inspec 1.0.0.beta2 → 1.0.0.beta3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (95) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +41 -2
  3. data/Gemfile +4 -0
  4. data/Rakefile +2 -1
  5. data/docs/.gitignore +2 -0
  6. data/docs/README.md +21 -1
  7. data/docs/resources/apache_conf.md.erb +75 -0
  8. data/docs/resources/apt.md.erb +84 -0
  9. data/docs/resources/audit_policy.md.erb +61 -0
  10. data/docs/resources/auditd_conf.md.erb +79 -0
  11. data/docs/resources/auditd_rules.md.erb +132 -0
  12. data/docs/resources/bash.md.erb +84 -0
  13. data/docs/resources/bond.md.erb +97 -0
  14. data/docs/resources/bridge.md.erb +67 -0
  15. data/docs/resources/bsd_service.md.erb +76 -0
  16. data/docs/resources/command.md.erb +151 -0
  17. data/docs/resources/csv.md.erb +62 -0
  18. data/docs/resources/directory.md.erb +43 -0
  19. data/docs/resources/etc_group.md.erb +116 -0
  20. data/docs/resources/etc_passwd.md.erb +155 -0
  21. data/docs/resources/etc_shadow.md.erb +149 -0
  22. data/docs/resources/file.md.erb +460 -0
  23. data/docs/resources/gem.md.erb +73 -0
  24. data/docs/resources/group.md.erb +74 -0
  25. data/docs/resources/grub_conf.md.erb +115 -0
  26. data/docs/resources/host.md.erb +85 -0
  27. data/docs/resources/iis_site.md.erb +142 -0
  28. data/docs/resources/inetd_conf.md.erb +99 -0
  29. data/docs/resources/ini.md.erb +69 -0
  30. data/docs/resources/interface.md.erb +66 -0
  31. data/docs/resources/iptables.md.erb +70 -0
  32. data/docs/resources/json.md.erb +76 -0
  33. data/docs/resources/kernel_module.md.erb +60 -0
  34. data/docs/resources/kernel_parameter.md.erb +72 -0
  35. data/docs/resources/launchd_service.md.erb +76 -0
  36. data/docs/resources/limits_conf.md.erb +80 -0
  37. data/docs/resources/login_def.md.erb +77 -0
  38. data/docs/resources/mount.md.erb +83 -0
  39. data/docs/resources/mysql_conf.md.erb +102 -0
  40. data/docs/resources/mysql_session.md.erb +63 -0
  41. data/docs/resources/npm.md.erb +75 -0
  42. data/docs/resources/ntp_conf.md.erb +76 -0
  43. data/docs/resources/oneget.md.erb +67 -0
  44. data/docs/resources/os.md.erb +154 -0
  45. data/docs/resources/os_env.md.erb +98 -0
  46. data/docs/resources/package.md.erb +115 -0
  47. data/docs/resources/parse_config.md.erb +122 -0
  48. data/docs/resources/parse_config_file.md.erb +143 -0
  49. data/docs/resources/pip.md.erb +74 -0
  50. data/docs/resources/port.md.erb +150 -0
  51. data/docs/resources/postgres_conf.md.erb +90 -0
  52. data/docs/resources/postgres_session.md.erb +75 -0
  53. data/docs/resources/powershell.md.erb +116 -0
  54. data/docs/resources/process.md.erb +73 -0
  55. data/docs/resources/registry_key.md.erb +149 -0
  56. data/docs/resources/runit_service.md.erb +76 -0
  57. data/docs/resources/security_policy.md.erb +61 -0
  58. data/docs/resources/service.md.erb +135 -0
  59. data/docs/resources/ssh_config.md.erb +94 -0
  60. data/docs/resources/sshd_config.md.erb +97 -0
  61. data/docs/resources/ssl.md.erb +133 -0
  62. data/docs/resources/sys_info.md.erb +55 -0
  63. data/docs/resources/systemd_service.md.erb +76 -0
  64. data/docs/resources/sysv_service.md.erb +76 -0
  65. data/docs/resources/upstart_service.md.erb +76 -0
