checks = rule.instance_variable_get(:@checks)
       checks.each do |m, a, b|
@@ -161,21 +154,10 @@ module Inspec
         # the scope of this run, thus not gaining ony of the DSL pieces.
         # To circumvent this, the full DSL is attached to the example's
         # scope.
-        dsl = ctx.method(:create_inner_dsl).call(backend)
+        dsl = Inspec::Resource.create_dsl(backend)
         example.send(:include, dsl)
 
-        set_rspec_ids(example, rule_id)
-        @tests.register(example)
-      end
-    end
-
-    def set_rspec_ids(example, id)
-      example.metadata[:id] = id
-      example.filtered_examples.each do |e|
-        e.metadata[:id] = id
-      end
-      example.children.each do |child|
-        set_rspec_ids(child, id)
+        @test_collector.add_test(example, rule_id)
       end
     end
   end

data/lib/inspec/runner_mock.rb

@@ -0,0 +1,31 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+module Inspec
+  class RunnerMock
+    attr_reader :tests
+    def initialize
+      @tests = []
+    end
+
+    def add_test(example, _rule_id)
+      @tests.push(example)
+    end
+
+    def example_group(*in_args, &in_block)
+      Class.new do
+        define_method :args do
+          in_args
+        end
+        define_method :block do
+          in_block
+        end
+      end
+    end
+
+    def run(_with = nil)
+      puts 'uhm.... nothing or something... dunno, ask your admin'
+    end
+  end
+end

data/lib/inspec/runner_rspec.rb

@@ -0,0 +1,94 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'rspec/core'
+require 'rspec/its'
+require 'inspec/rspec_json_formatter'
+
+# There be dragons!! Or borgs, or something...
+# This file and all its contents cannot yet be tested. Once it is included
+# in our unit test suite, it deactivates all other checks completely.
+# To circumvent this, we need functional tests which tackle the RSpec runner
+# or a separate suite of unit tests to which get along with this.
+
+module Inspec
+  class RunnerRspec
+    def initialize(conf)
+      @conf = conf
+      reset_tests
+      configure_output
+    end
+
+    # Create a new RSpec example group from arguments and block.
+    #
+    # @param [Type] *args list of arguments for this example
+    # @param [Type] &block the block associated with this example group
+    # @return [RSpecExampleGroup]
+    def example_group(*args, &block)
+      RSpec::Core::ExampleGroup.describe(*args, &block)
+    end
+
+    # Add an example group to the list of registered tests.
+    #
+    # @param [RSpecExampleGroup] example test
+    # @param [String] rule_id the ID associated with this check
+    # @return [nil]
+    def add_test(example, rule_id)
+      set_rspec_ids(example, rule_id)
+      @tests.register(example)
+    end
+
+    # Retrieve the list of tests that have been added.
+    #
+    # @return [Array] full list of tests
+    def tests
+      @tests.ordered_example_groups
+    end
+
+    # Run all registered tests with an optional test runner.
+    #
+    # @param [RSpecRunner] with is an optional RSpecRunner
+    # @return [int] 0 if all went well; otherwise nonzero
+    def run(with = nil)
+      with ||= RSpec::Core::Runner.new(nil)
+      with.run_specs(tests)
+    end
+
+    private
+
+    # Empty the list of registered tests.
+    #
+    # @return [nil]
+    def reset_tests
+      @tests = RSpec::Core::World.new
+      # resets "pending examples" in reporter
+      RSpec.configuration.reset
+    end
+
+    # Configure the output formatter and stream to be used with RSpec.
+    #
+    # @return [nil]
+    def configure_output
+      RSpec.configuration.add_formatter(@conf['format'] || 'progress')
+    end
+
+    # Make sure that all RSpec example groups use the provided ID.
+    # At the time of creation, we didn't yet have full ID support in RSpec,
+    # which is why they were added to metadata directly. This is evaluated
+    # by the InSpec adjusted json formatter (rspec_json_formatter).
+    #
+    # @param [RSpecExampleGroup] example object which contains a check
+    # @param [Type] id describe id
+    # @return [Type] description of returned object
+    def set_rspec_ids(example, id)
+      example.metadata[:id] = id
+      example.filtered_examples.each do |e|
+        e.metadata[:id] = id
+      end
+      example.children.each do |child|
+        set_rspec_ids(child, id)
+      end
+    end
+  end
+end

