inspec 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (82) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +46 -3
  3. data/Gemfile +4 -1
  4. data/README.md +3 -0
  5. data/docs/dsl_inspec.md +3 -3
  6. data/docs/profiles.md +17 -0
  7. data/docs/resources/apache_conf.md.erb +10 -10
  8. data/docs/resources/apt.md.erb +13 -13
  9. data/docs/resources/audit_policy.md.erb +10 -10
  10. data/docs/resources/auditd_conf.md.erb +10 -10
  11. data/docs/resources/auditd_rules.md.erb +11 -11
  12. data/docs/resources/bash.md.erb +12 -12
  13. data/docs/resources/bond.md.erb +15 -15
  14. data/docs/resources/bridge.md.erb +11 -11
  15. data/docs/resources/bsd_service.md.erb +11 -11
  16. data/docs/resources/command.md.erb +21 -21
  17. data/docs/resources/csv.md.erb +10 -10
  18. data/docs/resources/directory.md.erb +8 -8
  19. data/docs/resources/etc_group.md.erb +16 -16
  20. data/docs/resources/etc_passwd.md.erb +17 -17
  21. data/docs/resources/etc_shadow.md.erb +19 -19
  22. data/docs/resources/file.md.erb +58 -58
  23. data/docs/resources/gem.md.erb +12 -12
  24. data/docs/resources/group.md.erb +12 -12
  25. data/docs/resources/grub_conf.md.erb +11 -11
  26. data/docs/resources/host.md.erb +13 -13
  27. data/docs/resources/iis_site.md.erb +16 -16
  28. data/docs/resources/inetd_conf.md.erb +10 -10
  29. data/docs/resources/ini.md.erb +9 -9
  30. data/docs/resources/interface.md.erb +11 -11
  31. data/docs/resources/iptables.md.erb +11 -11
  32. data/docs/resources/json.md.erb +10 -10
  33. data/docs/resources/kernel_module.md.erb +10 -10
  34. data/docs/resources/kernel_parameter.md.erb +12 -12
  35. data/docs/resources/launchd_service.md.erb +11 -11
  36. data/docs/resources/limits_conf.md.erb +10 -10
  37. data/docs/resources/login_def.md.erb +12 -12
  38. data/docs/resources/mount.md.erb +13 -13
  39. data/docs/resources/mysql_conf.md.erb +14 -14
  40. data/docs/resources/mysql_session.md.erb +10 -10
  41. data/docs/resources/npm.md.erb +12 -12
  42. data/docs/resources/ntp_conf.md.erb +9 -9
  43. data/docs/resources/oneget.md.erb +11 -11
  44. data/docs/resources/os.md.erb +13 -13
  45. data/docs/resources/os_env.md.erb +12 -12
  46. data/docs/resources/package.md.erb +15 -15
  47. data/docs/resources/parse_config.md.erb +13 -13
  48. data/docs/resources/parse_config_file.md.erb +22 -16
  49. data/docs/resources/pip.md.erb +12 -12
  50. data/docs/resources/port.md.erb +18 -18
  51. data/docs/resources/postgres_conf.md.erb +13 -13
  52. data/docs/resources/postgres_session.md.erb +11 -11
  53. data/docs/resources/powershell.md.erb +13 -13
  54. data/docs/resources/process.md.erb +12 -12
  55. data/docs/resources/registry_key.md.erb +17 -17
  56. data/docs/resources/runit_service.md.erb +11 -11
  57. data/docs/resources/security_policy.md.erb +10 -10
  58. data/docs/resources/service.md.erb +17 -17
  59. data/docs/resources/ssh_config.md.erb +13 -13
  60. data/docs/resources/sshd_config.md.erb +14 -14
  61. data/docs/resources/ssl.md.erb +12 -12
  62. data/docs/resources/sys_info.md.erb +10 -10
  63. data/docs/resources/systemd_service.md.erb +11 -11
  64. data/docs/resources/sysv_service.md.erb +11 -11
  65. data/docs/resources/upstart_service.md.erb +11 -11
  66. data/docs/resources/user.md.erb +20 -20
  67. data/docs/resources/users.md.erb +19 -19
  68. data/docs/resources/vbscript.md.erb +9 -9
  69. data/docs/resources/windows_feature.md.erb +10 -10
  70. data/docs/resources/wmi.md.erb +10 -10
  71. data/docs/resources/xinetd_conf.md.erb +17 -17
  72. data/docs/resources/yaml.md.erb +10 -10
  73. data/docs/resources/yum.md.erb +16 -16
  74. data/examples/meta-profile/README.md +0 -5
  75. data/lib/inspec/base_cli.rb +6 -0
  76. data/lib/inspec/cli.rb +10 -3
  77. data/lib/inspec/profile.rb +3 -3
  78. data/lib/inspec/rspec_json_formatter.rb +24 -15
  79. data/lib/inspec/version.rb +1 -1
  80. data/lib/resources/registry_key.rb +15 -5
  81. data/lib/utils/filter.rb +1 -0
  82. metadata +3 -4
@@ -6,7 +6,7 @@ title: About the ssl Resource
6
6
 