  66. data/docs/resources/user.md.erb +154 -0
  67. data/docs/resources/users.md.erb +140 -0
  68. data/docs/resources/vbscript.md.erb +69 -0
  69. data/docs/resources/windows_feature.md.erb +61 -0
  70. data/docs/resources/wmi.md.erb +95 -0
  71. data/docs/resources/xinetd_conf.md.erb +170 -0
  72. data/docs/resources/yaml.md.erb +69 -0
  73. data/docs/resources/yum.md.erb +103 -0
  74. data/docs/ruby_usage.md +154 -0
  75. data/docs/shared/matcher_be.md.erb +1 -0
  76. data/docs/shared/matcher_cmp.md.erb +45 -0
  77. data/docs/shared/matcher_eq.md.erb +3 -0
  78. data/docs/shared/matcher_include.md.erb +1 -0
  79. data/docs/shared/matcher_match.md.erb +1 -0
  80. data/lib/fetchers/url.rb +27 -29
  81. data/lib/inspec/cached_fetcher.rb +67 -0
  82. data/lib/inspec/dependencies/requirement.rb +6 -7
  83. data/lib/inspec/objects/each_loop.rb +5 -2
  84. data/lib/inspec/plugins/fetcher.rb +2 -0
  85. data/lib/inspec/profile.rb +9 -41
  86. data/lib/inspec/resource.rb +1 -1
  87. data/lib/inspec/rspec_json_formatter.rb +11 -5
  88. data/lib/inspec/version.rb +1 -1
  89. data/lib/resources/groups.rb +190 -0
  90. data/lib/resources/users.rb +3 -2
  91. metadata +79 -6
  92. data/docs/cli.rst +0 -448
  93. data/docs/resources.rst +0 -4836
  94. data/docs/ruby_usage.rst +0 -145
  95. data/lib/resources/group.rb +0 -137
@@ -0,0 +1,84 @@
1
+ ---
2
+ title: About the bash Resource
3
+ ---
4
+
5
+ # bash
6
+
7
+ Use the `bash` InSpec audit resource to test an arbitrary command that is run on the system using a Bash script.
8
+
9
+ # Syntax
10
+
11
+ A `command` resource block declares a command to be run, one (or more) expected outputs, and the location to which that output is sent:
12
+
13
+ describe bash('command') do
14
+ it { should exist }
15
+ its('matcher') { should eq 'output' }
16
+ end
17
+
18
+ where
19
+
20
+ * `'command'` must specify a command to be run
21
+ * `'matcher'` is one of `exit_status`, `stderr`, or `stdout`
22
+ * `'output'` tests the output of the command run on the system versus the output value stated in the test
23
+
24
+ For example:
25
+
26
+ describe bash('ls -al /') do
27
+ its('stdout') { should match /bin/ }
28
+ its('stderr') { should eq '' }
29
+ its('exit_status') { should eq 0 }
30
+ end
31
+
32
+
33
+ # Matchers
34
+
35
+ This InSpec audit resource has the following matchers:
36
+
37
+ ## be
38
+
39
+ <%= partial "/shared/matcher_be" %>
40
+
41
+ ## cmp
42
+
43
+ <%= partial "/shared/matcher_cmp" %>
44
+
45
+ ## eq
46
+
47
+ <%= partial "/shared/matcher_eq" %>
48
+
49
+ ## exist
50
+
51
+ The `exist` matcher tests if a command may be run on the system:
52
+
53
+ it { should exist }
54
+
55
+ ## exit_status
56
+
57
+ The `exit_status` matcher tests the exit status for the command:
58
+
59
+ its('exit_status') { should eq 0 }
60
+
61
+ ## include
62
+
63
+ <%= partial "/shared/matcher_include" %>
64
+
65
+ ## match
66
+
67
+ <%= partial "/shared/matcher_match" %>
68
+
69
+ ## stderr
70
+
71
+ The `stderr` matcher tests results of the command as returned in standard error (stderr):
72
+
73
+ its('stderr') { should eq '' }
74
+
75
+ ## stdout
76
+
77
+ The `stdout` matcher tests results of the command as returned in standard output (stdout).
