inspec 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (82) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +46 -3
  3. data/Gemfile +4 -1
  4. data/README.md +3 -0
  5. data/docs/dsl_inspec.md +3 -3
  6. data/docs/profiles.md +17 -0
  7. data/docs/resources/apache_conf.md.erb +10 -10
  8. data/docs/resources/apt.md.erb +13 -13
  9. data/docs/resources/audit_policy.md.erb +10 -10
  10. data/docs/resources/auditd_conf.md.erb +10 -10
  11. data/docs/resources/auditd_rules.md.erb +11 -11
  12. data/docs/resources/bash.md.erb +12 -12
  13. data/docs/resources/bond.md.erb +15 -15
  14. data/docs/resources/bridge.md.erb +11 -11
  15. data/docs/resources/bsd_service.md.erb +11 -11
  16. data/docs/resources/command.md.erb +21 -21
  17. data/docs/resources/csv.md.erb +10 -10
  18. data/docs/resources/directory.md.erb +8 -8
  19. data/docs/resources/etc_group.md.erb +16 -16
  20. data/docs/resources/etc_passwd.md.erb +17 -17
  21. data/docs/resources/etc_shadow.md.erb +19 -19
  22. data/docs/resources/file.md.erb +58 -58
  23. data/docs/resources/gem.md.erb +12 -12
  24. data/docs/resources/group.md.erb +12 -12
  25. data/docs/resources/grub_conf.md.erb +11 -11
  26. data/docs/resources/host.md.erb +13 -13
  27. data/docs/resources/iis_site.md.erb +16 -16
  28. data/docs/resources/inetd_conf.md.erb +10 -10
  29. data/docs/resources/ini.md.erb +9 -9
  30. data/docs/resources/interface.md.erb +11 -11
  31. data/docs/resources/iptables.md.erb +11 -11
  32. data/docs/resources/json.md.erb +10 -10
  33. data/docs/resources/kernel_module.md.erb +10 -10
  34. data/docs/resources/kernel_parameter.md.erb +12 -12
  35. data/docs/resources/launchd_service.md.erb +11 -11
  36. data/docs/resources/limits_conf.md.erb +10 -10
  37. data/docs/resources/login_def.md.erb +12 -12
  38. data/docs/resources/mount.md.erb +13 -13
  39. data/docs/resources/mysql_conf.md.erb +14 -14
  40. data/docs/resources/mysql_session.md.erb +10 -10
  41. data/docs/resources/npm.md.erb +12 -12
  42. data/docs/resources/ntp_conf.md.erb +9 -9
  43. data/docs/resources/oneget.md.erb +11 -11
  44. data/docs/resources/os.md.erb +13 -13
  45. data/docs/resources/os_env.md.erb +12 -12
  46. data/docs/resources/package.md.erb +15 -15
  47. data/docs/resources/parse_config.md.erb +13 -13
  48. data/docs/resources/parse_config_file.md.erb +22 -16
  49. data/docs/resources/pip.md.erb +12 -12
  50. data/docs/resources/port.md.erb +18 -18
  51. data/docs/resources/postgres_conf.md.erb +13 -13
  52. data/docs/resources/postgres_session.md.erb +11 -11
  53. data/docs/resources/powershell.md.erb +13 -13
  54. data/docs/resources/process.md.erb +12 -12
  55. data/docs/resources/registry_key.md.erb +17 -17
  56. data/docs/resources/runit_service.md.erb +11 -11
  57. data/docs/resources/security_policy.md.erb +10 -10
  58. data/docs/resources/service.md.erb +17 -17
  59. data/docs/resources/ssh_config.md.erb +13 -13
  60. data/docs/resources/sshd_config.md.erb +14 -14
  61. data/docs/resources/ssl.md.erb +12 -12
  62. data/docs/resources/sys_info.md.erb +10 -10
  63. data/docs/resources/systemd_service.md.erb +11 -11
  64. data/docs/resources/sysv_service.md.erb +11 -11
  65. data/docs/resources/upstart_service.md.erb +11 -11
  66. data/docs/resources/user.md.erb +20 -20
  67. data/docs/resources/users.md.erb +19 -19
  68. data/docs/resources/vbscript.md.erb +9 -9
  69. data/docs/resources/windows_feature.md.erb +10 -10
  70. data/docs/resources/wmi.md.erb +10 -10
  71. data/docs/resources/xinetd_conf.md.erb +17 -17
  72. data/docs/resources/yaml.md.erb +10 -10
  73. data/docs/resources/yum.md.erb +16 -16
  74. data/examples/meta-profile/README.md +0 -5
  75. data/lib/inspec/base_cli.rb +6 -0
  76. data/lib/inspec/cli.rb +10 -3
  77. data/lib/inspec/profile.rb +3 -3
  78. data/lib/inspec/rspec_json_formatter.rb +24 -15
  79. data/lib/inspec/version.rb +1 -1
  80. data/lib/resources/registry_key.rb +15 -5
  81. data/lib/utils/filter.rb +1 -0
  82. metadata +3 -4
@@ -6,7 +6,7 @@ title: About the login_defs Resource
6
6
 