data/lib/inspec/targets/dir.rb

@@ -11,13 +11,11 @@ module Inspec::Targets
     # TODO: remove `test` support for InSpec 1.0
     class ProfileDir
       def handles?(paths)
+        return true if paths.include?('inspec.yml')
         (
           !paths.grep(/^controls/).empty? ||
           !paths.grep(/^test/).empty?
-        ) && (
-          paths.include?('inspec.yml') ||
-          paths.include?('metadata.rb')
-        )
+        ) && paths.include?('metadata.rb')
       end
 
       def get_libraries(paths)

data/lib/inspec/version.rb

@@ -3,5 +3,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.9.9'.freeze
+  VERSION = '0.9.10'.freeze
 end

data/lib/resources/command.rb

@@ -49,7 +49,7 @@ class Cmd < Inspec.resource(1)
     elsif inspec.os.unix?
       res = inspec.backend.run_command("type \"#{@command}\"")
     else
-      warn "`command(#{@command}).exist?` is not suported on you OS: #{inspec.os[:family]}"
+      warn "`command(#{@command}).exist?` is not suported on your OS: #{inspec.os[:family]}"
       return false
     end
     res.exit_status.to_i == 0

data/lib/resources/postgres_session.rb

@@ -5,17 +5,15 @@
 # license: All rights reserved
 
 class Lines
+  attr_reader :output
+
   def initialize(raw, desc)
-    @raw = raw
+    @output = raw
     @desc = desc
   end
 
-  def output
-    @raw
-  end
-
   def lines
-    @raw.split("\n")
+    output.split("\n")
   end
 
   def to_s
@@ -39,29 +37,26 @@ class PostgresSession < Inspec.resource(1)
     @pass = pass
   end
 
-  def query(query, db = [], &block)
+  def query(query, db = [])
     dbs = db.map { |x| "-d #{x}" }.join(' ')
     # TODO: simple escape, must be handled by a library
     # that does this securely
     escaped_query = query.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
     # run the query
-    cmd = inspec.command("PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -c \"#{escaped_query}\"")
+    cmd = inspec.command("PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -h localhost -c \"#{escaped_query}\"")
     out = cmd.stdout + "\n" + cmd.stderr
-    if out =~ /could not connect to .*/ or
+    if cmd.exit_status != 0 or
+       out =~ /could not connect to .*/ or
        out.downcase =~ /^error/
       # skip this test if the server can't run the query
-      RSpec.describe(cmd) do
-        it 'is skipped', skip: out do
-        end
-      end
+      skip_resource "Can't read run query #{query.inspect} on postgres_session: #{out}"
     else
       # remove the whole header (i.e. up to the first ^-----+------+------$)
       # remove the tail
       lines = cmd.stdout
                  .sub(/(.*\n)+([-]+[+])*[-]+\n/, '')
                  .sub(/\n[^\n]*\n\n$/, '')
-      l = Lines.new(lines.strip, "PostgreSQL query: #{query}")
-      RSpec.__send__('describe', l, &block)
+      Lines.new(lines.strip, "PostgreSQL query: #{query}")
     end
   end
 end

data/lib/resources/registry_key.rb

@@ -69,22 +69,26 @@ class RegistryKey < Inspec.resource(1)
 
   private
 
+  def prep_prop(property)
+    property.to_s.downcase
+  end
+
   def registry_property_exists(regkey, property)
     return false if regkey.nil? || property.nil?
     # always ensure the key is lower case
-    !regkey[property.to_s.downcase].nil?
+    !regkey[prep_prop(property)].nil?
   end
 
   def registry_property_value(regkey, property)
-    return nil if regkey.nil? || property.nil?
+    return nil if !registry_property_exists(regkey, property)
     # always ensure the key is lower case
-    regkey[property.to_s.downcase]['value']
+    regkey[prep_prop(property)]['value']
   end
 
   def registry_property_type(regkey, property)
-    return nil if regkey.nil? || property.nil?
+    return nil if !registry_property_exists(regkey, property)
     # always ensure the key is lower case
-    regkey[property.to_s.downcase]['type']
+    regkey[prep_prop(property)]['type']
   end
 
