inspec 1.0.0 → 1.1.0

data/docs/resources/registry_key.md.erb

@@ -6,7 +6,7 @@ title: About the registry_key Resource
 
 Use the `registry_key` InSpec audit resource to test key values in the Windows registry.
 
-# Syntax
+## Syntax
 
 A `registry_key` resource block declares the item in the Windows registry, the path to a setting under that item, and then one (or more) name/value pairs to be tested.
 
@@ -33,7 +33,7 @@ Or use a Ruby Hash:
     end
 
 
-## Registry Key Path Separators
+### Registry Key Path Separators
 
 A Windows registry key can be used as a string in Ruby code, such as when a registry key is used as the name of a recipe. In Ruby, when a registry key is enclosed in a double-quoted string (`" "`), the same backslash character (`\`) that is used to define the registry key path separator is also used in Ruby to define an escape character. Therefore, the registry key path separators must be escaped when they are enclosed in a double-quoted string. For example, the following registry key:
 
@@ -48,15 +48,15 @@ or may be enclosed in a double-quoted string with an extra backslash as an escap
     "HKCU\\SOFTWARE\\path\\to\\key\\Themes"
 
 
-# Matchers
+## Matchers
 
 This InSpec audit resource has the following matchers:
 
-## be
+### be
 
 <%= partial "/shared/matcher_be" %>
 
-## children
+### children
 
 The `children` matcher return all of the child items of a registry key. A regular expression may be used to filter child items:
 
@@ -81,57 +81,57 @@ The following example shows how find a property that may exist against multiple
         end
       }
 
-## cmp
+### cmp
 
 <%= partial "/shared/matcher_cmp" %>
 
-## eq
+### eq
 
 <%= partial "/shared/matcher_eq" %>
 
-## exist
+### exist
 
 The `exist` matcher tests if the registry key is present:
 
     it { should exist }
 
-## have_property
+### have_property
 
 The `have_property` matcher tests if a property exists for a registry key:
 
     it { should have_property 'value' }
 
-## have_property_value
+### have_property_value
 
 The `have_property_value` matcher tests if a property value exists for a registry key:
 
     it { should have_property_value 'value' }
 
-## have_value
+### have_value
 
 The `have_value` matcher tests if a value exists for a registry key:
 
     it { should have_value 'value' }
 
-## include
+### include
 
 <%= partial "/shared/matcher_include" %>
 
-## match
+### match
 
 <%= partial "/shared/matcher_match" %>
 
-## name
+### name
 
 The `name` matcher tests the value for the specified registry setting:
 
     its('name') { should eq 'value' }
 
-# Examples
+## Examples
 
 The following examples show how to use this InSpec audit resource.
 
-## Test the start time for the Schedule service
+### Test the start time for the Schedule service
 
     describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\...\Schedule') do
       its('Start') { should eq 2 }
@@ -139,7 +139,7 @@ The following examples show how to use this InSpec audit resource.
 
 where `'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule'` is the full path to the setting.
 
-## Use a regular expression in responses
+### Use a regular expression in responses
 
     describe registry_key({
       hive: 'HKEY_LOCAL_MACHINE',

data/docs/resources/runit_service.md.erb

@@ -6,7 +6,7 @@ title: About the runit_service Resource
 
 Use the `runit_service` InSpec audit resource to test a service using runit.
 
-# Syntax
+## Syntax
 
 A `runit_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
 
@@ -29,48 +29,48 @@ The path to the service manager's control may be specified for situations where
       it { should be_running }
     end
 
-# Matchers
+## Matchers
 
 This InSpec audit resource has the following matchers:
 
-## be
+### be
 
 <%= partial "/shared/matcher_be" %>
 
-## be_enabled
+### be_enabled
 
 The `be_enabled` matcher tests if the named service is enabled:
 
     it { should be_enabled }
 
-## be_installed
+### be_installed
 
 The `be_installed` matcher tests if the named service is installed:
 
     it { should be_installed }
 
-## be_running
+### be_running
 
 The `be_running` matcher tests if the named service is running:
 
     it { should be_running }
 
-## cmp
+### cmp
 
 <%= partial "/shared/matcher_cmp" %>
 
-## eq
+### eq
 
 <%= partial "/shared/matcher_eq" %>
 
-## include
+### include
 
 <%= partial "/shared/matcher_include" %>
 
-## match
+### match
 
 <%= partial "/shared/matcher_match" %>
 
-# Examples
+## Examples
 
 None.

data/docs/resources/security_policy.md.erb

@@ -6,7 +6,7 @@ title: About the security_policy Resource
 
 Use the `security_policy` InSpec audit resource to test security policies on the Windows platform.
 