7
7
  Use the `login_defs` InSpec audit resource to test configuration settings in the `/etc/login.defs` file. The `logins.defs` file defines site-specific configuration for the shadow password suite on Linux and Unix platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `login_defs` resource block declares the `login.defs` configuration data to be tested:
12
12
 
@@ -20,41 +20,41 @@ where
20
20
  * `{ should include('foo') }` tests the value of `name` as read from `login.defs` versus the value declared in the test
21
21
 
22
22
 
23
- # Matchers
23
+ ## Matchers
24
24
 
25
25
  This InSpec audit resource has the following matchers:
26
26
 
27
- ## be
27
+ ### be
28
28
 
29
29
  <%= partial "/shared/matcher_be" %>
30
30
 
31
- ## cmp
31
+ ### cmp
32
32
 
33
33
  <%= partial "/shared/matcher_cmp" %>
34
34
 
35
- ## eq
35
+ ### eq
36
36
 
37
37
  <%= partial "/shared/matcher_eq" %>
38
38
 
39
- ## include
39
+ ### include
40
40
 
41
41
  <%= partial "/shared/matcher_include" %>
42
42
 
43
- ## match
43
+ ### match
44
44
 
45
45
  <%= partial "/shared/matcher_match" %>
46
46
 
47
- ## name
47
+ ### name
48
48
 
49
49
  The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test:
50
50
 
51
51
  its('name') { should eq 'foo' }
52
52
 
53
- # Examples
53
+ ## Examples
54
54
 
55
55
  The following examples show how to use this InSpec audit resource.
56
56
 
57
- ## Test password expiration settings
57
+ ### Test password expiration settings
58
58
 
59
59
  describe login_defs do
60
60
  its('PASS_MAX_DAYS') { should eq '180' }
@@ -63,13 +63,13 @@ The following examples show how to use this InSpec audit resource.
63
63
  its('PASS_WARN_AGE') { should eq '30' }
64
64
  end
65
65
 
66
- ## Test the encryption method
66
+ ### Test the encryption method
67
67
 
68
68
  describe login_defs do
69
69
  its('ENCRYPT_METHOD') { should eq 'SHA512' }
70
70
  end
71
71
 
72
- ## Test umask setting
72
+ ### Test umask setting
73
73
 
74
74
  describe login_def do
75
75
  its('UMASK') { should eq '077' }
@@ -6,7 +6,7 @@ title: About the mount Resource
6
6
 
7
7
  Use the `mount` InSpec audit resource to test the mount points on Linux systems.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  An `mount` resource block declares the synchronization settings that should be tested:
12
12
 
@@ -21,59 +21,59 @@ where
21
21
  * `'value'` is the value to be tested
22
22
 
23
23
 
24
- # Matchers
24
+ ## Matchers
25
25
 
26
26
  This InSpec audit resource has the following matchers:
27
27
 
28
- ## be
28
+ ### be
29
29
 
30
30
  <%= partial "/shared/matcher_be" %>
31
31
 
32
- ## be_mounted
32
+ ### be_mounted
33
33
 
34
34
  The `be_mounted` matcher tests if the file is accessible from the file system:
35
35
 
