inspec 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (82) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +46 -3
  3. data/Gemfile +4 -1
  4. data/README.md +3 -0
  5. data/docs/dsl_inspec.md +3 -3
  6. data/docs/profiles.md +17 -0
  7. data/docs/resources/apache_conf.md.erb +10 -10
  8. data/docs/resources/apt.md.erb +13 -13
  9. data/docs/resources/audit_policy.md.erb +10 -10
  10. data/docs/resources/auditd_conf.md.erb +10 -10
  11. data/docs/resources/auditd_rules.md.erb +11 -11
  12. data/docs/resources/bash.md.erb +12 -12
  13. data/docs/resources/bond.md.erb +15 -15
  14. data/docs/resources/bridge.md.erb +11 -11
  15. data/docs/resources/bsd_service.md.erb +11 -11
  16. data/docs/resources/command.md.erb +21 -21
  17. data/docs/resources/csv.md.erb +10 -10
  18. data/docs/resources/directory.md.erb +8 -8
  19. data/docs/resources/etc_group.md.erb +16 -16
  20. data/docs/resources/etc_passwd.md.erb +17 -17
  21. data/docs/resources/etc_shadow.md.erb +19 -19
  22. data/docs/resources/file.md.erb +58 -58
  23. data/docs/resources/gem.md.erb +12 -12
  24. data/docs/resources/group.md.erb +12 -12
  25. data/docs/resources/grub_conf.md.erb +11 -11
  26. data/docs/resources/host.md.erb +13 -13
  27. data/docs/resources/iis_site.md.erb +16 -16
  28. data/docs/resources/inetd_conf.md.erb +10 -10
  29. data/docs/resources/ini.md.erb +9 -9
  30. data/docs/resources/interface.md.erb +11 -11
  31. data/docs/resources/iptables.md.erb +11 -11
  32. data/docs/resources/json.md.erb +10 -10
  33. data/docs/resources/kernel_module.md.erb +10 -10
  34. data/docs/resources/kernel_parameter.md.erb +12 -12
  35. data/docs/resources/launchd_service.md.erb +11 -11
  36. data/docs/resources/limits_conf.md.erb +10 -10
  37. data/docs/resources/login_def.md.erb +12 -12
  38. data/docs/resources/mount.md.erb +13 -13
  39. data/docs/resources/mysql_conf.md.erb +14 -14
  40. data/docs/resources/mysql_session.md.erb +10 -10
  41. data/docs/resources/npm.md.erb +12 -12
  42. data/docs/resources/ntp_conf.md.erb +9 -9
  43. data/docs/resources/oneget.md.erb +11 -11
  44. data/docs/resources/os.md.erb +13 -13
  45. data/docs/resources/os_env.md.erb +12 -12
  46. data/docs/resources/package.md.erb +15 -15
  47. data/docs/resources/parse_config.md.erb +13 -13
  48. data/docs/resources/parse_config_file.md.erb +22 -16
  49. data/docs/resources/pip.md.erb +12 -12
  50. data/docs/resources/port.md.erb +18 -18
  51. data/docs/resources/postgres_conf.md.erb +13 -13
  52. data/docs/resources/postgres_session.md.erb +11 -11
  53. data/docs/resources/powershell.md.erb +13 -13
  54. data/docs/resources/process.md.erb +12 -12
  55. data/docs/resources/registry_key.md.erb +17 -17
  56. data/docs/resources/runit_service.md.erb +11 -11
  57. data/docs/resources/security_policy.md.erb +10 -10
  58. data/docs/resources/service.md.erb +17 -17
  59. data/docs/resources/ssh_config.md.erb +13 -13
  60. data/docs/resources/sshd_config.md.erb +14 -14
  61. data/docs/resources/ssl.md.erb +12 -12
  62. data/docs/resources/sys_info.md.erb +10 -10
  63. data/docs/resources/systemd_service.md.erb +11 -11
  64. data/docs/resources/sysv_service.md.erb +11 -11
  65. data/docs/resources/upstart_service.md.erb +11 -11
  66. data/docs/resources/user.md.erb +20 -20
  67. data/docs/resources/users.md.erb +19 -19
  68. data/docs/resources/vbscript.md.erb +9 -9
  69. data/docs/resources/windows_feature.md.erb +10 -10
  70. data/docs/resources/wmi.md.erb +10 -10
  71. data/docs/resources/xinetd_conf.md.erb +17 -17
  72. data/docs/resources/yaml.md.erb +10 -10
  73. data/docs/resources/yum.md.erb +16 -16
  74. data/examples/meta-profile/README.md +0 -5
  75. data/lib/inspec/base_cli.rb +6 -0
  76. data/lib/inspec/cli.rb +10 -3
  77. data/lib/inspec/profile.rb +3 -3
  78. data/lib/inspec/rspec_json_formatter.rb +24 -15
  79. data/lib/inspec/version.rb +1 -1
  80. data/lib/resources/registry_key.rb +15 -5
  81. data/lib/utils/filter.rb +1 -0
  82. metadata +3 -4
@@ -9,7 +9,7 @@ Use the `interface` InSpec audit resource to test basic network adapter properti
9
9
  * On Linux platforms, `/sys/class/net/#{iface}` is used as source
10
10
  * On the Windows platform, the `Get-NetAdapter` cmdlet is used as source
11
11
 
