inspec 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (82) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +46 -3
  3. data/Gemfile +4 -1
  4. data/README.md +3 -0
  5. data/docs/dsl_inspec.md +3 -3
  6. data/docs/profiles.md +17 -0
  7. data/docs/resources/apache_conf.md.erb +10 -10
  8. data/docs/resources/apt.md.erb +13 -13
  9. data/docs/resources/audit_policy.md.erb +10 -10
  10. data/docs/resources/auditd_conf.md.erb +10 -10
  11. data/docs/resources/auditd_rules.md.erb +11 -11
  12. data/docs/resources/bash.md.erb +12 -12
  13. data/docs/resources/bond.md.erb +15 -15
  14. data/docs/resources/bridge.md.erb +11 -11
  15. data/docs/resources/bsd_service.md.erb +11 -11
  16. data/docs/resources/command.md.erb +21 -21
  17. data/docs/resources/csv.md.erb +10 -10
  18. data/docs/resources/directory.md.erb +8 -8
  19. data/docs/resources/etc_group.md.erb +16 -16
  20. data/docs/resources/etc_passwd.md.erb +17 -17
  21. data/docs/resources/etc_shadow.md.erb +19 -19
  22. data/docs/resources/file.md.erb +58 -58
  23. data/docs/resources/gem.md.erb +12 -12
  24. data/docs/resources/group.md.erb +12 -12
  25. data/docs/resources/grub_conf.md.erb +11 -11
  26. data/docs/resources/host.md.erb +13 -13
  27. data/docs/resources/iis_site.md.erb +16 -16
  28. data/docs/resources/inetd_conf.md.erb +10 -10
  29. data/docs/resources/ini.md.erb +9 -9
  30. data/docs/resources/interface.md.erb +11 -11
  31. data/docs/resources/iptables.md.erb +11 -11
  32. data/docs/resources/json.md.erb +10 -10
  33. data/docs/resources/kernel_module.md.erb +10 -10
  34. data/docs/resources/kernel_parameter.md.erb +12 -12
  35. data/docs/resources/launchd_service.md.erb +11 -11
  36. data/docs/resources/limits_conf.md.erb +10 -10
  37. data/docs/resources/login_def.md.erb +12 -12
  38. data/docs/resources/mount.md.erb +13 -13
  39. data/docs/resources/mysql_conf.md.erb +14 -14
  40. data/docs/resources/mysql_session.md.erb +10 -10
  41. data/docs/resources/npm.md.erb +12 -12
  42. data/docs/resources/ntp_conf.md.erb +9 -9
  43. data/docs/resources/oneget.md.erb +11 -11
  44. data/docs/resources/os.md.erb +13 -13
  45. data/docs/resources/os_env.md.erb +12 -12
  46. data/docs/resources/package.md.erb +15 -15
  47. data/docs/resources/parse_config.md.erb +13 -13
  48. data/docs/resources/parse_config_file.md.erb +22 -16
  49. data/docs/resources/pip.md.erb +12 -12
  50. data/docs/resources/port.md.erb +18 -18
  51. data/docs/resources/postgres_conf.md.erb +13 -13
  52. data/docs/resources/postgres_session.md.erb +11 -11
  53. data/docs/resources/powershell.md.erb +13 -13
  54. data/docs/resources/process.md.erb +12 -12
  55. data/docs/resources/registry_key.md.erb +17 -17
  56. data/docs/resources/runit_service.md.erb +11 -11
  57. data/docs/resources/security_policy.md.erb +10 -10
  58. data/docs/resources/service.md.erb +17 -17
  59. data/docs/resources/ssh_config.md.erb +13 -13
  60. data/docs/resources/sshd_config.md.erb +14 -14
  61. data/docs/resources/ssl.md.erb +12 -12
  62. data/docs/resources/sys_info.md.erb +10 -10
  63. data/docs/resources/systemd_service.md.erb +11 -11
  64. data/docs/resources/sysv_service.md.erb +11 -11
  65. data/docs/resources/upstart_service.md.erb +11 -11
  66. data/docs/resources/user.md.erb +20 -20
  67. data/docs/resources/users.md.erb +19 -19
  68. data/docs/resources/vbscript.md.erb +9 -9
  69. data/docs/resources/windows_feature.md.erb +10 -10
  70. data/docs/resources/wmi.md.erb +10 -10
  71. data/docs/resources/xinetd_conf.md.erb +17 -17
  72. data/docs/resources/yaml.md.erb +10 -10
  73. data/docs/resources/yum.md.erb +16 -16
  74. data/examples/meta-profile/README.md +0 -5
  75. data/lib/inspec/base_cli.rb +6 -0
  76. data/lib/inspec/cli.rb +10 -3
  77. data/lib/inspec/profile.rb +3 -3
  78. data/lib/inspec/rspec_json_formatter.rb +24 -15
  79. data/lib/inspec/version.rb +1 -1
  80. data/lib/resources/registry_key.rb +15 -5
  81. data/lib/utils/filter.rb +1 -0
  82. metadata +3 -4
@@ -6,7 +6,7 @@ title: About the pip Resource
6
6
 