   def registry_key(path)
@@ -174,6 +178,6 @@ class WindowsRegistryKey < RegistryKey
   end
 
   def deprecated
-    warn '[DEPRECATION] `yumrepo(reponame)` is deprecated.  Please use `yum.repo(reponame)` instead.'
+    warn '[DEPRECATION] `windows_registry_key(reg_key)` is deprecated.  Please use `registry_key(\'path\to\key\')` instead.'
   end
 end

data/lib/resources/service.rb

@@ -1,6 +1,7 @@
 # encoding: utf-8
 # author: Christoph Hartmann
 # author: Dominik Richter
+# author: Stephan Renatus
 # license: All rights reserved
 
 # Usage:
@@ -30,14 +31,19 @@ class Service < Inspec.resource(1)
     end
   "
 
-  def initialize(service_name)
+  attr_reader :service_ctl
+
+  def initialize(service_name, service_ctl = nil)
     @service_name = service_name
     @service_mgmt = nil
+    @service_ctl ||= service_ctl
     @cache = nil
-    select_package_manager
+    @service_mgmt = select_service_mgmt
+
+    return skip_resource 'The `service` resource is not supported on your OS yet.' if @service_mgmt.nil?
   end
 
-  def select_package_manager # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+  def select_service_mgmt # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
     family = inspec.os[:family]
 
     case family
@@ -52,45 +58,42 @@ class Service < Inspec.resource(1)
     when 'ubuntu'
       version = inspec.os[:release].to_f
       if version < 15.04
-        @service_mgmt = Upstart.new(inspec)
+        Upstart.new(inspec, service_ctl)
       else
-        @service_mgmt = Systemd.new(inspec)
+        Systemd.new(inspec, service_ctl)
       end
     when 'debian'
       version = inspec.os[:release].to_i
       if version > 7
-        @service_mgmt = Systemd.new(inspec)
+        Systemd.new(inspec, service_ctl)
       else
-        @service_mgmt = SysV.new(inspec)
+        SysV.new(inspec, service_ctl || '/usr/sbin/service')
       end
     when 'redhat', 'fedora', 'centos'
       version = inspec.os[:release].to_i
       if (%w{ redhat centos }.include?(family) && version >= 7) || (family == 'fedora' && version >= 15)
-        @service_mgmt = Systemd.new(inspec)
+        Systemd.new(inspec, service_ctl)
       else
-        @service_mgmt = SysV.new(inspec)
+        SysV.new(inspec, service_ctl || '/sbin/service')
       end
     when 'wrlinux'
-      @service_mgmt = SysV.new(inspec)
+      SysV.new(inspec, service_ctl)
     when 'darwin'
-      @service_mgmt = LaunchCtl.new(inspec)
+      LaunchCtl.new(inspec, service_ctl)
     when 'windows'
-      @service_mgmt = WindowsSrv.new(inspec)
+      WindowsSrv.new(inspec)
     when 'freebsd'
-      @service_mgmt = BSDInit.new(inspec)
+      BSDInit.new(inspec, service_ctl)
     when 'arch', 'opensuse'
-      @service_mgmt = Systemd.new(inspec)
+      Systemd.new(inspec, service_ctl)
     when 'aix'
-      @service_mgmt = SrcMstr.new(inspec)
+      SrcMstr.new(inspec)
     end
-
-    return skip_resource 'The `service` resource is not supported on your OS yet.' if @service_mgmt.nil?
   end
 
   def info
-    return @cache if !@cache.nil?
     return nil if @service_mgmt.nil?
-    @cache = @service_mgmt.info(@service_name)
+    @cache ||= @service_mgmt.info(@service_name)
   end
 
   # verifies the service is enabled
@@ -117,17 +120,23 @@ class Service < Inspec.resource(1)
 end
 
 class ServiceManager
-  attr_reader :inspec
-  def initialize(inspec)
+  attr_reader :inspec, :service_ctl
+  def initialize(inspec, service_ctl = nil)
     @inspec = inspec
+    @service_ctl ||= service_ctl
   end
 end
 