12
- # Syntax
12
+ ## Syntax
13
13
 
14
14
  An `interface` resource block declares network interface properties to be tested:
15
15
 
@@ -19,48 +19,48 @@ An `interface` resource block declares network interface properties to be tested
19
19
  its('name') { should eq eth0 }
20
20
  end
21
21
 
22
- # Matchers
22
+ ## Matchers
23
23
 
24
24
  This InSpec audit resource has the following matchers:
25
25
 
26
- ## be
26
+ ### be
27
27
 
28
28
  <%= partial "/shared/matcher_be" %>
29
29
 
30
- ## be_up
30
+ ### be_up
31
31
 
32
32
  The `be_up` matcher tests if the network interface is available:
33
33
 
34
34
  it { should be_up }
35
35
 
36
- ## cmp
36
+ ### cmp
37
37
 
38
38
  <%= partial "/shared/matcher_cmp" %>
39
39
 
40
- ## eq
40
+ ### eq
41
41
 
42
42
  <%= partial "/shared/matcher_eq" %>
43
43
 
44
- ## include
44
+ ### include
45
45
 
46
46
  <%= partial "/shared/matcher_include" %>
47
47
 
48
- ## match
48
+ ### match
49
49
 
50
50
  <%= partial "/shared/matcher_match" %>
51
51
 
52
- ## name
52
+ ### name
53
53
 
54
54
  The `name` matcher tests if the named network interface exists:
55
55
 
56
56
  its('name') { should eq eth0 }
57
57
 
58
- ## speed
58
+ ### speed
59
59
 
60
60
  The `speed` matcher tests the speed of the network interface, in MB/sec:
61
61
 
62
62
  its('speed') { should eq 1000 }
63
63
 
64
- # Examples
64
+ ## Examples
65
65
 
66
66
  None.
@@ -6,7 +6,7 @@ title: About the iptables Resource
6
6
 
7
7
  Use the `iptables` InSpec audit resource to test rules that are defined in `iptables`, which maintains tables of IP packet filtering rules. There may be more than one table. Each table contains one (or more) chains (both built-in and custom). A chain is a list of rules that match packets. When the rule matches, the rule defines what target to assign to the packet.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `iptables` resource block declares tests for rules in IP tables:
12
12
 
@@ -23,47 +23,47 @@ where
23
23
  * `have_rule('RULE')` tests that rule in the iptables file
24
24
 