7
7
  Use the `pip` InSpec audit resource to test packages that are installed using the Python PIP installer.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `pip` resource block declares a package and (optionally) a package version:
12
12
 
@@ -20,53 +20,53 @@ where
20
20
  * `be_installed` tests to see if the `Jinja2` package is installed
21
21
 
22
22
 
23
- # Matchers
23
+ ## Matchers
24
24
 
25
25
  This InSpec audit resource has the following matchers:
26
26
 
27
- ## be
27
+ ### be
28
28
 
29
29
  <%= partial "/shared/matcher_be" %>
30
30
 
31
- ## be_installed
31
+ ### be_installed
32
32
 
33
33
  The `be_installed` matcher tests if the named package is installed on the system:
34
34
 
35
35
  it { should be_installed }
36
36
 
37
- ## cmp
37
+ ### cmp
38
38
 
39
39
  <%= partial "/shared/matcher_cmp" %>
40
40
 
41
- ## eq
41
+ ### eq
42
42
 
43
43
  <%= partial "/shared/matcher_eq" %>
44
44
 
45
- ## include
45
+ ### include
46
46
 
47
47
  <%= partial "/shared/matcher_include" %>
48
48
 
49
- ## match
49
+ ### match
50
50
 
51
51
  <%= partial "/shared/matcher_match" %>
52
52
 
53
- ## version
53
+ ### version
54
54
 
55
55
  The `version` matcher tests if the named package version is on the system:
56
56
 
57
57
  its('version') { should eq '1.2.3' }
58
58
 
59
- # Examples
59
+ ## Examples
60
60
 
61
61
  The following examples show how to use this InSpec audit resource.
62
62
 
63
- ## Test if Jinja2 is installed on the system
63
+ ### Test if Jinja2 is installed on the system
64
64
 
65
65
  describe pip('Jinja2') do
66
66
  it { should be_installed }
67
67
  end
68
68
 
69
- ## Test if Jinja2 2.8 is installed on the system
69
+ ### Test if Jinja2 2.8 is installed on the system
70
70
 
71
71
  describe pip('Jinja2') do
72
72
  it { should be_installed }
@@ -6,7 +6,7 @@ title: About the port Resource
6
6
 
7
7
  Use the `port` InSpec audit resource to test basic port properties, such as port, process, if it's listening.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `port` resource block declares a port, and then depending on what needs to be tested, a process, protocol, process identifier, and its state (is it listening?):
12
12
 
@@ -35,55 +35,55 @@ For example, to test if the SSH daemon is available on a Linux machine via the d
35
35
  its('addresses') { should include '0.0.0.0' }
36
36
  end
37
37
 
38
- # Matchers
38
+ ## Matchers
39
39
 
40
40
  This InSpec audit resource has the following matchers:
41
41
 
42
- ## address
42
+ ### address
43
43
 
44
44
  The `addresses` matcher tests if the specified address is associated with a port:
45
45
 
46
46
  its('addresses') { should include '0.0.0.0' }
47
47
 
48
- ## be
48
+ ### be
49
49
 
50
50
  <%= partial "/shared/matcher_be" %>
51
51
 
52
- ## be_listening
52
+ ### be_listening
53
53
 
54
54
  The `be_listening` matcher tests if the port is listening for traffic:
55
55
 