-# Syntax
+## Syntax
 
 A `security_policy` resource block declares the name of a security policy and the value to be tested:
 
@@ -20,41 +20,41 @@ where
 * `{ should eq 'value' }` tests the value of `policy_name` against the value declared in the test
 
 
-# Matchers
+## Matchers
 
 This InSpec audit resource has the following matchers:
 
-## be
+### be
 
 <%= partial "/shared/matcher_be" %>
 
-## cmp
+### cmp
 
 <%= partial "/shared/matcher_cmp" %>
 
-## eq
+### eq
 
 <%= partial "/shared/matcher_eq" %>
 
-## include
+### include
 
 <%= partial "/shared/matcher_include" %>
 
-## match
+### match
 
 <%= partial "/shared/matcher_match" %>
 
-## policy_name
+### policy_name
 
 The `policy_name` matcher must be the name of a security policy:
 
     its('SeNetworkLogonRight') { should eq '*S-1-5-11' }
 
-# Examples
+## Examples
 
 The following examples show how to use this InSpec audit resource.
 
-## Verify that only the Administrators group has remote access
+### Verify that only the Administrators group has remote access
 
     describe security_policy do
       its('SeRemoteInteractiveLogonRight') { should eq '*S-1-5-32-544' }

data/docs/resources/service.md.erb

@@ -8,7 +8,7 @@ Use the `service` InSpec audit resource to test if the named service is installe
 
 Under some circumstances, it may be necessary to specify the service manager by using one of the following service manager-specific resources: `bsd_service`, `launchd_service`, `runit_service`, `systemd_service`, `sysv_service`, oe `upstart_service`. These resources are based on the `service` resource.
 
-# Syntax
+## Syntax
 
 A `service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
 
@@ -24,67 +24,67 @@ where
 * `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource
 
 
-# Matchers
+## Matchers
 
 This InSpec audit resource has the following matchers:
 
-## be
+### be
 
 <%= partial "/shared/matcher_be" %>
 
-## be_enabled
+### be_enabled
 
 The `be_enabled` matcher tests if the named service is enabled:
 
     it { should be_enabled }
 
-## be_installed
+### be_installed
 
 The `be_installed` matcher tests if the named service is installed:
 
     it { should be_installed }
 
-## be_running
+### be_running
 
 The `be_running` matcher tests if the named service is running:
 
     it { should be_running }
 
-## cmp
+### cmp
 
 <%= partial "/shared/matcher_cmp" %>
 
-## eq
+### eq
 
 <%= partial "/shared/matcher_eq" %>
 
-## include
+### include
 
 <%= partial "/shared/matcher_include" %>
 
-## match
+### match
 
 <%= partial "/shared/matcher_match" %>
 
-# Examples
+## Examples
 
 The following examples show how to use this InSpec audit resource.
 
-## Test if the postgresql service is both running and enabled
+### Test if the postgresql service is both running and enabled
 
     describe service('postgresql') do
       it { should be_enabled }
       it { should be_running }
     end
 
-## Test if the mysql service is both running and enabled
+### Test if the mysql service is both running and enabled
 
     describe service('mysqld') do
       it { should be_enabled }
       it { should be_running }
     end
 
-## Test if ClamAV (an antivirus engine) is installed and running
+### Test if ClamAV (an antivirus engine) is installed and running
 
     describe package('clamav') do
       it { should be_installed }
@@ -97,7 +97,7 @@ The following examples show how to use this InSpec audit resource.
       it { should_not be_running }
     end
 
-## Test Unix System V run levels
+### Test Unix System V run levels
 
 On targets that are using SystemV services, the existing run levels can also be checked:
 
@@ -109,7 +109,7 @@ On targets that are using SystemV services, the existing run levels can also be
       it { should be_enabled }
     end
 
-## Override the service manager
+### Override the service manager
 
 Under some circumstances, it may be required to override the logic in place to select the right service manager. For example, to check a service managed by Upstart:
 
@@ -127,7 +127,7 @@ This is also possible with `systemd_service`, `runit_service`, `sysv_service`, `
       it { should be_running }
     end
 
-## Verify that IIS is running
+### Verify that IIS is running
 
     describe service('W3SVC') do
       it { should be_installed }

data/docs/resources/ssh_config.md.erb

@@ -6,7 +6,7 @@ title: About the ssh_config Resource
 
 Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms.
 
-# Syntax
+## Syntax
 
 An `ssh_config` resource block declares the client OpenSSH configuration data to be tested:
 
@@ -21,31 +21,31 @@ where
 * `{ should include('foo') }` tests the value of `name` as read from `ssh_config` versus the value declared in the test
 
 
-# Matchers
+## Matchers
 
 This InSpec audit resource has the following matchers:
 
-## be
+### be
 
 <%= partial "/shared/matcher_be" %>
 
-## cmp
+### cmp
 
 <%= partial "/shared/matcher_cmp" %>
 
-## eq
+### eq
 
 <%= partial "/shared/matcher_eq" %>
 
-## include
+### include
 
 <%= partial "/shared/matcher_include" %>
 
-## match
+### match
 
 <%= partial "/shared/matcher_match" %>
 
-## name
+### name
 
 The `name` matcher tests the value of `name` as read from `ssh_config` versus the value declared in the test:
 
@@ -55,11 +55,11 @@ or:
 
     its('name') { should include('bar') }
 
-# Examples
+## Examples
 
 The following examples show how to use this InSpec audit resource.
 
-## Test SSH configuration settings
+### Test SSH configuration settings
 
     describe ssh_config do
       its('cipher') { should contain '3des' }
@@ -67,7 +67,7 @@ The following examples show how to use this InSpec audit resource.
       its('hostname') { should include('example.com') }
     end
 
-## Test which variables from the local environment are sent to the server
+### Test which variables from the local environment are sent to the server
 
     only_if do
       command('sshd').exist? or command('ssh').exists?
@@ -77,14 +77,14 @@ The following examples show how to use this InSpec audit resource.
       its('SendEnv') { should include('GORDON_CLIENT') }
     end
 
-## Test owner and group permissions
+### Test owner and group permissions
 
     describe ssh_config do
       its('owner') { should eq 'root' }
       its('mode') { should cmp '0644' }
     end
 
-## Test SSH configuration
+### Test SSH configuration
 
     describe ssh_config do
       its('Host') { should eq '*' }

data/docs/resources/sshd_config.md.erb

@@ -6,7 +6,7 @@ title: About the sshd_config Resource
 
 Use the `sshd_config` InSpec audit resource to test configuration data for the OpenSSH daemon located at `/etc/ssh/sshd_config` on Linux and Unix platforms. sshd---the OpenSSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command executation, and data exchanges.
 
-# Syntax
+## Syntax
 
 An `sshd_config` resource block declares the client OpenSSH configuration data to be tested:
 
@@ -21,31 +21,31 @@ where
 * `{ should include('foo') }` tests the value of `name` as read from `sshd_config` versus the value declared in the test
 
 
-# Matchers
+## Matchers
 
 This InSpec audit resource has the following matchers:
 
-## be
+### be
 
 <%= partial "/shared/matcher_be" %>
 
-## cmp
+### cmp
 
 <%= partial "/shared/matcher_cmp" %>
 
-## eq
+### eq
 
 <%= partial "/shared/matcher_eq" %>
 
-## include
+### include
 
 <%= partial "/shared/matcher_include" %>
 
-## match
+### match
 
 <%= partial "/shared/matcher_match" %>
 
-## name
+### name
 
 The `name` matcher tests the value of `name` as read from `sshd_config` versus the value declared in the test:
 
@@ -55,35 +55,35 @@ or:
 
     its('name') {should include('bar') }
 
-# Examples
+## Examples
 
 The following examples show how to use this InSpec audit resource.
 
-## Test which variables may be sent to the server
+### Test which variables may be sent to the server
 
     describe sshd_config do
       its('AcceptEnv') { should include('GORDON_SERVER') }
     end
 
-## Test for IPv6-only addresses
+### Test for IPv6-only addresses
 
     describe sshd_config do
       its('AddressFamily') { should cmp 'inet6' }
     end
 
-## Test the Protocol setting
+### Test the Protocol setting
 
     describe sshd_config do
       its('Protocol') { should cmp 2 }
     end
 
-## Test for approved, strong ciphers
+### Test for approved, strong ciphers
 
     describe sshd_config do
       its('Ciphers') { should cmp('chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr') }
     end
 
-## Test SSH protocols
+### Test SSH protocols
 
     describe sshd_config do
       its('Port') { should cmp  22 }