 # @see: http://www.freedesktop.org/software/systemd/man/systemctl.html
 # @see: http://www.freedesktop.org/software/systemd/man/systemd-system.conf.html
 class Systemd < ServiceManager
+  def initialize(inspec, service_ctl = nil)
+    @service_ctl ||= 'systemctl'
+    super
+  end
+
   def info(service_name)
-    cmd = inspec.command("systemctl show --all #{service_name}")
+    cmd = inspec.command("#{service_ctl} show --all #{service_name}")
     return nil if cmd.exit_status.to_i != 0
 
     # parse data
@@ -138,13 +147,13 @@ class Systemd < ServiceManager
     ).params
 
     # LoadState values eg. loaded, not-found
-    params['LoadState'] == 'loaded' ? (installed = true) : (installed = false)
+    installed = params['LoadState'] == 'loaded'
     # test via 'systemctl is-active service'
     # SubState values running
-    params['SubState'] == 'running' ? (running = true) : (running = false)
+    running = params['SubState'] == 'running'
     # test via systemctl --quiet is-enabled
     # ActiveState values eg.g inactive, active
-    params['UnitFileState'] == 'enabled' ? (enabled = true) : (enabled = false)
+    enabled = params['UnitFileState'] == 'enabled'
 
     {
       name: params['Id'],
@@ -190,25 +199,26 @@ class SrcMstr < ServiceManager
 
   # #rubocop:disable Style/TrailingComma
   def enabled_rc_tcpip?
-    if inspec.command(
-      "grep -v ^# /etc/rc.tcpip | grep 'start ' | grep -Eq '(/{0,1}| )#{@name} '",
+    inspec.command(
+      "grep -v ^# /etc/rc.tcpip | grep 'start ' | grep -Eq '(/{0,1}| )#{name} '",
     ).exit_status == 0
-      true
-    else
-      false
-    end
   end
 
   def enabled_inittab?
-    inspec.command("lsitab #{@name}").exit_status.to_i == 0 ? true : false
+    inspec.command("lsitab #{name}").exit_status == 0
   end
 end
 
 # @see: http://upstart.ubuntu.com
 class Upstart < ServiceManager
+  def initialize(service_name, service_ctl = nil)
+    @service_ctl ||= 'initctl'
+    super
+  end
+
   def info(service_name)
     # get the status of upstart service
-    status = inspec.command("initctl status #{service_name}")
+    status = inspec.command("#{service_ctl} status #{service_name}")
 
     # fallback for systemv services, those are not handled via `initctl`
     return SysV.new(inspec).info(service_name) if status.exit_status.to_i != 0
@@ -235,7 +245,7 @@ class Upstart < ServiceManager
     # $ initctl show-config $job | grep -q "^  start on" && echo enabled || echo disabled
     # Ubuntu 10.04 show-config is not supported
     # @see http://manpages.ubuntu.com/manpages/maverick/man8/initctl.8.html
-    config = inspec.command("initctl show-config #{service_name}")
+    config = inspec.command("#{service_ctl} show-config #{service_name}")
     enabled = !config.stdout[/^\s*start on/].nil?
 
     # implement fallback for Ubuntu 10.04
@@ -251,6 +261,11 @@ class Upstart < ServiceManager
 end
 
 class SysV < ServiceManager
+  def initialize(service_name, service_ctl = nil)
+    @service_ctl ||= 'service'
+    super
+  end
+
   def info(service_name)
     # check if service is installed
     # read all available services via ls /etc/init.d/
@@ -270,19 +285,14 @@ class SysV < ServiceManager
     enabled_services = enabled_services_cmd.stdout.split("\n").select { |line|
       /(^.*#{service_name}.*)/.match(line)
     }
-    enabled_services.empty? ? enabled = false : enabled = true
+    enabled = !enabled_services.empty?
 
     # check if service is really running
     # service throws an exit code if the service is not installed or
     # not enabled
 
-    # on debian service is located /usr/sbin/service, on centos it is located here /sbin/service
-    service_cmd = 'service'
-    service_cmd = '/usr/sbin/service' if inspec.os[:family] == 'debian'
-    service_cmd = '/sbin/service' if inspec.os[:family] == 'centos'
-
-    cmd = inspec.command("#{service_cmd} #{service_name} status")
-    cmd.exit_status == 0 ? (running = true) : (running = false)
+    cmd = inspec.command("#{service_ctl} #{service_name} status")
+    running = cmd.exit_status == 0
     {
       name: service_name,
       description: nil,
@@ -297,6 +307,11 @@ end
 # @see: https://www.freebsd.org/doc/en/articles/linux-users/startup.html
 # @see: https://www.freebsd.org/cgi/man.cgi?query=rc.conf&sektion=5
 class BSDInit < ServiceManager
+  def initialize(service_name, service_ctl = nil)
+    @service_ctl ||= 'service'
+    super
+  end
+
   def info(service_name)
     # check if service is enabled
     # services are enabled in /etc/rc.conf and /etc/defaults/rc.conf
@@ -304,7 +319,7 @@ class BSDInit < ServiceManager
     # service SERVICE status returns the following result if not activated:
     #   Cannot 'status' sshd. Set sshd_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.
     # gather all enabled services
-    cmd = inspec.command('service -e')
+    cmd = inspec.command("#{service_ctl} -e")
     return nil if cmd.exit_status != 0
 
     # search for the service
@@ -314,8 +329,8 @@ class BSDInit < ServiceManager
 
     # check if the service is running
     # if the service is not available or not running, we always get an error code
-    cmd = inspec.command("service #{service_name} onestatus")
-    cmd.exit_status == 0 ? (running = true) : (running = false)
+    cmd = inspec.command("#{service_ctl} #{service_name} onestatus")
+    running = cmd.exit_status == 0
 
     {
       name: service_name,
@@ -328,12 +343,43 @@ class BSDInit < ServiceManager
   end
 end
 
+class Runit < ServiceManager
+  def initialize(service_name, service_ctl = nil)
+    @service_ctl ||= 'sv'
+    super
+  end
+
+  def info(service_name)
+    # get the status of runit service
+    cmd = inspec.command("#{service_ctl} status #{service_name}")
+    # return nil unless cmd.exit_status == 0 # NOTE(sr) why do we do this?
+
+    installed = cmd.exit_status == 0
+    running = installed && (cmd.stdout =~ /^run:/)
+    enabled = installed && (running || (cmd.stdout =~ /normally up/) || (cmd.stdout =~ /want up/))
+
+    {
+      name: service_name,
+      description: nil,
+      installed: installed,
+      running: running,
+      enabled: enabled,
+      type: 'runit',
+    }
+  end
+end
+
 # MacOS / Darwin
 # new launctl on macos 10.10
 class LaunchCtl < ServiceManager
+  def initialize(service_name, service_ctl = nil)
+    @service_ctl ||= 'launchctl'
+    super
+  end
+
   def info(service_name)
     # get the status of upstart service
-    cmd = inspec.command('launchctl list')
+    cmd = inspec.command("#{service_ctl} list")
     return nil if cmd.exit_status != 0
 
     # search for the service
@@ -341,15 +387,15 @@ class LaunchCtl < ServiceManager
     return nil if srv.nil? || srv[0].nil?
 
     # extract values from service
-    parsed_srv = /^([0-9]+)\s*(\w*)\s*(\S*)/.match(srv[0])
-    !parsed_srv.nil? ? (enabled = true) : (enabled = false)
+    parsed_srv = /^(?<pid>[0-9-]+)\t(?<exit>[0-9]+)\t(?<name>\S*)$/.match(srv[0])
+    enabled = !parsed_srv['name'].nil? # it's in the list
 
     # check if the service is running
-    pid = parsed_srv[0]
-    !pid.nil? ? (running = true) : (running = false)
+    pid = parsed_srv['pid']
+    running = pid != '-'
 
     # extract service label
-    srv = parsed_srv[3] || service_name
+    srv = parsed_srv['name'] || service_name
 
     {
       name: srv,
@@ -423,22 +469,145 @@ class WindowsSrv < ServiceManager
 
   # detect if service is enabled
   def service_enabled?(service)
-    if !service['WMI'].nil? &&
-       !service['WMI']['StartMode'].nil? &&
-       service['WMI']['StartMode'] == 'Auto'
-      true
-    else
-      false
-    end
+    !service['WMI'].nil? &&
+      !service['WMI']['StartMode'].nil? &&
+      service['WMI']['StartMode'] == 'Auto'
   end
 