56
56
  it { should be_listening }
57
57
 
58
- ## cmp
58
+ ### cmp
59
59
 
60
60
  <%= partial "/shared/matcher_cmp" %>
61
61
 
62
- ## eq
62
+ ### eq
63
63
 
64
64
  <%= partial "/shared/matcher_eq" %>
65
65
 
66
- ## include
66
+ ### include
67
67
 
68
68
  <%= partial "/shared/matcher_include" %>
69
69
 
70
- ## match
70
+ ### match
71
71
 
72
72
  <%= partial "/shared/matcher_match" %>
73
73
 
74
- ## pids
74
+ ### pids
75
75
 
76
76
  The `pids` matcher tests the process identifiers (PIDs):
77
77
 
78
78
  its('pids') { should eq ['27808'] }
79
79
 
80
- ## processes
80
+ ### processes
81
81
 
82
82
  The `processes` matcher tests if the named process is running on the system:
83
83
 
84
84
  its('processes') { should eq ['syslog'] }
85
85
 
86
- ## protocols
86
+ ### protocols
87
87
 
88
88
  The `protocols` matcher tests the Internet protocol: ICMP (`'icmp'`), TCP (`'tcp'` or `'tcp6'`), or UDP (`'udp'` or `'udp6'`):
89
89
 
@@ -93,18 +93,18 @@ or for the IPv6 protocol:
93
93
 
94
94
  its('protocols') { should include 'tcp6' }
95
95
 
96
- # Examples
96
+ ## Examples
97
97
 
98
98
  The following examples show how to use this InSpec audit resource.
99
99
 
100
- ## Test port 80, listening with the TCP protocol
100
+ ### Test port 80, listening with the TCP protocol
101
101
 
102
102
  describe port(80) do
103
103
  it { should be_listening }
104
104
  its('protocols') {should eq ['tcp']}
105
105
  end
106
106
 
107
- ## Test port 80, on a specific address
107
+ ### Test port 80, on a specific address
108
108
 
109
109
  A specific port address may be checked using either of the following examples:
110
110
 
@@ -119,14 +119,14 @@ or:
119
119
  it { should be_listening }
120
120
  end
121
121
 
122
- ## Test port 80, listening with TCP version IPv6 protocol
122
+ ### Test port 80, listening with TCP version IPv6 protocol
123
123
 
124
124
  describe port(80) do
125
125
  it { should be_listening }
126
126
  its('protocols') {should eq ['tcp6']}
127
127
  end
128
128
 
129
- ## Test that only secure ports accept requests
129
+ ### Test that only secure ports accept requests
130
130
 
131
131
  describe port(80) do
132
132
  it { should_not be_listening }
@@ -137,7 +137,7 @@ or:
137
137
  its('protocols') {should eq ['tcp']}
138
138
  end
139
139
 
140
- ## Verify port 65432 is not listening
140
+ ### Verify port 65432 is not listening
141
141
 
142
142
  describe port(22) do
143
143
  it { should be_listening }
@@ -6,7 +6,7 @@ title: About the postgres_conf Resource
6
6
 
7
7
  Use the `postgres_conf` InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at `/etc/postgresql/<version>/main/postgresql.conf` or `/var/lib/postgres/data/postgresql.conf`, depending on the platform.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `postgres_conf` resource block declares one (or more) settings in the `postgresql.conf` file, and then compares the setting in the configuration file to the value stated in the test:
12
12
 
@@ -20,31 +20,31 @@ where
20
20
  * `('path')` is the non-default path to the `postgresql.conf` file (optional)
21
21
  * `should eq 'value'` is the value that is expected
22
22
 
23
- # Matchers
23
+ ## Matchers
24
24
 
25
25
  This InSpec audit resource has the following matchers:
26
26
 
27
- ## be
27
+ ### be
28
28
 
29
29
  <%= partial "/shared/matcher_be" %>
30
30
 
31
- ## cmp
31
+ ### cmp
32
32
 
33
33
  <%= partial "/shared/matcher_cmp" %>
34
34
 
35
- ## eq
35
+ ### eq
36
36
 
37
37
  <%= partial "/shared/matcher_eq" %>
38
38
 
39
- ## include
39
+ ### include
40
40
 
41
41
  <%= partial "/shared/matcher_include" %>
42
42
 
43
- ## match
43
+ ### match
44
44
 
45
45
  <%= partial "/shared/matcher_match" %>
46
46
 
47
- ## setting
47
+ ### setting
48
48
 
49
49
  The `setting` matcher tests specific, named settings in the `postgresql.conf` file:
50
50
 