7
7
  Use the `ssl` InSpec audit resource to test SSL settings for the named port.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  An `ssl` resource block declares an SSL port, and then other properties of the test like cipher and/or protocol:
12
12
 
@@ -26,21 +26,21 @@ where
26
26
  * `filter` may take any of the following arguments: `ciphers`, `protocols`, and `handshake`
27
27
 
28
28
 
29
- # Matchers
29
+ ## Matchers
30
30
 
31
31
  This InSpec audit resource has the following matchers:
32
32
 
33
- ## be
33
+ ### be
34
34
 
35
35
  <%= partial "/shared/matcher_be" %>
36
36
 
37
- ## be_enabled
37
+ ### be_enabled
38
38
 
39
39
  The `be_enabled` matcher tests if SSL is enabled:
40
40
 
41
41
  it { should be_enabled }
42
42
 
43
- ## ciphers
43
+ ### ciphers
44
44
 
45
45
  The `ciphers` matcher tests the named cipher:
46
46
 
@@ -52,23 +52,23 @@ or:
52
52
  it { should_not be_enabled }
53
53
  end
54
54
 
55
- ## cmp
55
+ ### cmp
56
56
 
57
57
  <%= partial "/shared/matcher_cmp" %>
58
58
 
59
- ## eq
59
+ ### eq
60
60
 
61
61
  <%= partial "/shared/matcher_eq" %>
62
62
 
63
- ## include
63
+ ### include
64
64
 
65
65
  <%= partial "/shared/matcher_include" %>
66
66
 
67
- ## match
67
+ ### match
68
68
 
69
69
  <%= partial "/shared/matcher_match" %>
70
70
 
71
- ## protocols
71
+ ### protocols
72
72
 
73
73
  The `protocols` matcher tests the number of times the named user appears in `/etc/shadow`:
74
74
 
@@ -80,11 +80,11 @@ or:
80
80
  it { should_not be_enabled }
81
81
  end
82
82
 
83
- # Examples
83
+ ## Examples
84
84
 
85
85
  The following examples show how to use this InSpec audit resource.
86
86
 
87
- ## Run the ssl-benchmark example profile
87
+ ### Run the ssl-benchmark example profile
88
88
 
89
89
  The following shows how to use the `ssl` InSpec audit resource to find all TCP ports on the system, including IPv4 and IPv6. (This is a partial example based on the `ssl_text.rb` file in the `ssl-benchmark` profile on GitHub.)
90
90
 
@@ -6,7 +6,7 @@ title: About the sys_info Resource
6
6
 
7
7
  Use the `sys_info` InSpec audit resource to test for operating system properties for the named host, and then returns that info as standard output.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  An `sys_info` resource block declares the hostname to be tested:
12
12
 