   # detect if service is running
   def service_running?(service)
-    if !service['Service']['Status'].nil? &&
-       service['Service']['Status'] == 4
-      true
-    else
-      false
+    !service['Service']['Status'].nil? && service['Service']['Status'] == 4
+  end
+end
+
+class SystemdService < Service
+  name 'systemd_service'
+  desc 'Use the systemd_service InSpec audit resource to test if the named service (controlled by systemd) is installed, running and/or enabled.'
+  example "
+    # to override service mgmt auto-detection
+    describe systemd_service('service_name') do
+      it { should be_installed }
+      it { should be_enabled }
+      it { should be_running }
+    end
+
+    # to set a non-standard systemctl path
+    describe systemd_service('service_name', '/path/to/systemctl') do
+      it { should be_running }
+    end
+  "
+
+  def select_service_mgmt
+    Systemd.new(inspec, service_ctl)
+  end
+end
+
+class UpstartService < Service
+  name 'upstart_service'
+  desc 'Use the upstart_service InSpec audit resource to test if the named service (controlled by upstart) is installed, running and/or enabled.'
+  example "
+    # to override service mgmt auto-detection
+    describe upstart_service('service_name') do
+      it { should be_installed }
+      it { should be_enabled }
+      it { should be_running }
+    end
+
+    # to set a non-standard initctl path
+    describe upstart_service('service_name', '/path/to/initctl') do
+      it { should be_running }
+    end
+  "
+
+  def select_service_mgmt
+    Upstart.new(inspec, service_ctl)
+  end
+end
+
+class SysVService < Service
+  name 'sysv_service'
+  desc 'Use the sysv_service InSpec audit resource to test if the named service (controlled by SysV) is installed, running and/or enabled.'
+  example "
+    # to override service mgmt auto-detection
+    describe sysv_service('service_name') do
+      it { should be_installed }
+      it { should be_enabled }
+      it { should be_running }
+    end
+
+    # to set a non-standard service path
+    describe sysv_service('service_name', '/path/to/service') do
+      it { should be_running }
     end
+  "
+
+  def select_service_mgmt
+    SysV.new(inspec, service_ctl)
+  end
+end
+
+class BSDService < Service
+  name 'bsd_service'
+  desc 'Use the bsd_service InSpec audit resource to test if the named service (controlled by BSD init) is installed, running and/or enabled.'
+  example "
+    # to override service mgmt auto-detection
+    describe bsd_service('service_name') do
+      it { should be_installed }
+      it { should be_enabled }
+      it { should be_running }
+    end
+
+    # to set a non-standard service path
+    describe bsd_service('service_name', '/path/to/service') do
+      it { should be_running }
+    end
+  "
+
+  def select_service_mgmt
+    BSDInit.new(inspec, service_ctl)
+  end
+end
+
+class LaunchdService < Service
+  name 'launchd_service'
+  desc 'Use the launchd_service InSpec audit resource to test if the named service (controlled by launchd) is installed, running and/or enabled.'
+  example "
+    # to override service mgmt auto-detection
+    describe launchd_service('service_name') do
+      it { should be_installed }
+      it { should be_enabled }
+      it { should be_running }
+    end
+
+    # to set a non-standard launchctl path
+    describe launchd_service('service_name', '/path/to/launchctl') do
+      it { should be_running }
+    end
+  "
+
+  def select_service_mgmt
+    LaunchCtl.new(inspec, service_ctl)
+  end
+end
+
+class RunitService < Service
+  name 'runit_service'
+  desc 'Use the runit_service InSpec audit resource to test if the named service (controlled by runit) is installed, running and/or enabled.'
+  example "
+    # to override service mgmt auto-detection
+    describe runit_service('service_name') do
+      it { should be_installed }
+      it { should be_enabled }
+      it { should be_running }
+    end
+
+    # to set a non-standard sv path
+    describe runit_service('service_name', '/path/to/sv') do
+      it { should be_running }
+    end
+  "
+
+  def select_service_mgmt
+    Runit.new(inspec, service_ctl)
   end
 end