78
+
79
+ its('stdout') { should match /bin/ }
80
+
81
+
82
+ # Examples
83
+
84
+ None.
@@ -0,0 +1,97 @@
1
+ ---
2
+ title: About the bond Resource
3
+ ---
4
+
5
+ # bond
6
+
7
+ Use the `bond` InSpec audit resource to test a logical, bonded network interface (i.e. "two or more network interfaces aggregated into a single, logical network interface"). On Linux platforms, any value in the `/proc/net/bonding` directory may be tested.
8
+
9
+ # Syntax
10
+
11
+ A `bond` resource block declares a bonded network interface, and then specifies the properties of that bonded network interface to be tested:
12
+
13
+ describe bond('name') do
14
+ it { should exist }
15
+ end
16
+
17
+ where
18
+
19
+ * `'name'` is the name of the bonded network interface
20
+ * `{ should exist }` is a valid matcher for this resource
21
+
22
+
23
+ # Matchers
24
+
25
+ This InSpec audit resource has the following matchers:
26
+
27
+ ## be
28
+
29
+ <%= partial "/shared/matcher_be" %>
30
+
31
+ ## cmp
32
+
33
+ <%= partial "/shared/matcher_cmp" %>
34
+
35
+ ## content
36
+
37
+ The `content` matcher tests if contents in the file that defines the bonded network interface match the value specified in the test. The values of the `content` matcher are arbitrary:
38
+
39
+ its('content') { should match('value') }
40
+
41
+ ## eq
42
+
43
+ <%= partial "/shared/matcher_eq" %>
44
+
45
+ ## exist
46
+
47
+ The `exist` matcher tests if the bonded network interface is available:
48
+
49
+ it { should exist }
50
+
51
+ ## have_interface
52
+
53
+ The `have_interface` matcher tests if the bonded network interface has one (or more) secondary interfaces:
54
+
55
+ it { should have_interface }
56
+
57
+ ## include
58
+
59
+ <%= partial "/shared/matcher_include" %>
60
+
61
+ ## interfaces
62
+
63
+ The `interfaces` matcher tests if the named secondary interfaces are available:
64
+
65
+ its('interfaces') { should eq ['eth0', 'eth1', ...] }
66
+
67
+ ## match
68
+
69
+ <%= partial "/shared/matcher_match" %>
70
+
71
+ ## params
72
+
73
+ The `params` matcher tests arbitrary parameters for the bonded network interface:
74
+
75
+ its('params') { should eq 'value' }
76
+
77
+ # Examples
78
+
79
+ The following examples show how to use this InSpec audit resource.
80
+
81
+ ## Test if eth0 is a secondary interface for bond0
82
+
83
+ describe bond('bond0') do
84
+ it { should exist }
85
+ it { should have_interface 'eth0' }
86
+ end
87
+
88
+ ## Test parameters for bond0
89
+
90
+ describe bond('bond0') do
91
+ its('Bonding Mode') { should eq 'IEEE 802.3ad Dynamic link aggregation' }
92
+ its('Transmit Hash Policy') { should eq 'layer3+4 (1)' }
93
+ its('MII Status') { should eq 'up' }
94
+ its('MII Polling Interval (ms)') { should eq '100' }
95
+ its('Up Delay (ms)') { should eq '0' }
96
+ its('Down Delay (ms)') { should eq '0' }
97
+ end
@@ -0,0 +1,67 @@
1
+ ---
2
+ title: About the bridge Resource
3
+ ---
4
+
5
+ # bridge
6
+
7
+ Use the `bridge` InSpec audit resource to test basic network bridge properties, such as name, if an interface is defined, and the associations for any defined interface.
