inspec 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6c1825c5508e4853cf4bc1446a5b2bd679d9d1be
-  data.tar.gz: 6ffbe626a987b38ea03561d8bd18681803d89aaf
+  metadata.gz: 2faac665307feffb17c77bd84bfc153d4d9bd67c
+  data.tar.gz: 102164908f57fcdd0d7f98f9718e3d66befbbf17
 SHA512:
-  metadata.gz: 4bb3e9f9c6295dcb29e500b134e5b264ac239f8270cb695dd6c28aeefa7fc9b65604e93b9c144f2754536988a8c1220dc31df12add23729fcaea9eabecbd6b11
-  data.tar.gz: 5916f874af8a593d5b08e7456bacf42b5ed7c6dadf73b243c4e0d6d675af470f7aa2928abb603da4a32d97c76ded9e1354e6ab05eac61ffd85d4d0030e7fe60f
+  metadata.gz: 63805e739ec2374b9c42a9a0ab9c48934eb8e49c858ae4543d42dafbaacd42c2bb570a5046bea4fb63c7d6ce848bb58a245c814485e1cfff78bca6a3020e5f58
+  data.tar.gz: 7a2953246e9a34fcfb34664b65cc479ff56bb1bfb3fdd208ad045c162dce613590b52c26f297cdb5a40f4a60dfcdde6bfedcea04b3215f7a65d782b9721516f4