@@ -14,41 +14,41 @@ An `sys_info` resource block declares the hostname to be tested:
14
14
  its('hostname') { should eq 'value' }
15
15
  end
16
16
 
17
- # Matchers
17
+ ## Matchers
18
18
 
19
19
  This InSpec audit resource has the following matchers:
20
20
 
21
- ## be
21
+ ### be
22
22
 
23
23
  <%= partial "/shared/matcher_be" %>
24
24
 
25
- ## cmp
25
+ ### cmp
26
26
 
27
27
  <%= partial "/shared/matcher_cmp" %>
28
28
 
29
- ## eq
29
+ ### eq
30
30
 
31
31
  <%= partial "/shared/matcher_eq" %>
32
32
 
33
- ## hostname
33
+ ### hostname
34
34
 
35
35
  The `hostname` matcher tests the host for which standard output is returned:
36
36
 
37
37
  its('hostname') { should eq 'value' }
38
38
 
39
- ## include
39
+ ### include
40
40
 
41
41
  <%= partial "/shared/matcher_include" %>
42
42
 
43
- ## match
43
+ ### match
44
44
 
45
45
  <%= partial "/shared/matcher_match" %>
46
46
 
47
- # Examples
47
+ ## Examples
48
48
 
49
49
  The following examples show how to use this InSpec audit resource.
50
50
 
51
- ## Get system information for example.com
51
+ ### Get system information for example.com
52
52
 
53
53
  describe sys_info do
54
54
  its('hostname') { should eq 'example.com' }
@@ -6,7 +6,7 @@ title: About the systemd_service Resource
6
6
 
7
7
  Use the `systemd_service` InSpec audit resource to test a service using SystemD.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `systemd_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
12
12
 
@@ -29,48 +29,48 @@ The path to the service manager's control may be specified for situations where
29
29
  it { should be_running }
30
30
  end
31
31
 
32
- # Matchers
32
+ ## Matchers
33
33
 
34
34
  This InSpec audit resource has the following matchers:
35
35
 
36
- ## be
36
+ ### be
37
37
 
38
38
  <%= partial "/shared/matcher_be" %>
39
39
 
40
- ## be_enabled
40
+ ### be_enabled
41
41
 
42
42
  The `be_enabled` matcher tests if the named service is enabled:
43
43
 
44
44
  it { should be_enabled }
45
45
 
46
- ## be_installed
46
+ ### be_installed
47
47
 
48
48
  The `be_installed` matcher tests if the named service is installed:
49
49
 
50
50
  it { should be_installed }
51
51
 
52
- ## be_running
52
+ ### be_running
53
53
 
54
54
  The `be_running` matcher tests if the named service is running:
55
55
 
56
56
  it { should be_running }
57
57
 
58
- ## cmp
58
+ ### cmp
59
59
 
60
60
  <%= partial "/shared/matcher_cmp" %>
61
61
 
62
- ## eq
62
+ ### eq
63
63
 
64
64
  <%= partial "/shared/matcher_eq" %>
65
65
 
66
- ## include
66
+ ### include
67
67
 
68
68
  <%= partial "/shared/matcher_include" %>
69
69
 
70
- ## match
70
+ ### match
71
71
 
72
72
  <%= partial "/shared/matcher_match" %>
73
73
 
74
- # Examples
74
+ ## Examples
75
75
 
76
76
  None.
@@ -6,7 +6,7 @@ title: About the sysv_service Resource
6
6
 
7
7
  Use the `sysv_service` InSpec audit resource to test a service using SystemV.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `sysv_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
12
12
 
@@ -29,48 +29,48 @@ The path to the service manager's control may be specified for situations where
29
29
  it { should be_running }
30
30
  end
31
31
 