@@ -52,17 +52,17 @@ The `setting` matcher tests specific, named settings in the `postgresql.conf` fi
52
52
 
53
53
  Use a `setting` matcher for each setting to be tested.
54
54
 
55
- # Examples
55
+ ## Examples
56
56
 
57
57
  The following examples show how to use this InSpec audit resource.
58
58
 
59
- ## Test the maximum number of allowed client connections
59
+ ### Test the maximum number of allowed client connections
60
60
 
61
61
  describe postgres_conf do
62
62
  its('max_connections') { should eq '5' }
63
63
  end
64
64
 
65
- ## Test system logging
65
+ ### Test system logging
66
66
 
67
67
  describe postgres_conf do
68
68
  its('logging_collector') { should eq 'on' }
@@ -73,13 +73,13 @@ The following examples show how to use this InSpec audit resource.
73
73
  its('log_line_prefix') { should eq '%t %u %d %h' }
74
74
  end
75
75
 
76
- ## Test the port on which PostgreSQL listens
76
+ ### Test the port on which PostgreSQL listens
77
77
 
78
78
  describe postgres_conf do
79
79
  its('port') { should eq '5432' }
80
80
  end
81
81
 
82
- ## Test the Unix socket settings
82
+ ### Test the Unix socket settings
83
83
 
84
84
  describe postgres_conf do
85
85
  its('unix_socket_directories') { should eq '.s.PGSQL.5432' }
@@ -6,7 +6,7 @@ title: About the postgres_session Resource
6
6
 
7
7
  Use the `postgres_session` InSpec audit resource to test SQL commands run against a PostgreSQL database.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:
12
12
 
@@ -22,41 +22,41 @@ where
22
22
  * `sql.query('')` contains the query to be run
23
23
  * `its('output') { should eq('') }` compares the results of the query against the expected result in the test
24
24
 
25
- # Matchers
25
+ ## Matchers
26
26
 
27
27
  This InSpec audit resource has the following matchers:
28
28
 
29
- ## be
29
+ ### be
30
30
 
31
31
  <%= partial "/shared/matcher_be" %>
32
32
 
33
- ## cmp
33
+ ### cmp
34
34
 
35
35
  <%= partial "/shared/matcher_cmp" %>
36
36
 
37
- ## eq
37
+ ### eq
38
38
 
39
39
  <%= partial "/shared/matcher_eq" %>
40
40
 
41
- ## include
41
+ ### include
42
42
 
43
43
  <%= partial "/shared/matcher_include" %>
44
44
 
45
- ## match
45
+ ### match
46
46
 
47
47
  <%= partial "/shared/matcher_match" %>
48
48
 
49
- ## output
49
+ ### output
50
50
 
51
51
  The `output` matcher tests the results of the query:
52
52
 
53
53
  its('output') { should eq(/^0/) }
54
54
 
55
- # Examples
55
+ ## Examples
56
56
 
57
57
  The following examples show how to use this InSpec audit resource.
58
58
 
59
- ## Test the PostgreSQL shadow password
59
+ ### Test the PostgreSQL shadow password
60
60
 
61
61
  sql = postgres_session('my_user', 'password')
62
62
 
@@ -64,7 +64,7 @@ The following examples show how to use this InSpec audit resource.
64
64
  its('output') { should eq('') }
65
65
  end
66
66
 
67
- ## Test for risky database entries
67
+ ### Test for risky database entries
68
68
 
69
69
  describe postgres_session('my_user', 'password').query('SELECT count (*)
70
70
  FROM pg_language
@@ -6,7 +6,7 @@ title: About the powershell Resource
6
6
 
7
7
  Use the `powershell` InSpec audit resource to test a Powershell script on the Windows platform.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `powershell` resource block declares a Powershell script to be tested, and then compares the output of that command to the matcher in the test:
12
12
 
@@ -25,53 +25,53 @@ where
25
25
  * `'output'` tests the output of the command run on the system versus the output value stated in the test
26
26
 
27
27
 
28
- # Matchers
28
+ ## Matchers
29
29
 
30
30
  This InSpec audit resource has the following matchers:
31
31
 
32
- ## be
32
+ ### be
33
33
 
34
34
  <%= partial "/shared/matcher_be" %>
35
35
 
36
- ## cmp
36
+ ### cmp
37
37
 
38
38
  <%= partial "/shared/matcher_cmp" %>
39
39
 
40
- ## eq
40
+ ### eq
41
41
 
42
42
  <%= partial "/shared/matcher_eq" %>
43
43
 
44
- ## exit_status
44
+ ### exit_status
45
45
 
46
46
  The `exit_status` matcher tests the exit status for the command:
47
47
 
48
48
  its('exit_status') { should eq 123 }
49
49
 
50
- ## include
50
+ ### include
51
51
 
52
52
  <%= partial "/shared/matcher_include" %>
53
53
 
54
- ## match
54
+ ### match
55
55
 
56
56
  <%= partial "/shared/matcher_match" %>
57
57
 
58
- ## stderr
58
+ ### stderr
59
59
 
60
60
  The `stderr` matcher tests results of the command as returned in standard error (stderr):
61
61
 
62
62
  its('stderr') { should eq 'error' }
63
63
 
64
- ## stdout
64
+ ### stdout
65
65
 
66
66
  The `stdout` matcher tests results of the command as returned in standard output (stdout):
67
67
 
68
68
  its('stdout') { should eq '/^1$/' }
69
69
 
70
- # Examples
70
+ ## Examples
71
71
 
72
72
  The following examples show how to use this InSpec audit resource.
73
73
 
74
- ## Get all groups of Administrator user
74
+ ### Get all groups of Administrator user
75
75
 
76
76
  script = <<-EOH
77
77
  # find user
@@ -85,7 +85,7 @@ The following examples show how to use this InSpec audit resource.
85
85
  its('stdout') { should_not eq '' }
86
86
  end
87
87
 
88
- ## Write-Output 'hello'
88
+ ### Write-Output 'hello'
89
89
 
90
90
  The following Powershell script:
91
91
 
@@ -6,7 +6,7 @@ title: About the processes Resource
6
6
 
7
7
  Use the `processes` InSpec audit resource to test properties for programs that are running on the system.
8
8
 
9
- # Syntax
9
+ ## Syntax
10
10
 
11
11
  A `processes` resource block declares the name of the process to be tested, and then declares one (or more) property/value pairs:
12
12
 
@@ -20,53 +20,53 @@ where
20
20
  * `property_name` may be used to test user (`its('users')`) and state properties (`its('states')`)
21
21
 
22
22
 
23
- # Matchers
23
+ ## Matchers
24
24
 
25
25
  This InSpec audit resource has the following matchers:
26
26
 
27
- ## be
27
+ ### be
28
28
 
29
29
  <%= partial "/shared/matcher_be" %>
30
30
 
31
- ## cmp
31
+ ### cmp
32
32
 
33
33
  <%= partial "/shared/matcher_cmp" %>
34
34
 
35
- ## eq
35
+ ### eq
36
36
 
37
37
  <%= partial "/shared/matcher_eq" %>
38
38
 
39
- ## include
39
+ ### include
40
40
 
41
41
  <%= partial "/shared/matcher_include" %>
42
42
 
43
- ## match
43
+ ### match
44
44
 
45
45
  <%= partial "/shared/matcher_match" %>
46
46
 
47
- ## property_name
47
+ ### property_name
48
48
 
49
49
  The `property_name` matcher tests the named property for the specified value:
50
50
 
51
51
  its('property_name') { should eq ['property_value'] }
52
52
 
53
- # Examples
53
+ ## Examples
54
54
 
55
55
  The following examples show how to use this InSpec audit resource.
56
56
 
57
- ## Test if the list length for the mysqld process is 1
57
+ ### Test if the list length for the mysqld process is 1
58
58
 
59
59
  describe processes('mysqld') do
60
60
  its('list.length') { should eq 1 }
61
61
  end
62
62
 
63
- ## Test if the init process is owned by the root user
63
+ ### Test if the init process is owned by the root user
64
64
 
65
65
  describe processes('init') do
66
66
  its('users') { should eq ['root'] }
67
67
  end
68
68
 
69
- ## Test if a high-priority process is running
69
+ ### Test if a high-priority process is running
70
70
 
71
71
  describe processes('some_process') do
72
72
  its('states') { should eq ['R<'] }