data/CHANGELOG.md

@@ -1,7 +1,51 @@
 # Change Log
 
-## [1.0.0](https://github.com/chef/inspec/tree/1.0.0) (2016-09-26)
-[Full Changelog](https://github.com/chef/inspec/compare/v1.0.0.beta3...1.0.0)
+## [1.1.0](https://github.com/chef/inspec/tree/1.1.0) (2016-10-05)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.0.0...1.1.0)
+
+**Fixed bugs:**
+
+- InSpec in Visibility [\#1117](https://github.com/chef/inspec/issues/1117)
+- inspec exec on tar.gz with local library requirements doesn't work [\#779](https://github.com/chef/inspec/issues/779)
+- parse\_config\_file fails when it encounters a '\[' [\#687](https://github.com/chef/inspec/issues/687)
+- use mock backend for inspec vendor/check/json [\#1202](https://github.com/chef/inspec/pull/1202) ([arlimus](https://github.com/arlimus))
+- bugfix: support nil entries in filter table [\#1201](https://github.com/chef/inspec/pull/1201) ([arlimus](https://github.com/arlimus))
+- bugfix: always use the mock backend for inspec archive [\#1200](https://github.com/chef/inspec/pull/1200) ([arlimus](https://github.com/arlimus))
+- Missing registry keys should not exist [\#1199](https://github.com/chef/inspec/pull/1199) ([alexpop](https://github.com/alexpop))
+- bugfix: use correct logger in cli [\#1198](https://github.com/chef/inspec/pull/1198) ([arlimus](https://github.com/arlimus))
+
+**Closed issues:**
+
+- registry\_key ignores failed Get-Item, always "exists" [\#1196](https://github.com/chef/inspec/issues/1196)
+- www: Online tutorial doesn't load \(not building\) [\#1182](https://github.com/chef/inspec/issues/1182)
+- Issue locally running an inspec check on a service resource [\#1176](https://github.com/chef/inspec/issues/1176)
+- Demo at `http://inspec.io/` stuck on `Loading` [\#1165](https://github.com/chef/inspec/issues/1165)
+- Confusing reporter output with inherited profiles [\#1071](https://github.com/chef/inspec/issues/1071)
+- Provide clear error message if dependency is not available [\#1069](https://github.com/chef/inspec/issues/1069)
+- Dependencies: Design UX for scoping of attributes and resources [\#1057](https://github.com/chef/inspec/issues/1057)
+- RFC Dependencies [\#888](https://github.com/chef/inspec/issues/888)
+
+**Merged pull requests:**
+
+- Remove pre-1.0 warning from meta-profile [\#1194](https://github.com/chef/inspec/pull/1194) ([chris-rock](https://github.com/chris-rock))
+- Add shell options [\#1192](https://github.com/chef/inspec/pull/1192) ([jonathanmorley](https://github.com/jonathanmorley))
+- Website: Fix buggy behavior in nav and add global message [\#1190](https://github.com/chef/inspec/pull/1190) ([magwalk](https://github.com/magwalk))
+- add example for yumconf-like structured files [\#1185](https://github.com/chef/inspec/pull/1185) ([vjeffrey](https://github.com/vjeffrey))
+- add sanity checks and fail build process if requirements aren't met [\#1183](https://github.com/chef/inspec/pull/1183) ([arlimus](https://github.com/arlimus))
+- tp/learn links [\#1181](https://github.com/chef/inspec/pull/1181) ([tpetchel](https://github.com/tpetchel))
+- include control section in instructions [\#1180](https://github.com/chef/inspec/pull/1180) ([vjeffrey](https://github.com/vjeffrey))
+- Changing headings to align with SEO best practices [\#1179](https://github.com/chef/inspec/pull/1179) ([davidwrede](https://github.com/davidwrede))
+- move inquirer to deploy [\#1178](https://github.com/chef/inspec/pull/1178) ([vjeffrey](https://github.com/vjeffrey))
+- Ignore lockfiles in example profiles [\#1177](https://github.com/chef/inspec/pull/1177) ([stevendanna](https://github.com/stevendanna))
+- Remove default parameter in `updateInstructions\(\)` [\#1175](https://github.com/chef/inspec/pull/1175) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+- Website: Fix docs nav functionality and optimize for mobile [\#1174](https://github.com/chef/inspec/pull/1174) ([magwalk](https://github.com/magwalk))
+- Adds segment [\#1172](https://github.com/chef/inspec/pull/1172) ([cwebberOps](https://github.com/cwebberOps))
+- print profile info before test results \(inherited profiles\) [\#1170](https://github.com/chef/inspec/pull/1170) ([vjeffrey](https://github.com/vjeffrey))
+- www: fix wording [\#1168](https://github.com/chef/inspec/pull/1168) ([arlimus](https://github.com/arlimus))
+- Update dependency documentation and mention the lockfile [\#1167](https://github.com/chef/inspec/pull/1167) ([alexpop](https://github.com/alexpop))
+
+## [v1.0.0](https://github.com/chef/inspec/tree/v1.0.0) (2016-09-26)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.0.0.beta3...v1.0.0)
 
 **Implemented enhancements:**
 
@@ -89,7 +133,6 @@
 - InSpec in Workflow [\#1115](https://github.com/chef/inspec/issues/1115)
 - uninstalled package shows as installed [\#1092](https://github.com/chef/inspec/issues/1092)
 - undefined method `send\_request' for Compliance::API:Class [\#1088](https://github.com/chef/inspec/issues/1088)
-- safari inspec online demo bug! [\#1086](https://github.com/chef/inspec/issues/1086)
 - \[package\] Regression on Windows 2008R2 [\#998](https://github.com/chef/inspec/issues/998)
 - \[script\] Is there a limit on the number of char's within a script block [\#539](https://github.com/chef/inspec/issues/539)
 - Use parenthesis when passing regular expressions [\#1106](https://github.com/chef/inspec/pull/1106) ([alexpop](https://github.com/alexpop))

data/Gemfile

@@ -25,7 +25,6 @@ group :test do
   gem 'concurrent-ruby', '~> 0.9'
   gem 'mocha', '~> 1.1'
   gem 'ruby-progressbar', '~> 1.8'
-  gem 'inquirer'
   gem 'nokogiri', '~> 1.6'
 end
 