25
25
 
26
- # Matchers
26
+ ## Matchers
27
27
 
28
28
  This InSpec audit resource has the following matchers:
29
29
 
30
- ## be
30
+ ### be
31
31
 
32
32
  <%= partial "/shared/matcher_be" %>
33
33
 
34
- ## cmp
34
+ ### cmp
35
35
 
36
36
  <%= partial "/shared/matcher_cmp" %>
37
37
 
38
- ## eq
38
+ ### eq
39
39
 
40
40
  <%= partial "/shared/matcher_eq" %>
41
41
 
42
- ## have_rule
42
+ ### have_rule
43
43
 
44
44
  The `have_rule` matcher tests the named rule against the information in the `iptables` file:
45
45
 
46
46
  it { should have_rule('RULE') }
47
47
 
48
- ## include
48
+ ### include
49
49
 
50
50
  <%= partial "/shared/matcher_include" %>
51
51
 
52
- ## match
52
+ ### match
53
53
 
54
54
  <%= partial "/shared/matcher_match" %>
55
55
 
56
- # Examples
56
+ ## Examples
57
57
 
58
58
  The following examples show how to use this InSpec audit resource.
59
59
 
60
- ## Test if the IP table allows a packet through
60
+ ### Test if the IP table allows a packet through
61
61
 
62
62
  describe iptables do
63
63
  it { should have_rule('-P INPUT ACCEPT') }
64
64
  end
65
65
 
66
- ## Test if the IP table allows a packet through, for a specific table and chain
66
+ ### Test if the IP table allows a packet through, for a specific table and chain
67
67
 
68
68
  describe iptables(table:'mangle', chain: 'input') do
69
69
  it { should have_rule('-P INPUT ACCEPT') }
@@ -6,7 +6,7 @@ title: About the json Resource
6
6
 
7
7
  Use the `json` InSpec audit resource to test data in a JSON file.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `json` resource block declares the data to be tested. Assume the following JSON file:
12
12
 
@@ -35,41 +35,41 @@ where
35
35
  * `should eq 'foo'` tests a value of `name` as read from a JSON file versus the value declared in the test
36
36
 
37
37
 
38
- # Matchers
38
+ ## Matchers
39
39
 
40
40
  This InSpec audit resource has the following matchers:
41
41
 
42
- ## be
42
+ ### be
43
43
 
44
44
  <%= partial "/shared/matcher_be" %>
45
45
 
46
- ## cmp
46
+ ### cmp
47
47
 
48
48
  <%= partial "/shared/matcher_cmp" %>
49
49
 
50
- ## eq
50
+ ### eq
51
51
 
52
52
  <%= partial "/shared/matcher_eq" %>
53
53
 
54
- ## include
54
+ ### include
55
55
 
56
56
  <%= partial "/shared/matcher_include" %>
57
57
 
58
- ## match
58
+ ### match
59
59
 
60
60
  <%= partial "/shared/matcher_match" %>
61
61
 
62
- ## name
62
+ ### name
63
63
 
64
64
  The `name` matcher tests the value of `name` as read from a JSON file versus the value declared in the test:
65
65
 
66
66
  its('name') { should eq 'foo' }
67
67
 
68
- # Examples
68
+ ## Examples
69
69
 
70
70
  The following examples show how to use this InSpec audit resource.
71
71
 
72
- ## Test a cookbook version in a policyfile.lock.json file
72
+ ### Test a cookbook version in a policyfile.lock.json file
73
73
 
74
74
  describe json('policyfile.lock.json') do
75
75
  its(['cookbook_locks', 'omnibus', 'version']) { should eq('2.2.0') }
@@ -6,7 +6,7 @@ title: About the kernel_module Resource
6
6
 
7
7
  Use the `kernel_module` InSpec audit resource to test kernel modules on Linux platforms. These parameters are located under `/lib/modules`. Any submodule may be tested using this resource.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `kernel_module` resource block declares a module name, and then tests if that module is a loadable kernel module:
12
12
 
@@ -19,41 +19,41 @@ where
19
19
  * `'module_name'` must specify a kernel module, such as `'bridge'`
20
20
  * `{ should be_loaded }` tests if the module is a loadable kernel module
21
21
 