8
+
9
+ * On Linux platforms, any value in the `/sys/class/net/{interface}/bridge` directory may be tested
10
+ * On the Windows platform, the `Get-NetAdapter` cmdlet is associated with the `Get-NetAdapterBinding` cmdlet and returns the `ComponentID ms_bridge` value as a JSON object
11
+
12
+ # Syntax
13
+
14
+ A `bridge` resource block declares the bridge to be tested and what interface it should be associated with:
15
+
16
+ describe bridge('br0') do
17
+ it { should exist }
18
+ it { should have_interface 'eth0' }
19
+ end
20
+
21
+ # Matchers
22
+
23
+ This InSpec audit resource has the following matchers:
24
+
25
+ ## be
26
+
27
+ <%= partial "/shared/matcher_be" %>
28
+
29
+ ## cmp
30
+
31
+ <%= partial "/shared/matcher_cmp" %>
32
+
33
+ ## eq
34
+
35
+ <%= partial "/shared/matcher_eq" %>
36
+
37
+ ## exist
38
+
39
+ The `exist` matcher tests if the network bridge is available:
40
+
41
+ it { should exist }
42
+
43
+ ## have_interface
44
+
45
+ The `have_interface` matcher tests if the named interface is defined for the network bridge:
46
+
47
+ it { should have_interface 'eth0' }
48
+
49
+ ## include
50
+
51
+ <%= partial "/shared/matcher_include" %>
52
+
53
+ ## interfaces
54
+
55
+ The `interfaces` matcher tests if the named interface is present:
56
+
57
+ its('interfaces') { should eq 'foo' }
58
+ its('interfaces') { should eq 'bar' }
59
+ its('interfaces') { should include('foo') }
60
+
61
+ ## match
62
+
63
+ <%= partial "/shared/matcher_match" %>
64
+
65
+ # Examples
66
+
67
+ None.
@@ -0,0 +1,76 @@
1
+ ---
2
+ title: About the bsd_service Resource
3
+ ---
4
+
5
+ # bsd_service
6
+
7
+ Use the `bsd_service` InSpec audit resource to test a service using a Berkeley OS-style `init` on the FreeBSD platform.
8
+
9
+ # Syntax
10
+
11
+ A `bsd_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
12
+
13
+ describe bsd_service('service_name') do
14
+ it { should be_installed }
15
+ it { should be_enabled }
16
+ it { should be_running }
17
+ end
18
+
19
+ where
20
+
21
+ * `('service_name')` must specify a service name
22
+ * `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
23
+
24
+ The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example:
25
+
26
+ describe bsd_service('service_name', '/path/to/control') do
27
+ it { should be_enabled }
28
+ it { should be_installed }
29
+ it { should be_running }
30
+ end
31
+
32
+ # Matchers
33
+
34
+ This InSpec audit resource has the following matchers:
35
+
36
+ ## be
37
+
38
+ <%= partial "/shared/matcher_be" %>
39
+
40
+ ## be_enabled
41
+
42
+ The `be_enabled` matcher tests if the named service is enabled:
43
+
44
+ it { should be_enabled }
45
+
46
+ ## be_installed
47
+
48
+ The `be_installed` matcher tests if the named service is installed:
49
+
50
+ it { should be_installed }
51
+
52
+ ## be_running
53
+
54
+ The `be_running` matcher tests if the named service is running:
55
+
56
+ it { should be_running }
57
+
58
+ ## cmp
59
+
60
+ <%= partial "/shared/matcher_cmp" %>
61
+
62
+ ## eq
63
+
64
+ <%= partial "/shared/matcher_eq" %>
65
+
66
+ ## include
67
+
68
+ <%= partial "/shared/matcher_include" %>
69
+
70
+ ## match
71
+
72
+ <%= partial "/shared/matcher_match" %>
73
+
74
+ # Examples
75
+
76
+ None.
@@ -0,0 +1,151 @@
1
+ ---
2
+ title: About the command Resource
3
+ ---
4
+
5
+ # command
6
+
7
+ Use the `command` InSpec audit resource to test an arbitrary command that is run on the system.
8
+
9
+ # Syntax
10
+
11
+ A `command` resource block declares a command to be run, one (or more) expected outputs, and the location to which that output is sent:
12
+
13
+ describe command('command') do
14
+ it { should exist }
15
+ its('matcher') { should eq 'output' }
16
+ end
17
+
18
+ where
19
+
20
+ * `'command'` must specify a command to be run
21
+ * `'matcher'` is one of `exit_status`, `stderr`, or `stdout`
22
+ * `'output'` tests the output of the command run on the system versus the output value stated in the test
23
+
24
+
25
+ # Matchers
26
+
27
+ This InSpec audit resource has the following matchers:
28
+
29
+ ## be
30
+
31
+ <%= partial "/shared/matcher_be" %>
32
+
33
+ ## cmp
34
+
35
+ <%= partial "/shared/matcher_cmp" %>
36
+
37
+ ## eq
38
+
39
+ <%= partial "/shared/matcher_eq" %>
40
+
41
+ ## exist
42
+
43
+ The `exist` matcher tests if a command may be run on the system:
44
+
45
+ it { should exist }
46
+
47
+ ## exit_status
48
+
49
+ The `exit_status` matcher tests the exit status for the command:
50
+
51
+ its('exit_status') { should eq 123 }
52
+
53
+ ## include
54
+
55
+ <%= partial "/shared/matcher_include" %>
56
+
57
+ ## match
58
+
59
+ <%= partial "/shared/matcher_match" %>
60
+
61
+ ## stderr
62
+
63
+ The `stderr` matcher tests results of the command as returned in standard error (stderr):
64
+
65
+ its('stderr') { should eq 'error' }
66
+
67
+ ## stdout
68
+
69
+ The `stdout` matcher tests results of the command as returned in standard output (stdout). The following example shows matching output using a regular expression:
70
+
71
+ describe command('echo 1') do
72
+ its('stdout') { should match (/[0-9]/) }
73
+ end
74
+
75
+ # Examples
76
+
77
+ The following examples show how to use this InSpec audit resource.
78
+
79
+ ## Test for PostgreSQL database running a RC, development, or beta release
80
+
81
+ describe command('psql -V') do
82
+ its('stdout') { should eq '/RC/' }
83
+ its('stdout') { should_not eq '/DEVEL/' }
84
+ its('stdout') { should_not eq '/BETA/' }
85
+ end
86
+
87
+ ## Test standard output (stdout)
88
+
89
+ describe command('echo hello') do
90
+ its('stdout') { should eq 'hello\n' }
91
+ its('stderr') { should eq '' }
92
+ its('exit_status') { should eq 0 }
93
+ end
94
+
95
+ ## Test standard error (stderr)
96
+
97
+ describe command('>&2 echo error') do
98
+ its('stdout') { should eq '' }
99
+ its('stderr') { should eq 'error\n' }
100
+ its('exit_status') { should eq 0 }
101
+ end
102
+
103
+ ## Test an exit status code
104
+
105
+ describe command('exit 123') do
106
+ its('stdout') { should eq '' }
107
+ its('stderr') { should eq '' }
108
+ its('exit_status') { should eq 123 }
109
+ end
110
+
111
+ ## Test if the command shell exists
112
+
113
+ describe command('/bin/sh').exist? do
114
+ it { should eq true }
115
+ end
116
+
117
+ ## Test for a command that should not exist
118
+
119
+ describe command('this is not existing').exist? do
120
+ it { should eq false }
121
+ end
122
+
123
+ ## Verify NTP
124
+
125
+ The following example shows how to use the `file` audit resource to verify if the `ntp.conf` and `leap-seconds` files are present, and then the `command` resource to verify if NTP is installed and running:
126
+
127
+ describe file('/etc/ntp.conf') do
128
+ it { should be_file }
129
+ end
130
+
131
+ describe file('/etc/ntp.leapseconds') do
132
+ it { should be_file }
133
+ end
134
+
135
+ describe command('pgrep ntp') do
136
+ its('exit_status') { should eq 0 }
137
+ end
138
+
139
+ ## Verify WiX
140
+
141
+ Wix includes serveral tools -- such as `candle` (preprocesses and compiles source files into object files), `light` (links and binds object files to an installer database), and `heat` (harvests files from various input formats). The following example uses a whitespace array and the `file` audit resource to verify if these three tools are present:
142
+
143
+ %w(
144
+ candle.exe
145
+ heat.exe
146
+ light.exe
147
+ ).each do |utility|
148
+ describe file("C:/wix/#{utility}") do
149
+ it { should be_file }
150
+ end
151
+ end