@@ -60,3 +59,7 @@ group :maintenance do
   gem 'octokit'
   gem 'netrc'
 end
+
+group :deploy do
+  gem 'inquirer'
+end

data/README.md

@@ -210,6 +210,9 @@ inspec exec test.rb -t docker://container_id
 
 # run with sudo
 inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_command ...]
+
+# run in a subshell
+inspec exec test.rb --shell [--shell-options ...] [--shell-command ...]
 ```
 
 ### detect

data/docs/dsl_inspec.md

@@ -74,7 +74,7 @@ The following examples show simple compliance tests using a single `control` blo
 
 ## Test System Event Log
 
-The following test shows how to audit machines running Windows 2012 R2 that pwassword complexity is enabled:
+The following test shows how to audit machines running Windows 2012 R2 that password complexity is enabled:
 
 ```ruby
 control 'windows-account-102' do
@@ -89,7 +89,7 @@ end
 
 ## Are PosgtreSQL passwords empty?
 
-The following test shows how to audit machines running PostgerSQL to ensure that passwords are not empty.
+The following test shows how to audit machines running PostgreSQL to ensure that passwords are not empty.
 
 ```ruby
 control 'postgres-7' do
@@ -173,7 +173,7 @@ end
 
 ## Test Windows Registry Keys
 
-The following test shows how to audit machines to ensure Safe DLL Seach Mode is enabled:
+The following test shows how to audit machines to ensure Safe DLL Search Mode is enabled:
 
 ```ruby
 control 'windows-base-101' do

data/docs/profiles.md

@@ -109,6 +109,11 @@ and to target all of these examples in a single `inspec.yml` file:
 
 # Profile Dependencies
 
+A profile dependency is needed when:
+
+ * using `include_controls` or `require_controls` in order to load controls defined in another profile
+ * using a custom InSpec resource defined in another profile
+
 Use the `depends` setting in the `inspec.yml` file to specify one (or more) profiles on which this profile depends. A profile dependency may be sourced from a path, URL, a git repo, a cookbook located on Chef Supermarket or on GitHub, or a profile located on the Chef Compliance server.
 
 ## Path
@@ -193,19 +198,31 @@ Use the `depends` setting in the `inspec.yml` file to define any combination of
     depends:
       - name: ssh-hardening
         supermarket: hardening/ssh-hardening
+        version: '= 2.0.0'
       - name: os-hardening
         url: https://github.com/dev-sec/tests-os-hardening/archive/master.zip
       - name: ssl-benchmark
         git: https://github.com/dev-sec/ssl-benchmark.git
+        version: '< 2.0'
       - name: windows-patch-benchmark
         git: https://github.com/chris-rock/windows-patch-benchmark.git
+        version: '~> 0.6'
       - name: linux
         compliance: base/linux
 
+## Vendoring Dependencies
+
+When you execute a local profile, the `inspec.yml` file will be read in order to source any profile dependencies. It will then cache the dependencies locally and generate an `inspec.lock` file. If you add or update dependencies in `inspec.yml`, please refresh the lock file by either:
+
+ * running `inspec vendor` inside the profile directory; or
+ * deleting `inspec.lock` before running `inspec exec`
+
 # Profile Inheritance
 
 When a profile is run, it may include controls that are defined in other profiles. Controls may also be required.
 
+This requires an `inspec.yml` dependency to the profile you inherit from.
+
 ## include_controls
 
 The `include_controls` keyword may be used in a profile to import all rules from the named profile.

data/docs/resources/apache_conf.md.erb

@@ -6,7 +6,7 @@ title: About the apache_conf Resource
 
 Use the `apache_conf` InSpec audit resource to test the configuration settings for Apache. This file is typically located under `/etc/apache2` on the Debian and Ubuntu platforms and under `/etc/httpd` on the Fedora, CentOS, RedHat Enterprise Linux, and ArchLinux platforms. The configuration settings may vary significantly from platform to platform.
 