22
- # Matchers
22
+ ## Matchers
23
23
 
24
24
  This InSpec audit resource has the following matchers:
25
25
 
26
- ## be
26
+ ### be
27
27
 
28
28
  <%= partial "/shared/matcher_be" %>
29
29
 
30
- ## be_loaded
30
+ ### be_loaded
31
31
 
32
32
  The `be_loaded` matcher tests if the module is a loadable kernel module:
33
33
 
34
34
  it { should be_loaded }
35
35
 
36
- ## cmp
36
+ ### cmp
37
37
 
38
38
  <%= partial "/shared/matcher_cmp" %>
39
39
 
40
- ## eq
40
+ ### eq
41
41
 
42
42
  <%= partial "/shared/matcher_eq" %>
43
43
 
44
- ## include
44
+ ### include
45
45
 
46
46
  <%= partial "/shared/matcher_include" %>
47
47
 
48
- ## match
48
+ ### match
49
49
 
50
50
  <%= partial "/shared/matcher_match" %>
51
51
 
52
- # Examples
52
+ ## Examples
53
53
 
54
54
  The following examples show how to use this InSpec audit resource.
55
55
 
56
- ## Test if a module is loaded
56
+ ### Test if a module is loaded
57
57
 
58
58
  describe kernel_module('bridge') do
59
59
  it { should be_loaded }
@@ -6,7 +6,7 @@ title: About the kernel_parameter Resource
6
6
 
7
7
  Use the `kernel_parameter` InSpec audit resource to test kernel parameters on Linux platforms.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `kernel_parameter` resource block declares a parameter and then a value to be tested:
12
12
 
@@ -19,53 +19,53 @@ where
19
19
  * `'kernel.parameter'` must specify a kernel parameter, such as `'net.ipv4.conf.all.forwarding'`
20
20
  * `{ should eq 0 }` states the value to be tested
21
21
 
22
- # Matchers
22
+ ## Matchers
23
23
 
24
24
  This InSpec audit resource has the following matchers:
25
25
 
26
- ## be
26
+ ### be
27
27
 
28
28
  <%= partial "/shared/matcher_be" %>
29
29
 
30
- ## cmp
30
+ ### cmp
31
31
 
32
32
  <%= partial "/shared/matcher_cmp" %>
33
33
 
34
- ## eq
34
+ ### eq
35
35
 
36
36
  <%= partial "/shared/matcher_eq" %>
37
37
 
38
- ## include
38
+ ### include
39
39
 
40
40
  <%= partial "/shared/matcher_include" %>
41
41
 
42
- ## match
42
+ ### match
43
43
 
44
44
  <%= partial "/shared/matcher_match" %>
45
45
 
46
- ## value
46
+ ### value
47
47
 
48
48
  The `value` matcher tests the value assigned to the named IP address versus the value declared in the test:
49
49
 
50
50
  its('value') { should eq 0 }
51
51
 
52
- # Examples
52
+ ## Examples
53
53
 
54
54
  The following examples show how to use this InSpec audit resource.
55
55
 
56
- ## Test if global forwarding is enabled for an IPv4 address
56
+ ### Test if global forwarding is enabled for an IPv4 address
57
57
 
58
58
  describe kernel_parameter('net.ipv4.conf.all.forwarding') do
59
59
  its('value') { should eq 1 }
60
60
  end
61
61
 
62
- ## Test if global forwarding is disabled for an IPv6 address
62
+ ### Test if global forwarding is disabled for an IPv6 address
63
63
 
64
64
  describe kernel_parameter('net.ipv6.conf.all.forwarding') do
65
65
  its('value') { should eq 0 }
66
66
  end
67
67
 
68
- ## Test if an IPv6 address accepts redirects
68
+ ### Test if an IPv6 address accepts redirects
69
69
 