36
36
  it { should be_mounted }
37
37
 
38
- ## cmp
38
+ ### cmp
39
39
 
40
40
  <%= partial "/shared/matcher_cmp" %>
41
41
 
42
- ## device
42
+ ### device
43
43
 
44
44
  The `device` matcher tests the device from the `fstab` table:
45
45
 
46
46
  its('device') { should eq '/dev/mapper/VolGroup-lv_root' }
47
47
 
48
- ## eq
48
+ ### eq
49
49
 
50
50
  <%= partial "/shared/matcher_eq" %>
51
51
 
52
- ## include
52
+ ### include
53
53
 
54
54
  <%= partial "/shared/matcher_include" %>
55
55
 
56
- ## match
56
+ ### match
57
57
 
58
58
  <%= partial "/shared/matcher_match" %>
59
59
 
60
- ## options
60
+ ### options
61
61
 
62
62
  The `options` matcher tests the mount options for the file system from the `fstab` table:
63
63
 
64
64
  its('options') { should eq ['rw', 'mode=620'] }
65
65
 
66
- ## type
66
+ ### type
67
67
 
68
68
  The `type` matcher tests the file system type:
69
69
 
70
70
  its('type') { should eq 'ext4' }
71
71
 
72
- # Examples
72
+ ## Examples
73
73
 
74
74
  The following examples show how to use this InSpec audit resource.
75
75
 
76
- ## Test a the mount point on '/'
76
+ ### Test a the mount point on '/'
77
77
 
78
78
  describe mount('/') do
79
79
  it { should be_mounted }
@@ -6,7 +6,7 @@ title: About the mysql_conf Resource
6
6
 
7
7
  Use the `mysql_conf` InSpec audit resource to test the contents of the configuration file for MySQL, typically located at `/etc/mysql/my.cnf` or `/etc/my.cnf`.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `mysql_conf` resource block declares one (or more) settings in the `my.cnf` file, and then compares the setting in the configuration file to the value stated in the test:
12
12
 
@@ -21,31 +21,31 @@ where
21
21
  * `should eq 'value'` is the value that is expected
22
22
 
23
23
 
24
- # Matchers
24
+ ## Matchers
25
25
 
26
26
  This InSpec audit resource has the following matchers:
27
27
 
28
- ## be
28
+ ### be
29
29
 
30
30
  <%= partial "/shared/matcher_be" %>
31
31
 
32
- ## cmp
32
+ ### cmp
33
33
 
34
34
  <%= partial "/shared/matcher_cmp" %>
35
35
 
36
- ## eq
36
+ ### eq
37
37
 
38
38
  <%= partial "/shared/matcher_eq" %>
39
39
 
40
- ## include
40
+ ### include
41
41
 
42
42
  <%= partial "/shared/matcher_include" %>
43
43
 
44
- ## match
44
+ ### match
45
45
 
46
46
  <%= partial "/shared/matcher_match" %>
47
47
 
48
- ## setting
48
+ ### setting
49
49
 
50
50
  The `setting` matcher tests specific, named settings in the `my.cnf` file:
51
51
 
@@ -53,18 +53,18 @@ The `setting` matcher tests specific, named settings in the `my.cnf` file:
53
53
 
54
54
  Use a `setting` matcher for each setting to be tested.
55
55
 
56
- # Examples
56
+ ## Examples
57
57
 
58
58
  The following examples show how to use this InSpec audit resource.
59
59
 
60
- ## Test the maximum number of allowed connections
60
+ ### Test the maximum number of allowed connections
61
61
 
62
62
  describe mysql_conf do
63
63
  its('max_connections') { should eq '505' }
64
64
  its('max_user_connections') { should eq '500' }
65
65
  end
66
66
 
67
- ## Test slow query logging**
67
+ ### Test slow query logging**
68
68
 
69
69
  describe mysql_conf do
70
70
  its('slow_query_log_file') { should eq 'hostname_slow.log' }
@@ -74,14 +74,14 @@ The following examples show how to use this InSpec audit resource.
74
74
  its('min_examined_row_limit') { should eq '100' }
75
75
  end
76
76
 
77
- ## Test the port and socket on which MySQL listens
77
+ ### Test the port and socket on which MySQL listens
78
78
 
79
79
  describe mysql_conf do
80
80
  its('port') { should eq '3306' }
81
81
  its('socket') { should eq '/var/run/mysqld/mysql.sock' }
82
82
  end
83
83
 
84
- ## Test connection and thread variables
84
+ ### Test connection and thread variables
85
85
 
86
86
  describe mysql_conf do
87
87
  its('port') { should eq '3306' }
@@ -95,7 +95,7 @@ The following examples show how to use this InSpec audit resource.
95
95
  its('thread_cache_size') { should eq '505' }
96
96
  end
97
97
 
98
- ## Test the safe-user-create parameter
98
+ ### Test the safe-user-create parameter
99
99
 
100
100
  describe mysql_conf.params('mysqld') do
101
101
  its('safe-user-create') { should eq('1') }
@@ -6,7 +6,7 @@ title: About the mysql_session Resource
6
6
 
7
7
  Use the `mysql_session` InSpec audit resource to test SQL commands run against a MySQL database.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `mysql_session` resource block declares the username and password to use for the session, and then the command to be run:
12
12
 
@@ -20,41 +20,41 @@ where
20
20
  * `query('QUERY')` contains the query to be run
21
21
  * `its('output') { should eq('') }` compares the results of the query against the expected result in the test
22
22
 
23
- # Matchers
23
+ ## Matchers
24
24
 
25
25
  This InSpec audit resource has the following matchers:
26
26
 
27
- ## be
27
+ ### be
28
28
 
29
29
  <%= partial "/shared/matcher_be" %>
30
30
 
31
- ## cmp
31
+ ### cmp
32
32
 
33
33
  <%= partial "/shared/matcher_cmp" %>
34
34
 
35
- ## eq
35
+ ### eq
36
36
 
37
37
  <%= partial "/shared/matcher_eq" %>
38
38
 
39
- ## include
39
+ ### include
40
40
 
41
41
  <%= partial "/shared/matcher_include" %>
42
42
 
43
- ## match
43
+ ### match
44
44
 
45
45
  <%= partial "/shared/matcher_match" %>
46
46
 
47
- ## output
47
+ ### output
48
48
 
49
49
  The `output` matcher tests the results of the query:
50
50
 
51
51
  its('output') { should eq(/^0/) }
52
52
 
53
- # Examples
53
+ ## Examples
54
54
 
55
55
  The following examples show how to use this InSpec audit resource.
56
56
 
57
- ## Test for matching databases
57
+ ### Test for matching databases
58
58
 
59
59
  sql = mysql_session('my_user','password')
60
60
 
@@ -7,7 +7,7 @@ title: About the npm Resource
7
7
  Use the `npm` InSpec audit resource to test if a global NPM package is installed. NPM is the the package manager for Node.js packages (https://docs.npmjs.com), such as Bower and StatsD.
8
8
 
9
9
 
10
- # Syntax
10
+ ## Syntax
11
11
 
12
12
  A `npm` resource block declares a package and (optionally) a package version:
13
13
 
@@ -21,54 +21,54 @@ where
21
21
  * `be_installed` is a valid matcher for this resource
22
22
 
23
23
 
24
- # Matchers
24
+ ## Matchers
25
25
 
26
26
  This InSpec audit resource has the following matchers:
27
27
 
28
- ## be
28
+ ### be
29
29
 
30
30
  <%= partial "/shared/matcher_be" %>
31
31
 
32
- ## be_installed
32
+ ### be_installed
33
33
 
34
34
  The `be_installed` matcher tests if the named Gem package and package version (if specified) is installed:
35
35
 
36
36
  it { should be_installed }
37
37
 
38
- ## cmp
38
+ ### cmp
39
39
 
40
40
  <%= partial "/shared/matcher_cmp" %>
41
41
 
42
- ## eq
42
+ ### eq
43
43
 
44
44
  <%= partial "/shared/matcher_eq" %>
45
45
 
46
- ## include
46
+ ### include
47
47
 
48
48
  <%= partial "/shared/matcher_include" %>
49
49
 
50
- ## match
50
+ ### match
51
51
 
52
52
  <%= partial "/shared/matcher_match" %>
53
53
 
54
- ## version
54
+ ### version
55
55
 
56
56
  The `version` matcher tests if the named package version is on the system:
57
57
 
58
58
  its('version') { should eq '1.2.3' }
59
59
 
60
- # Examples
60
+ ## Examples
61
61
 
62
62
  The following examples show how to use this InSpec audit resource.
63
63
 
64
- ## Verify that bower is installed, with a specific version
64
+ ### Verify that bower is installed, with a specific version
65
65
 
66
66
  describe npm('bower') do
67
67
  it { should be_installed }
68
68
  its('version') { should eq '1.4.1' }
69
69
  end
70
70
 
71
- ## Verify that statsd is not installed
71
+ ### Verify that statsd is not installed
72
72
 
73
73
  describe npm('statsd') do
74
74
  it { should_not be_installed }
@@ -7,7 +7,7 @@ title: About the ntp_conf Resource
7
7
  Use the `ntp_conf` InSpec audit resource to test the synchronization settings defined in the `ntp.conf` file. This file is typically located at `/etc/ntp.conf`.
8
8
 
9
9
 
10
- # Syntax
10
+ ## Syntax
11
11
 
12
12
  An `ntp_conf` resource block declares the synchronization settings that should be tested:
13
13
 
@@ -22,7 +22,7 @@ where
22
22
  * `{ should eq 'value' }` is the value that is expected
23
23
 
24
24
 
25
- # Matchers
25
+ ## Matchers
26
26
 
27
27
  This resource matches any service that is listed in the `ntp.conf` file:
28
28
 
@@ -40,31 +40,31 @@ For example:
40
40
  end
41
41
 
42
42
 
43
- ## be
43
+ ### be
44
44
 
45
45
  <%= partial "/shared/matcher_be" %>
46
46
 
47
- ## cmp
47
+ ### cmp
48
48
 
49
49
  <%= partial "/shared/matcher_cmp" %>
50
50
 
51
- ## eq
51
+ ### eq
52
52
 
53
53
  <%= partial "/shared/matcher_eq" %>
54
54
 
55
- ## include
55
+ ### include
56
56
 
57
57
  <%= partial "/shared/matcher_include" %>
58
58
 
59
- ## match
59
+ ### match
60
60
 
61
61
  <%= partial "/shared/matcher_match" %>
62
62
 
63
- # Examples
63
+ ## Examples
64
64
 
65
65
  The following examples show how to use this InSpec audit resource.
66
66
 
67
- ## Test for clock drift against named servers
67
+ ### Test for clock drift against named servers
68
68
 
69
69
  describe ntp_conf do
70
70
  its('driftfile') { should eq '/var/lib/ntp/ntp.drift' }
@@ -6,7 +6,7 @@ title: About the oneget Resource
6
6
 
7
7
  Use the `oneget` InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses Oneget, which is `part of the Windows Management Framework 5.0 and Windows 10 <https://github.com/OneGet/oneget>`__. This resource uses the `Get-Package` cmdlet to return all of the package names in the Oneget repository.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `oneget` resource block declares a package and (optionally) a package version:
12
12
 
@@ -20,47 +20,47 @@ where
20
20
  * `be_installed` is a valid matcher for this resource
21
21
 
22
22
 
23
- # Matchers
23
+ ## Matchers
24
24
 
25
25
  This InSpec audit resource has the following matchers:
26
26
 
27
- ## be
27
+ ### be
28
28
 
29
29
  <%= partial "/shared/matcher_be" %>
30
30
 
31
- ## be_installed
31
+ ### be_installed
32
32
 
33
33
  The `be_installed` matcher tests if the named package is installed on the system:
34
34
 
35
35
  it { should be_installed }
36
36
 
37
- ## cmp
37
+ ### cmp
38
38
 
39
39
  <%= partial "/shared/matcher_cmp" %>
40
40
 
41
- ## eq
41
+ ### eq
42
42
 
43
43
  <%= partial "/shared/matcher_eq" %>
44
44
 
45
- ## include
45
+ ### include
46
46
 
47
47
  <%= partial "/shared/matcher_include" %>
48
48
 
49
- ## match
49
+ ### match
50
50
 
51
51
  <%= partial "/shared/matcher_match" %>
52
52
 
53
- ## version
53
+ ### version
54
54
 
55
55
  The `version` matcher tests if the named package version is on the system:
56
56
 
57
57
  its('version') { should eq '1.2.3' }
58
58
 
59
- # Examples
59
+ ## Examples
60
60
 
61
61
  The following examples show how to use this InSpec audit resource.
62
62
 
63
- ## Test if VLC is installed
63
+ ### Test if VLC is installed
64
64
 
65
65
  describe oneget('VLC') do
66
66
  it { should be_installed }