-# Syntax
+## Syntax
 
 An `apache_conf` InSpec audit resource block declares configuration settings that should be tested:
 
@@ -20,7 +20,7 @@ where
 * `('path')` is the non-default path to the Apache configuration file
 * `{ should eq 'value' }` is the value that is expected
 
-# Matchers
+## Matchers
 
 This InSpec audit resource matches any service that is listed in the Apache configuration file:
 
@@ -38,37 +38,37 @@ For example:
     end
 
 
-## be
+### be
 
 <%= partial "/shared/matcher_be" %>
 
-## cmp
+### cmp
 
 <%= partial "/shared/matcher_cmp" %>
 
-## eq
+### eq
 
 <%= partial "/shared/matcher_eq" %>
 
-## include
+### include
 
 <%= partial "/shared/matcher_include" %>
 
-## match
+### match
 
 <%= partial "/shared/matcher_match" %>
 
-# Examples
+## Examples
 
 The following examples show how to use this InSpec audit resource.
 
-## Test for blocking .htaccess files on CentOS
+### Test for blocking .htaccess files on CentOS
 
     describe apache_conf do
       its('AllowOverride') { should eq 'None' }
     end
 
-## Test ports for SSL
+### Test ports for SSL
 
     describe apache_conf do
       its('Listen') { should eq '443'}

data/docs/resources/apt.md.erb

@@ -6,7 +6,7 @@ title: About the apt Resource
 
 Use the `apt` InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform.
 
-# Syntax
+## Syntax
 
 An `apt` resource block tests the contents of Apt and PPA repositories:
 
@@ -22,61 +22,61 @@ where
 * `exist` and `be_enabled` are a valid matchers for this resource
 
 
-# Matchers
+## Matchers
 
 This InSpec audit resource has the following matchers:
 
-## be
+### be
 
 <%= partial "/shared/matcher_be" %>
 
-## be_enabled
+### be_enabled
 
 The `be_enabled` matcher tests if a package exists in the repository:
 
     it { should be_enabled }
 
-## cmp
+### cmp
 
 <%= partial "/shared/matcher_cmp" %>
 
-## eq
+### eq
 
 <%= partial "/shared/matcher_eq" %>
 
-## exist
+### exist
 
 The `exist` matcher tests if a package exists on the system:
 
     it { should exist }
 
-## include
+### include
 
 <%= partial "/shared/matcher_include" %>
 
-## match
+### match
 
 <%= partial "/shared/matcher_match" %>
 
-# Examples
+## Examples
 
 The following examples show how to use this InSpec audit resource.
 
-## Test if apt repository exists and is enabled
+### Test if apt repository exists and is enabled
 
     describe apt('http://ppa.launchpad.net/juju/stable/ubuntu') do
       it { should exist }
       it { should be_enabled }
     end
 
-## Verify that a PPA repository exists and is enabled
+### Verify that a PPA repository exists and is enabled
 
     describe apt('ppa:nginx/stable') do
       it { should exist }
       it { should be_enabled }
     end
 
-## Verify that a repository is not present
+### Verify that a repository is not present
 
     describe apt('ubuntu-wine/ppa') do
       it { should_not exist }

data/docs/resources/audit_policy.md.erb

@@ -6,7 +6,7 @@ title: About the audit_policy Resource
 
 Use the `audit_policy` Inspec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each auditing category property that is enabled, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
 
-# Syntax
+## Syntax
 
 An `audit_policy` resource block declares a parameter that belongs to an audit policy category or subcategory:
 
@@ -20,41 +20,41 @@ where
 * `'value'` must be one of `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`
 
 
-# Matchers
+## Matchers
 
 This InSpec audit resource has the following matchers:
 
-## be
+### be
 
 <%= partial "/shared/matcher_be" %>
 
-## cmp
+### cmp
 
 <%= partial "/shared/matcher_cmp" %>
 
-## eq
+### eq
 
 <%= partial "/shared/matcher_eq" %>
 
-## include
+### include
 
 <%= partial "/shared/matcher_include" %>
 
-## match
+### match
 
 <%= partial "/shared/matcher_match" %>
 
-# Examples
+## Examples
 
 The following examples show how to use this InSpec audit resource.
 
-## Test that a parameter is not set to "No Auditing"
+### Test that a parameter is not set to "No Auditing"
 
     describe audit_policy do
       its('Other Account Logon Events') { should_not eq 'No Auditing' }
     end
 
-## Test that a parameter is set to "Success"
+### Test that a parameter is set to "Success"
 
     describe audit_policy do
       its('User Account Management') { should eq 'Success' }

data/docs/resources/auditd_conf.md.erb

@@ -6,7 +6,7 @@ title: About the auditd_conf Resource
 
 Use the `auditd_conf` InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under `/etc/audit/auditd.conf'` on Unix and Linux platforms.
 
-# Syntax
+## Syntax
 
 A `auditd_conf` resource block declares configuration settings that should be tested:
 
@@ -21,27 +21,27 @@ where
 * `{ should cmp 'value' }` is the value that is expected
 
 
-# Matchers
+## Matchers
 
 This InSpec audit resource has the following matchers:
 
-## be
+### be
 
 <%= partial "/shared/matcher_be" %>
 
-## cmp
+### cmp
 
 <%= partial "/shared/matcher_cmp" %>
 
-## eq
+### eq
 
 <%= partial "/shared/matcher_eq" %>
 
-## include
+### include
 
 <%= partial "/shared/matcher_include" %>
 
-## keyword
+### keyword
 
 This matcher will matche any keyword that is listed in the `auditd.conf` configuration file. Option names and values are case-insensitive:
 
@@ -51,15 +51,15 @@ or:
 
     its('max_log_file') { should cmp 6 }
 
-## match
+### match
 
 <%= partial "/shared/matcher_match" %>
 
-# Examples
+## Examples
 
 The following examples show how to use this InSpec audit resource.
 
-## Test the auditd.conf file
+### Test the auditd.conf file
 
     describe auditd_conf do
       its('log_file') { should cmp '/full/path/to/file' }

data/docs/resources/auditd_rules.md.erb

@@ -7,7 +7,7 @@ title: About the auditd_rules Resource
 Use the `auditd_rules` InSpec audit resource to test the rules for logging that exist on the system. The `audit.rules` file is typically located under `/etc/audit/` and contains the list of rules that define what is captured in log files. This resource uses `auditctl` to query the run-time `auditd` rules setup, which may be different from `audit.rules`.
 
 
-# Syntax
+## Syntax
 
 An `auditd_rules` resource block declares one (or more) rules to be tested, and then what that rule should do. The syntax depends on the version of `audit`:
 
@@ -62,35 +62,35 @@ or test that individual rules are defined:
 where each test must declare one (or more) rules to be tested.
 
 
-# Matchers
+## Matchers
 
 This InSpec audit resource has the following matchers:
 
-## be
+### be
 
 <%= partial "/shared/matcher_be" %>
 
-## cmp
+### cmp
 
 <%= partial "/shared/matcher_cmp" %>
 
-## eq
+### eq
 
 <%= partial "/shared/matcher_eq" %>
 
-## include
+### include
 
 <%= partial "/shared/matcher_include" %>
 
-## match
+### match
 
 <%= partial "/shared/matcher_match" %>
 
-# Examples
+## Examples
 
 The following examples show how to use this InSpec audit resource.
 
-## Test if a rule contains a matching element that is identified by a regular expression
+### Test if a rule contains a matching element that is identified by a regular expression
 
 For `audit` >= 2.3:
 
@@ -109,13 +109,13 @@ For `audit` < 2.3:
     end
 
 
-## Query the audit daemon status
+### Query the audit daemon status
 
     describe auditd_rules.status('backlog') do
       it { should cmp 0 }
     end
 
-## Query properties of rules targeting specific syscalls or files
+### Query properties of rules targeting specific syscalls or files
 
     describe auditd_rules.syscall('open').action do
       it { should eq(['always']) }