70
70
  describe kernel_parameter('net.ipv6.conf.interface.accept_redirects') do
71
71
  its('value') { should eq 'true' }
@@ -6,7 +6,7 @@ title: About the launchd_service Resource
6
6
 
7
7
  Use the ``launchd_service`` InSpec audit resource to test a service using Launchd.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A ``launchd_service`` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
12
12
 
@@ -29,48 +29,48 @@ The path to the service manager's control may be specified for situations where
29
29
  it { should be_running }
30
30
  end
31
31
 
32
- # Matchers
32
+ ## Matchers
33
33
 
34
34
  This InSpec audit resource has the following matchers:
35
35
 
36
- ## be
36
+ ### be
37
37
 
38
38
  <%= partial "/shared/matcher_be" %>
39
39
 
40
- ## be_enabled
40
+ ### be_enabled
41
41
 
42
42
  The `be_enabled` matcher tests if the named service is enabled:
43
43
 
44
44
  it { should be_enabled }
45
45
 
46
- ## be_installed
46
+ ### be_installed
47
47
 
48
48
  The `be_installed` matcher tests if the named service is installed:
49
49
 
50
50
  it { should be_installed }
51
51
 
52
- ## be_running
52
+ ### be_running
53
53
 
54
54
  The `be_running` matcher tests if the named service is running:
55
55
 
56
56
  it { should be_running }
57
57
 
58
- ## cmp
58
+ ### cmp
59
59
 
60
60
  <%= partial "/shared/matcher_cmp" %>
61
61
 
62
- ## eq
62
+ ### eq
63
63
 
64
64
  <%= partial "/shared/matcher_eq" %>
65
65
 
66
- ## include
66
+ ### include
67
67
 
68
68
  <%= partial "/shared/matcher_include" %>
69
69
 
70
- ## match
70
+ ### match
71
71
 
72
72
  <%= partial "/shared/matcher_match" %>
73
73
 
74
- # Examples
74
+ ## Examples
75
75
 
76
76
  None.
@@ -17,7 +17,7 @@ Entries in the `limits.conf` file are similar to:
17
17
  ^^^^^^^^^ ^^^^ ^^^^^^ ^^^^^
18
18
  domain type item value
19
19
 
20
- # Syntax
20
+ ## Syntax
21
21
 
22
22
  A `limits_conf` resource block declares a domain to be tested, along with associated type, item, and value:
23
23
 
@@ -34,19 +34,19 @@ where
34
34
  * `'item'` is the item for which limits are defined, such as `core`, `nofile`, `stack`, `nproc`, `priority`, or `maxlogins`
35
35
  * `'value'` is the value associated with the `item`
36
36
 
37
- # Matchers
37
+ ## Matchers
38
38
 
39
39
  This InSpec audit resource has the following matchers:
40
40
 
41
- ## be
41
+ ### be
42
42
 
43
43
  <%= partial "/shared/matcher_be" %>
44
44
 
45
- ## cmp
45
+ ### cmp
46
46
 
47
47
  <%= partial "/shared/matcher_cmp" %>
48
48
 
49
- ## domain
49
+ ### domain
50
50
 
51
51
  The `domain` matcher tests the domain in the `limits.conf` file, along with associated type, item, and value:
52
52
 
@@ -56,23 +56,23 @@ For example:
56
56
 
57
57
  its('grantmc') { should include ['hard', 'nofile', '63536'] }
58
58
 
59
- ## eq
59
+ ### eq
60
60
 
61
61
  <%= partial "/shared/matcher_eq" %>
62
62
 
63
- ## include
63
+ ### include
64
64
 
65
65
  <%= partial "/shared/matcher_include" %>
66
66
 
67
- ## match
67
+ ### match
68
68
 
69
69
  <%= partial "/shared/matcher_match" %>
70
70
 
71
- # Examples
71
+ ## Examples
72
72
 
73
73
  The following examples show how to use this InSpec audit resource.
74
74
 
75
- ## Test limits
75
+ ### Test limits
76
76
 
77
77
  describe limits_conf('path') do
78
78
  its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }