inspec 1.0.0.beta2 → 1.0.0.beta3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (95) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +41 -2
  3. data/Gemfile +4 -0
  4. data/Rakefile +2 -1
  5. data/docs/.gitignore +2 -0
  6. data/docs/README.md +21 -1
  7. data/docs/resources/apache_conf.md.erb +75 -0
  8. data/docs/resources/apt.md.erb +84 -0
  9. data/docs/resources/audit_policy.md.erb +61 -0
  10. data/docs/resources/auditd_conf.md.erb +79 -0
  11. data/docs/resources/auditd_rules.md.erb +132 -0
  12. data/docs/resources/bash.md.erb +84 -0
  13. data/docs/resources/bond.md.erb +97 -0
  14. data/docs/resources/bridge.md.erb +67 -0
  15. data/docs/resources/bsd_service.md.erb +76 -0
  16. data/docs/resources/command.md.erb +151 -0
  17. data/docs/resources/csv.md.erb +62 -0
  18. data/docs/resources/directory.md.erb +43 -0
  19. data/docs/resources/etc_group.md.erb +116 -0
  20. data/docs/resources/etc_passwd.md.erb +155 -0
  21. data/docs/resources/etc_shadow.md.erb +149 -0
  22. data/docs/resources/file.md.erb +460 -0
  23. data/docs/resources/gem.md.erb +73 -0
  24. data/docs/resources/group.md.erb +74 -0
  25. data/docs/resources/grub_conf.md.erb +115 -0
  26. data/docs/resources/host.md.erb +85 -0
  27. data/docs/resources/iis_site.md.erb +142 -0
  28. data/docs/resources/inetd_conf.md.erb +99 -0
  29. data/docs/resources/ini.md.erb +69 -0
  30. data/docs/resources/interface.md.erb +66 -0
  31. data/docs/resources/iptables.md.erb +70 -0
  32. data/docs/resources/json.md.erb +76 -0
  33. data/docs/resources/kernel_module.md.erb +60 -0
  34. data/docs/resources/kernel_parameter.md.erb +72 -0
  35. data/docs/resources/launchd_service.md.erb +76 -0
  36. data/docs/resources/limits_conf.md.erb +80 -0
  37. data/docs/resources/login_def.md.erb +77 -0
  38. data/docs/resources/mount.md.erb +83 -0
  39. data/docs/resources/mysql_conf.md.erb +102 -0
  40. data/docs/resources/mysql_session.md.erb +63 -0
  41. data/docs/resources/npm.md.erb +75 -0
  42. data/docs/resources/ntp_conf.md.erb +76 -0
  43. data/docs/resources/oneget.md.erb +67 -0
  44. data/docs/resources/os.md.erb +154 -0
  45. data/docs/resources/os_env.md.erb +98 -0
  46. data/docs/resources/package.md.erb +115 -0
  47. data/docs/resources/parse_config.md.erb +122 -0
  48. data/docs/resources/parse_config_file.md.erb +143 -0
  49. data/docs/resources/pip.md.erb +74 -0
  50. data/docs/resources/port.md.erb +150 -0
  51. data/docs/resources/postgres_conf.md.erb +90 -0
  52. data/docs/resources/postgres_session.md.erb +75 -0
  53. data/docs/resources/powershell.md.erb +116 -0
  54. data/docs/resources/process.md.erb +73 -0
  55. data/docs/resources/registry_key.md.erb +149 -0
  56. data/docs/resources/runit_service.md.erb +76 -0
  57. data/docs/resources/security_policy.md.erb +61 -0
  58. data/docs/resources/service.md.erb +135 -0
  59. data/docs/resources/ssh_config.md.erb +94 -0
  60. data/docs/resources/sshd_config.md.erb +97 -0
  61. data/docs/resources/ssl.md.erb +133 -0
  62. data/docs/resources/sys_info.md.erb +55 -0
  63. data/docs/resources/systemd_service.md.erb +76 -0
  64. data/docs/resources/sysv_service.md.erb +76 -0
  65. data/docs/resources/upstart_service.md.erb +76 -0
  66. data/docs/resources/user.md.erb +154 -0
  67. data/docs/resources/users.md.erb +140 -0
  68. data/docs/resources/vbscript.md.erb +69 -0
  69. data/docs/resources/windows_feature.md.erb +61 -0
  70. data/docs/resources/wmi.md.erb +95 -0
  71. data/docs/resources/xinetd_conf.md.erb +170 -0
  72. data/docs/resources/yaml.md.erb +69 -0
  73. data/docs/resources/yum.md.erb +103 -0
  74. data/docs/ruby_usage.md +154 -0
  75. data/docs/shared/matcher_be.md.erb +1 -0
  76. data/docs/shared/matcher_cmp.md.erb +45 -0
  77. data/docs/shared/matcher_eq.md.erb +3 -0
  78. data/docs/shared/matcher_include.md.erb +1 -0
  79. data/docs/shared/matcher_match.md.erb +1 -0
  80. data/lib/fetchers/url.rb +27 -29
  81. data/lib/inspec/cached_fetcher.rb +67 -0
  82. data/lib/inspec/dependencies/requirement.rb +6 -7
  83. data/lib/inspec/objects/each_loop.rb +5 -2
  84. data/lib/inspec/plugins/fetcher.rb +2 -0
  85. data/lib/inspec/profile.rb +9 -41
  86. data/lib/inspec/resource.rb +1 -1
  87. data/lib/inspec/rspec_json_formatter.rb +11 -5
  88. data/lib/inspec/version.rb +1 -1
  89. data/lib/resources/groups.rb +190 -0
  90. data/lib/resources/users.rb +3 -2
  91. metadata +79 -6
  92. data/docs/cli.rst +0 -448
  93. data/docs/resources.rst +0 -4836
  94. data/docs/ruby_usage.rst +0 -145
  95. data/lib/resources/group.rb +0 -137
@@ -0,0 +1,63 @@
1
+ ---
2
+ title: About the mysql_session Resource
3
+ ---
4
+
5
+ # mysql_session
6
+
7
+ Use the `mysql_session` InSpec audit resource to test SQL commands run against a MySQL database.
8
+
9
+ # Syntax
10
+
11
+ A `mysql_session` resource block declares the username and password to use for the session, and then the command to be run:
12
+
13
+ describe mysql_session('username', 'password').query('QUERY') do
14
+ its('output') { should eq('') }
15
+ end
16
+
17
+ where
18
+
19
+ * `mysql_session` declares a username and password with permission to run the query
20
+ * `query('QUERY')` contains the query to be run
21
+ * `its('output') { should eq('') }` compares the results of the query against the expected result in the test
22
+
23
+ # Matchers
24
+
25
+ This InSpec audit resource has the following matchers:
26
+
27
+ ## be
28
+
29
+ <%= partial "/shared/matcher_be" %>
30
+
31
+ ## cmp
32
+
33
+ <%= partial "/shared/matcher_cmp" %>
34
+
35
+ ## eq
36
+
37
+ <%= partial "/shared/matcher_eq" %>
38
+
39
+ ## include
40
+
41
+ <%= partial "/shared/matcher_include" %>
42
+
43
+ ## match
44
+
45
+ <%= partial "/shared/matcher_match" %>
46
+
47
+ ## output
48
+
49
+ The `output` matcher tests the results of the query:
50
+
51
+ its('output') { should eq(/^0/) }
52
+
53
+ # Examples
54
+
55
+ The following examples show how to use this InSpec audit resource.
56
+
57
+ ## Test for matching databases
58
+
59
+ sql = mysql_session('my_user','password')
60
+
61
+ describe sql.query('show databases like \'test\';') do
62
+ its('stdout') { should_not match(/test/) }
63
+ end
@@ -0,0 +1,75 @@
1
+ ---
2
+ title: About the npm Resource
3
+ ---
4
+
5
+ # npm
6
+
7
+ Use the `npm` InSpec audit resource to test if a global NPM package is installed. NPM is the the package manager for Node.js packages (https://docs.npmjs.com), such as Bower and StatsD.
8
+
9
+
10
+ # Syntax
11
+
12
+ A `npm` resource block declares a package and (optionally) a package version:
13
+
14
+ describe gem('npm_package_name') do
15
+ it { should be_installed }
16
+ end
17
+
18
+ where
19
+
20
+ * `('npm_package_name')` must specify an NPM package, such as `'bower'` or `'statsd'`
21
+ * `be_installed` is a valid matcher for this resource
22
+
23
+
24
+ # Matchers
25
+
26
+ This InSpec audit resource has the following matchers:
27
+
28
+ ## be
29
+
30
+ <%= partial "/shared/matcher_be" %>
31
+
32
+ ## be_installed
33
+
34
+ The `be_installed` matcher tests if the named Gem package and package version (if specified) is installed:
35
+
36
+ it { should be_installed }
37
+
38
+ ## cmp
39
+
40
+ <%= partial "/shared/matcher_cmp" %>
41
+
42
+ ## eq
43
+
44
+ <%= partial "/shared/matcher_eq" %>
45
+
46
+ ## include
47
+
48
+ <%= partial "/shared/matcher_include" %>
49
+
50
+ ## match
51
+
52
+ <%= partial "/shared/matcher_match" %>
53
+
54
+ ## version
55
+
56
+ The `version` matcher tests if the named package version is on the system:
57
+
58
+ its('version') { should eq '1.2.3' }
59
+
60
+ # Examples
61
+
62
+ The following examples show how to use this InSpec audit resource.
63
+
64
+ ## Verify that bower is installed, with a specific version
65
+
66
+ describe npm('bower') do
67
+ it { should be_installed }
68
+ its('version') { should eq '1.4.1' }
69
+ end
70
+
71
+ ## Verify that statsd is not installed
72
+
73
+ describe npm('statsd') do
74
+ it { should_not be_installed }
75
+ end
@@ -0,0 +1,76 @@
1
+ ---
2
+ title: About the ntp_conf Resource
3
+ ---
4
+
5
+ # ntp_conf
6
+
7
+ Use the `ntp_conf` InSpec audit resource to test the synchronization settings defined in the `ntp.conf` file. This file is typically located at `/etc/ntp.conf`.
8
+
9
+
10
+ # Syntax
11
+
12
+ An `ntp_conf` resource block declares the synchronization settings that should be tested:
13
+
14
+ describe ntp_conf('path') do
15
+ its('setting_name') { should eq 'value' }
16
+ end
17
+
18
+ where
19
+
20
+ * `'setting_name'` is a synchronization setting defined in the `ntp.conf` file
21
+ * `('path')` is the non-default path to the `ntp.conf` file
22
+ * `{ should eq 'value' }` is the value that is expected
23
+
24
+
25
+ # Matchers
26
+
27
+ This resource matches any service that is listed in the `ntp.conf` file:
28
+
29
+ its('server') { should_not eq nil }
30
+
31
+ or:
32
+
33
+ its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
34
+
35
+ For example:
36
+
37
+ describe ntp_conf do
38
+ its('server') { should_not eq nil }
39
+ its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
40
+ end
41
+
42
+
43
+ ## be
44
+
45
+ <%= partial "/shared/matcher_be" %>
46
+
47
+ ## cmp
48
+
49
+ <%= partial "/shared/matcher_cmp" %>
50
+
51
+ ## eq
52
+
53
+ <%= partial "/shared/matcher_eq" %>
54
+
55
+ ## include
56
+
57
+ <%= partial "/shared/matcher_include" %>
58
+
59
+ ## match
60
+
61
+ <%= partial "/shared/matcher_match" %>
62
+
63
+ # Examples
64
+
65
+ The following examples show how to use this InSpec audit resource.
66
+
67
+ ## Test for clock drift against named servers
68
+
69
+ describe ntp_conf do
70
+ its('driftfile') { should eq '/var/lib/ntp/ntp.drift' }
71
+ its('server') { should eq [
72
+ 0.ubuntu.pool.ntp.org,
73
+ 1.ubuntu.pool.ntp.org,
74
+ 2.ubuntu.pool.ntp.org
75
+ ] }
76
+ end
@@ -0,0 +1,67 @@
1
+ ---
2
+ title: About the oneget Resource
3
+ ---
4
+
5
+ # oneget
6
+
7
+ Use the `oneget` InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses Oneget, which is `part of the Windows Management Framework 5.0 and Windows 10 <https://github.com/OneGet/oneget>`__. This resource uses the `Get-Package` cmdlet to return all of the package names in the Oneget repository.
8
+
9
+ # Syntax
10
+
11
+ A `oneget` resource block declares a package and (optionally) a package version:
12
+
13
+ describe oneget('name') do
14
+ it { should be_installed }
15
+ end
16
+
17
+ where
18
+
19
+ * `('name')` must specify the name of a package, such as `'VLC'`
20
+ * `be_installed` is a valid matcher for this resource
21
+
22
+
23
+ # Matchers
24
+
25
+ This InSpec audit resource has the following matchers:
26
+
27
+ ## be
28
+
29
+ <%= partial "/shared/matcher_be" %>
30
+
31
+ ## be_installed
32
+
33
+ The `be_installed` matcher tests if the named package is installed on the system:
34
+
35
+ it { should be_installed }
36
+
37
+ ## cmp
38
+
39
+ <%= partial "/shared/matcher_cmp" %>
40
+
41
+ ## eq
42
+
43
+ <%= partial "/shared/matcher_eq" %>
44
+
45
+ ## include
46
+
47
+ <%= partial "/shared/matcher_include" %>
48
+
49
+ ## match
50
+
51
+ <%= partial "/shared/matcher_match" %>
52
+
53
+ ## version
54
+
55
+ The `version` matcher tests if the named package version is on the system:
56
+
57
+ its('version') { should eq '1.2.3' }
58
+
59
+ # Examples
60
+
61
+ The following examples show how to use this InSpec audit resource.
62
+
63
+ ## Test if VLC is installed
64
+
65
+ describe oneget('VLC') do
66
+ it { should be_installed }
67
+ end
@@ -0,0 +1,154 @@
1
+ ---
2
+ title: About the os Resource
3
+ ---
4
+
5
+ # os
6
+
7
+ Use the `os` InSpec audit resource to test the platform on which the system is running.
8
+
9
+ # Syntax
10
+
11
+ An `os` resource block declares the platform to be tested. The platform may specified via matcher or control block name. For example, using a matcher:
12
+
13
+ describe os[:family] do
14
+ it { should eq 'platform_name' }
15
+ end
16
+
17
+ or using the block name:
18
+
19
+ describe os[:family_name] do
20
+ ...
21
+ end
22
+
23
+ * `'platform_name'` (a string) or `:family_name` (a symbol) is one of `aix`, `bsd`, `darwin`, `debian`, `hpux`, `linux`, `redhat`, `solaris`, `suse`, `unix`, or `windows`
24
+
25
+ # Matchers
26
+
27
+ This InSpec audit resource has the following matchers:
28
+
29
+ ## be
30
+
31
+ <%= partial "/shared/matcher_be" %>
32
+
33
+ ## cmp
34
+
35
+ <%= partial "/shared/matcher_cmp" %>
36
+
37
+ ## eq
38
+
39
+ <%= partial "/shared/matcher_eq" %>
40
+
41
+ ## include
42
+
43
+ <%= partial "/shared/matcher_include" %>
44
+
45
+ ## match
46
+
47
+ <%= partial "/shared/matcher_match" %>
48
+
49
+ # os.family? Helpers
50
+
51
+ The `os` audit resource includes a collection of helpers that enable more granular testing of platforms, platform names, architectures, and releases. Use any of the following platform-specific helpers to test for specific platforms:
52
+
53
+ * `aix?`
54
+ * `bsd?` (including Darwin, FreeBSD, NetBSD, and OpenBSD)
55
+ * `darwin?`
56
+ * `debian?`
57
+ * `hpux?`
58
+ * `linux?` (including Alpine Linux, Amazon Linux, ArchLinux, CoreOS, Exherbo, Fedora, Gentoo, and Slackware)
59
+ * `redhat?`
60
+ * `solaris?` (including Nexenta Core, OmniOS, Open Indiana, Solaris Open, and SmartOS)
61
+ * `suse?`
62
+ * `unix?`
63
+ * `windows?`
64
+
65
+ For example, to test for Darwin use:
66
+
67
+ describe os.bsd? do
68
+ it { should eq true }
69
+ end
70
+
71
+ To test for Windows use:
72
+
73
+ describe os.windows? do
74
+ it { should eq true }
75
+ end
76
+
77
+ and to test for Redhat use:
78
+
79
+ describe os.redhat? do
80
+ it { should eq true }
81
+ end
82
+
83
+ Use the following helpers to test for operating system names, releases, and architectures:
84
+
85
+ describe os.name do
86
+ it { should eq 'foo' }
87
+ end
88
+
89
+ describe os.release do
90
+ it { should eq 'foo' }
91
+ end
92
+
93
+ describe os.arch do
94
+ it { should eq 'foo' }
95
+ end
96
+
97
+ # os[:family] Symbols
98
+
99
+ Use `os[:family]` to enable more granular testing of platforms, platform names, architectures, and releases. Use any of the following platform-specific symbols to test for specific platforms:
100
+
101
+ * `:aix`
102
+ * `:bsd` For platforms that are part of the Berkeley OS family: `:darwin`, `:freebsd`, `:netbsd`, and `:openbsd`.
103
+ * `:debian`
104
+ * `:hpux`
105
+ * `:linux`. For platforms that are part of the Linux family: `:alpine`, `:amazon`, `:arch`, `:coreos`, `:exherbo`, `:fedora`, `:gentoo`, and `:slackware`.
106
+ * `:redhat`
107
+ * `:solaris`. For platforms that are part of the Solaris family: `:nexentacore`, `:omnios`, `:openindiana`, `:opensolaris`, and `:smartos`.
108
+ * `:suse`
109
+ * `:unix`
110
+ * `:windows`
111
+
112
+ For example, both of the following tests should have the same result:
113
+
114
+ if os[:family] == 'debian'
115
+ describe port(69) do
116
+ its('processes') { should include 'in.tftpd' }
117
+ end
118
+ elsif os[:family] == 'rhel'
119
+ describe port(69) do
120
+ its('processes') { should include 'xinetd' }
121
+ end
122
+ end
123
+
124
+ if os[:debian]
125
+ describe port(69) do
126
+ its('processes') { should include 'in.tftpd' }
127
+ end
128
+ elsif os[:rhel]
129
+ describe port(69) do
130
+ its('processes') { should include 'xinetd' }
131
+ end
132
+ end
133
+
134
+ # Examples
135
+
136
+ The following examples show how to use this InSpec audit resource.
137
+
138
+ ## Test for RedHat
139
+
140
+ describe os[:family] do
141
+ it { should eq 'redhat' }
142
+ end
143
+
144
+ ## Test for Ubuntu
145
+
146
+ describe os[:family] do
147
+ it { should eq 'debian' }
148
+ end
149
+
150
+ ## Test for Microsoft Windows
151
+
152
+ describe os[:family] do
153
+ it { should eq 'windows' }
154
+ end
@@ -0,0 +1,98 @@
1
+ ---
2
+ title: About the os_env Resource
3
+ ---
4
+
5
+ # os_env
6
+
7
+ Use the `os_env` InSpec audit resource to test the environment variables for the platform on which the system is running.
8
+
9
+ # Syntax
10
+
11
+ A `os_env` resource block declares an environment variable, and then declares its value:
12
+
13
+ describe os_env('VARIABLE') do
14
+ its('matcher') { should eq 1 }
15
+ end
16
+
17
+ where
18
+
19
+ * `('VARIABLE')` must specify an environment variable, such as `PATH`
20
+ * `matcher` is a valid matcher for this resource
21
+
22
+
23
+ # Matchers
24
+
25
+ This InSpec audit resource has the following matchers:
26
+
27
+ ## be
28
+
29
+ <%= partial "/shared/matcher_be" %>
30
+
31
+ ## cmp
32
+
33
+ <%= partial "/shared/matcher_cmp" %>
34
+
35
+ ## content
36
+
37
+ The `content` matcher return the value of the environment variable:
38
+
39
+ its('content') { should eq '/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin' }
40
+
41
+ ## eq
42
+
43
+ <%= partial "/shared/matcher_eq" %>
44
+
45
+ ## include
46
+
47
+ <%= partial "/shared/matcher_include" %>
48
+
49
+ ## match
50
+
51
+ <%= partial "/shared/matcher_match" %>
52
+
53
+ ## split
54
+
55
+ The `split` splits the content with the `:` deliminator:
56
+
57
+ its('split') { should include (':') }
58
+
59
+ or:
60
+
61
+ its('split') { should_not include ('.') }
62
+
63
+ Use `-1` to test for cases where there is a trailing colon (`:`), such as `dir1::dir2:`:
64
+
65
+ its('split') { should include ('-1') }
66
+
67
+ # Examples
68
+
69
+ The following examples show how to use this InSpec audit resource.
70
+
71
+ ## Test the PATH environment variable
72
+
73
+ describe os_env('PATH') do
74
+ its('split') { should_not include('') }
75
+ its('split') { should_not include('.') }
76
+ end
77
+
78
+ ## Test Habitat environment variables
79
+
80
+ Habitat uses the `os_env` resource to test environment variables. The environment variables are first defined in a whitespace array, after which each environment variable is tested:
81
+
82
+ hab_env_vars = %w(HAB_AUTH_TOKEN
83
+ HAB_CACHE_KEY_PATH
84
+ HAB_DEPOT_URL
85
+ HAB_ORG
86
+ HAB_ORIGIN
87
+ HAB_ORIGIN_KEYS
88
+ HAB_RING
89
+ HAB_RING_KEY
90
+ HAB_STUDIOS_HOME
91
+ HAB_STUDIO_ROOT
92
+ HAB_USER)
93
+
94
+ hab_env_vars.each do |e|
95
+ describe os_env(e) do
96
+ its('content') { should eq nil }
97
+ end
98
+ end