32
- # Matchers
32
+ ## Matchers
33
33
 
34
34
  This InSpec audit resource has the following matchers:
35
35
 
36
- ## be
36
+ ### be
37
37
 
38
38
  <%= partial "/shared/matcher_be" %>
39
39
 
40
- ## be_enabled
40
+ ### be_enabled
41
41
 
42
42
  The `be_enabled` matcher tests if the named service is enabled:
43
43
 
44
44
  it { should be_enabled }
45
45
 
46
- ## be_installed
46
+ ### be_installed
47
47
 
48
48
  The `be_installed` matcher tests if the named service is installed:
49
49
 
50
50
  it { should be_installed }
51
51
 
52
- ## be_running
52
+ ### be_running
53
53
 
54
54
  The `be_running` matcher tests if the named service is running:
55
55
 
56
56
  it { should be_running }
57
57
 
58
- ## cmp
58
+ ### cmp
59
59
 
60
60
  <%= partial "/shared/matcher_cmp" %>
61
61
 
62
- ## eq
62
+ ### eq
63
63
 
64
64
  <%= partial "/shared/matcher_eq" %>
65
65
 
66
- ## include
66
+ ### include
67
67
 
68
68
  <%= partial "/shared/matcher_include" %>
69
69
 
70
- ## match
70
+ ### match
71
71
 
72
72
  <%= partial "/shared/matcher_match" %>
73
73
 
74
- # Examples
74
+ ## Examples
75
75
 
76
76
  None.
@@ -6,7 +6,7 @@ title: About the upstart_service Resource
6
6
 
7
7
  Use the `upstart_service` InSpec audit resource to test a service using Upstart.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  An `upstart_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
12
12
 
@@ -29,48 +29,48 @@ The path to the service manager's control may be specified for situations where
29
29
  it { should be_running }
30
30
  end
31
31
 
32
- # Matchers
32
+ ## Matchers
33
33
 
34
34
  This InSpec audit resource has the following matchers:
35
35
 
36
- ## be
36
+ ### be
37
37
 
38
38
  <%= partial "/shared/matcher_be" %>
39
39
 
40
- ## be_enabled
40
+ ### be_enabled
41
41
 
42
42
  The `be_enabled` matcher tests if the named service is enabled:
43
43
 
44
44
  it { should be_enabled }
45
45
 
46
- ## be_installed
46
+ ### be_installed
47
47
 
48
48
  The `be_installed` matcher tests if the named service is installed:
49
49
 
50
50
  it { should be_installed }
51
51
 
52
- ## be_running
52
+ ### be_running
53
53
 
54
54
  The `be_running` matcher tests if the named service is running:
55
55
 
56
56
  it { should be_running }
57
57
 
58
- ## cmp
58
+ ### cmp
59
59
 
60
60
  <%= partial "/shared/matcher_cmp" %>
61
61
 
62
- ## eq
62
+ ### eq
63
63
 
64
64
  <%= partial "/shared/matcher_eq" %>
65
65
 
66
- ## include
66
+ ### include
67
67
 
68
68
  <%= partial "/shared/matcher_include" %>
69
69
 
70
- ## match
70
+ ### match
71
71
 
72
72
  <%= partial "/shared/matcher_match" %>
73
73
 
74
- # Examples
74
+ ## Examples
75
75
 
76
76
  None.
@@ -6,7 +6,7 @@ title: About the user Resource
6
6
 
7
7
  Use the `user` InSpec audit resource to test user profiles for a single, known/expected local user, including the groups to which that user belongs, the frequency of required password changes, and the directory paths to home and shell.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `user` resource block declares a user name, and then one (or more) matchers:
12
12
 
@@ -29,29 +29,29 @@ where
29
29
  * `it { should exist }` tests if the user exists
30
30
  * `gid`, `group`, `groups`, `home`, `maxdays`, `mindays`, `shell`, `uid`, and `warndays` are valid matchers for this resource
31
31
 
32
- # Matchers
32
+ ## Matchers
33
33
 
34
34
  This InSpec audit resource has the following matchers:
35
35
 
36
- ## be
36
+ ### be
37
37
 
38
38
  <%= partial "/shared/matcher_be" %>
39
39
 
40
- ## cmp
40
+ ### cmp
41
41
 
42
42
  <%= partial "/shared/matcher_cmp" %>
43
43
 
44
- ## eq
44
+ ### eq
45
45
 
46
46
  <%= partial "/shared/matcher_eq" %>
47
47
 
48
- ## exist
48
+ ### exist
49
49
 
50
50
  The `exist` matcher tests if the named user exists:
51
51
 
52
52
  it { should exist }
53
53
 
54
- ## gid
54
+ ### gid
55
55
 
56
56
  The `gid` matcher tests the group identifier:
57
57
 
@@ -59,7 +59,7 @@ The `gid` matcher tests the group identifier:
59
59
 
60
60
  where `1234` represents the user identifier.
61
61
 
62
- ## group
62
+ ### group
63
63
 
64
64
  The `group` matcher tests the group to which the user belongs:
65
65
 
@@ -67,27 +67,27 @@ The `group` matcher tests the group to which the user belongs:
67
67
 
68
68
  where `root` represents the group.
69
69
 
70
- ## groups
70
+ ### groups
71
71
 
72
72
  The `groups` matcher tests two (or more) groups to which the user belongs:
73
73
 
74
74
  its('groups') { should eq ['root', 'other']}
75
75
 
76
- ## home
76
+ ### home
77
77
 
78
78
  The `home` matcher tests the home directory path for the user:
79
79
 
80
80
  its('home') { should eq '/root' }
81
81
 
82
- ## include
82
+ ### include
83
83
 
84
84
  <%= partial "/shared/matcher_include" %>
85
85
 
86
- ## match
86
+ ### match
87
87
 
88
88
  <%= partial "/shared/matcher_match" %>
89
89
 
90
- ## maxdays
90
+ ### maxdays
91
91
 
92
92
  The `maxdays` matcher tests the maximum number of days between password changes:
93
93
 
@@ -95,7 +95,7 @@ The `maxdays` matcher tests the maximum number of days between password changes:
95
95
 
96
96
  where `99` represents the maximum number of days.
97
97
 
98
- ## mindays
98
+ ### mindays
99
99
 
100
100
  The `mindays` matcher tests the minimum number of days between password changes:
101
101
 
@@ -103,13 +103,13 @@ The `mindays` matcher tests the minimum number of days between password changes:
103
103
 
104
104
  where `0` represents the maximum number of days.
105
105
 
106
- ## shell
106
+ ### shell
107
107
 
108
108
  The `shell` matcher tests the path to the default shell for the user:
109
109
 
110
110
  its('shell') { should eq '/bin/bash' }
111
111
 
112
- ## uid
112
+ ### uid
113
113
 
114
114
  The `uid` matcher tests the user identifier:
115
115
 
@@ -117,7 +117,7 @@ The `uid` matcher tests the user identifier:
117
117
 
118
118
  where `1234` represents the user identifier.
119
119
 
120
- ## warndays
120
+ ### warndays
121
121
 
122
122
  The `warndays` matcher tests the number of days a user is warned before a password must be changed:
123
123
 
@@ -125,11 +125,11 @@ The `warndays` matcher tests the number of days a user is warned before a passwo
125
125
 
126
126
  where `5` represents the number of days a user is warned.
127
127
 
128
- # Examples
128
+ ## Examples
129
129
 
130
130
  The following examples show how to use this InSpec audit resource.
131
131
 
132
- ## Verify available users for the MySQL server
132
+ ### Verify available users for the MySQL server
133
133
 
134
134
  describe user('root') do
135
135
  it { should exist }
@@ -142,7 +142,7 @@ The following examples show how to use this InSpec audit resource.
142
142
  it { should_not exist }
143
143
  end
144
144
 
145
- ## Test users on multiple platforms
145
+ ### Test users on multiple platforms
146
146
 
147
147
  The `nginx` user is typically `www-data`, but on CentOS it's `nginx`. The following example shows how to test for the `nginx` user with a single test, but accounting for all platforms:
148
148