inspec 1.36.1 → 1.37.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1e657ef01d81b9cfa453584a6b27a56219faab15
4
- data.tar.gz: ec4faacc317379e4dbd095fc45c1a58f76eb7cd5
3
+ metadata.gz: 2deb0a13ed78e24b3fdc0b02b85e08934ed94498
4
+ data.tar.gz: cc043ff4dbcc869b811e5a1cddfc982c3d167e96
5
5
  SHA512:
6
- metadata.gz: 1e21aed7d8cce4934e220299434dfc0af90e9bbda871f6026c4db94e61e7d94509bf048cd2961d2127149b34d6ba928e435d9cedb07fd677a73132479a7b9a7e
7
- data.tar.gz: cda173a2a0071274fc294dbff1cd69d0ffae1b7bd2b4baa16eac8758609ba31c7ccc5f534f6746da38b523ed51ead932af9444f120a30673a9167f6d41cb33b6
6
+ metadata.gz: 2b24779c8fed6870015055c52b2aa2a0eac19b2adeb0324a322125c6fb77bee0f9a432d75825cf8c3f1e6672af8ca90392c96590a9e4351724b5fce446849442
7
+ data.tar.gz: 316851c81278ba142874d01b3ab76ed2b8bc4005c5edd5f3c5a41d0756f010fabcfc612dd52ba2d1060aa6a5cd8af53f0d8773d9c0c3270bf3d01ff35bd320a6
@@ -1,25 +1,43 @@
1
1
  # Change Log
2
+ <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
3
+ <!-- latest_release 1.37.6 -->
4
+ ## [v1.37.6](https://github.com/chef/inspec/tree/v1.37.6) (2017-09-14)
2
5
 
3
- <!-- latest_release 1.35.5 -->
4
- ## [v1.35.5](https://github.com/chef/inspec/tree/v1.35.5) (2017-09-06)
5
-
6
- #### Enhancements
7
- - add nginx_conf accessors for http, servers, and locations [#2119](https://github.com/chef/inspec/pull/2119) ([arlimus](https://github.com/arlimus))
6
+ #### Merged Pull Requests
7
+ - Bump Ruby to 2.3.5 [#2149](https://github.com/chef/inspec/pull/2149) ([adamleff](https://github.com/adamleff))
8
8
  <!-- latest_release -->
9
9
 
10
- <!-- release_rollup since=1.35.1 -->
11
- ### Changes since 1.35.1 release
10
+ <!-- release_rollup since=1.36.1 -->
11
+ ### Changes since 1.36.1 release
12
12
 
13
- #### Bug Fixes
14
- - Fix alternate path profile chaining [#2121](https://github.com/chef/inspec/pull/2121) ([trevor-vaughan](https://github.com/trevor-vaughan)) <!-- 1.35.4 -->
15
- - Modify linux regular expression to handle process names with spaces [#2117](https://github.com/chef/inspec/pull/2117) ([ChadScott](https://github.com/ChadScott)) <!-- 1.35.3 -->
13
+ #### Merged Pull Requests
14
+ - Bump Ruby to 2.3.5 [#2149](https://github.com/chef/inspec/pull/2149) ([adamleff](https://github.com/adamleff)) <!-- 1.37.6 -->
16
15
 
17
16
  #### Enhancements
18
- - add nginx_conf accessors for http, servers, and locations [#2119](https://github.com/chef/inspec/pull/2119) ([arlimus](https://github.com/arlimus)) <!-- 1.35.5 -->
19
- - File Resource: add be_setgid, be_setuid, be_sticky matchers [#2104](https://github.com/chef/inspec/pull/2104) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 1.35.2 -->
17
+ - Show versions for inspec compliance profiles [#2143](https://github.com/chef/inspec/pull/2143) ([alexpop](https://github.com/alexpop)) <!-- 1.37.5 -->
18
+ - Support profile versions for automate profiles storage [#2128](https://github.com/chef/inspec/pull/2128) ([alexpop](https://github.com/alexpop)) <!-- 1.37.4 -->
19
+
20
+ #### Bug Fixes
21
+ - package resource: assume a default Homebrew path [#2140](https://github.com/chef/inspec/pull/2140) ([adamleff](https://github.com/adamleff)) <!-- 1.37.3 -->
22
+ - Ignore linked container names when parsing docker containers [#2134](https://github.com/chef/inspec/pull/2134) ([adamleff](https://github.com/adamleff)) <!-- 1.37.2 -->
23
+
24
+ #### New Resources
25
+ - nginx resource: audit the nginx binary and how it was compiled [#1958](https://github.com/chef/inspec/pull/1958) ([rx294](https://github.com/rx294)) <!-- 1.37.1 -->
26
+ - etc_fstab resource: test contents of the /etc/fstab file [#2064](https://github.com/chef/inspec/pull/2064) ([dromazmj](https://github.com/dromazmj)) <!-- 1.37.0 -->
20
27
  <!-- release_rollup -->
21
28
 
22
29
  <!-- latest_stable_release -->
30
+ ## [v1.36.1](https://github.com/chef/inspec/tree/v1.36.1) (2017-09-07)
31
+
32
+ #### Enhancements
33
+ - File Resource: add be_setgid, be_setuid, be_sticky matchers [#2104](https://github.com/chef/inspec/pull/2104) ([clintoncwolfe](https://github.com/clintoncwolfe))
34
+ - add nginx_conf accessors for http, servers, and locations [#2119](https://github.com/chef/inspec/pull/2119) ([arlimus](https://github.com/arlimus))
35
+
36
+ #### Bug Fixes
37
+ - Modify linux regular expression to handle process names with spaces [#2117](https://github.com/chef/inspec/pull/2117) ([ChadScott](https://github.com/ChadScott))
38
+ - Fix alternate path profile chaining [#2121](https://github.com/chef/inspec/pull/2121) ([trevor-vaughan](https://github.com/trevor-vaughan))
39
+ <!-- latest_stable_release -->
40
+
23
41
  ## [v1.35.1](https://github.com/chef/inspec/tree/v1.35.1) (2017-08-31)
24
42
 
25
43
  #### New Resources
@@ -38,7 +56,6 @@
38
56
 
39
57
  #### Merged Pull Requests
40
58
  - Add sensitive flag to resources to restrict logging output [#2017](https://github.com/chef/inspec/pull/2017) ([arothian](https://github.com/arothian))
41
- <!-- latest_stable_release -->
42
59
 
43
60
  ## [v1.34.1](https://github.com/chef/inspec/tree/v1.34.1) (2017-08-24)
44
61
 
@@ -0,0 +1,117 @@
1
+ ---
2
+ title: About the etc_fstab Resource
3
+ ---
4
+
5
+ # etc_fstab
6
+
7
+ Use the `etc_fstab` InSpec audit resource to test information about all partitions and storage devices on a system.
8
+ ## Syntax
9
+
10
+ An etc_fstab rule specifies a device name, its mount point, its mount type, the options its mounted with,
11
+ its dump options, and the order the files system should be checked.
12
+
13
+ ## Syntax
14
+
15
+ Use the where clause to match a property to one or more rules in the fstab file.
16
+
17
+ describe etc_fstab.where { device_name == 'value' } do
18
+ its('mount_point') { should cmp 'hostname' }
19
+ its('file_system_type') { should cmp 'list' }
20
+ its('mount_options') { should cmp 'list' }
21
+ its('dump_options') { should cmp 'list' }
22
+ its('file_system_options') { should cmp 'list' }
23
+ end
24
+
25
+ Use the optional constructor parameter to give an alternative path to fstab file
26
+
27
+ describe etc_fstab(hosts_path).where { device_name == 'value' } do
28
+ its('mount_point') { should cmp 'hostname' }
29
+ its('file_system_type') { should cmp 'list' }
30
+ its('mount_options') { should cmp 'list' }
31
+ its('dump_options') { should cmp 'list' }
32
+ its('file_system_options') { should cmp 'list ' }
33
+ end
34
+
35
+ where
36
+
37
+ * `device_name` is the name associated with the device.
38
+ * `mount_point` is the directory at which the filesystem is configured to be mounted.
39
+ * `file_system_type` is the type of file system of the device or partition.
40
+ * `mount_options` is the options for the device or partition.
41
+ * `dump_options` is a number used by dump to decide if a file system should be backed up.
42
+ * `file_system_options` is a number that specifies the order the file system should be checked.
43
+
44
+ ## Property Examples and Return Types
45
+
46
+ ### device_name
47
+
48
+ `device_name` returns a string array of device names mounted on the system.
49
+
50
+ describe etc_fstab.where { mount_point == '/mnt/sr0' } do
51
+ its('device_name') { should cmp '/dev/sr0' }
52
+ end
53
+
54
+ ### mount_point
55
+
56
+ `mount_point` returns a string array of directorys at which filesystems are configured to be mounted.
57
+
58
+ describe etc_fstab.where { device_name == '/dev/sr0' } do
59
+ its('mount_point') { should cmp '/mnt/sr0' }
60
+ end
61
+
62
+ ### file_system_type
63
+
64
+ `file_system_type` returns a String array of each partitions file system type.
65
+
66
+ describe etc_fstab.where { device_name == '/dev/sr0' } do
67
+ its('file_system_type') { should cmp 'iso9660' }
68
+ end
69
+
70
+ ### mount_options
71
+
72
+ `mount_options` returns a two dimensional array of each partitions mount options.
73
+
74
+ describe etc_fstab.where { mount_point == '/' } do
75
+ its('mount_options') { should eq [['defaults', 'x-systemd.device-timeout=0']] }
76
+ end
77
+
78
+ ### dump_options
79
+
80
+ `dump_options` returns a integer array of each partitions dump option.
81
+
82
+ describe etc_fstab.where { device_name == '/dev/sr0' } do
83
+ its('dump_options') { should cmp 0 }
84
+ end
85
+
86
+ ### file_system_options
87
+
88
+ `file_system_options` returns a integer array of each partitions file system option.
89
+
90
+ describe etc_fstab.where { device_name == '/dev/sr0' } do
91
+ its('file_system_options') { should cmp 0 }
92
+ end
93
+
94
+ ## Examples
95
+
96
+ The following examples show how to use this InSpec resource.
97
+
98
+ ### Check all partitions that have type of 'nfs'.
99
+
100
+ nfs_systems = etc_fstab.nfs_file_systems
101
+ nfs_systems.each do |partition|
102
+ describe partition do
103
+ its('mount_options') { should include 'nosuid' }
104
+ end
105
+ end
106
+
107
+ ### Check the partition mounted at /home contains 'nosuid' in its mount_options.
108
+
109
+ describe etc_fstab do
110
+ its('home_mount_options') { should include 'nosuid' }
111
+ end
112
+
113
+ ### Check if a partition is mounted at a point.
114
+
115
+ describe etc_fstab.where { mount_point == '/home' } do
116
+ it { should be_configured }
117
+ end
@@ -14,9 +14,20 @@ A `mysql_conf` resource block declares one (or more) settings in the `my.cnf` fi
14
14
  its('setting') { should eq 'value' }
15
15
  end
16
16
 
17
+ # Test a parameter set within the [mysqld] section
18
+ describe mysql_conf do
19
+ its('mysqld.port') { should cmp 3306 }
20
+ end
21
+
22
+ # Test a parameter set within the [mariadb] section using array notation
23
+ describe mysql_conf do
24
+ its(['mariadb', 'max-connections']) { should_not be_nil }
25
+ end
26
+
17
27
  where
18
28
 
19
29
  * `'setting'` specifies a setting in the `my.cnf` file, such as `max_connections`
30
+ * when checking a setting within sections, such as `[mysqld]`, the section name must be included
20
31
  * `('path')` is the non-default path to the `my.cnf` file
21
32
  * `should eq 'value'` is the value that is expected
22
33
 
@@ -0,0 +1,72 @@
1
+ ---
2
+ title: The Nginx Resource
3
+ ---
4
+
5
+ # nginx
6
+
7
+ Use the `nginx` InSpec audit resource to test the fields and validity of nginx.
8
+
9
+ Nginx resource extracts and exposes data reported by the command 'nginx -V'
10
+
11
+ ## Syntax
12
+
13
+ An `nginx` InSpec audit resource block extracts configuration settings that should be tested:
14
+
15
+ describe nginx do
16
+ its('attribute') { should eq 'value' }
17
+ end
18
+
19
+ describe nginx('path to nginx') do
20
+ its('attribute') { should eq 'value' }
21
+ end
22
+
23
+ where
24
+
25
+ * `'attribute'` is a configuration parsed from result of the command 'nginx -V'
26
+ * `'value'` is the value that is expected of the attribute
27
+
28
+ ## Supported Properties
29
+
30
+ * 'compiler_info', 'error_log_path', 'http_client_body_temp_path', 'http_fastcgi_temp_path', 'http_log_path', 'http_proxy_temp_path', 'http_scgi_temp_path', 'http_uwsgi_temp_path', 'lock_path', 'modules', 'modules_path', 'openssl_version', 'prefix', 'sbin_path', 'service', 'support_info', 'version'
31
+
32
+ ## Property Examples and Return Types
33
+
34
+ ### version(String)
35
+
36
+ `version` returns a string of the version of the running nginx instance
37
+
38
+ describe nginx do
39
+ its('version') { should eq '1.12.0' }
40
+ end
41
+
42
+ ### modules(String)
43
+
44
+ `modules` returns a array modules in the running nginx instance
45
+
46
+ describe nginx do
47
+ its('modules') { should include 'my_module' }
48
+ end
49
+
50
+ ### openssl_version(Hash)
51
+
52
+ `openssl_version ` returns a hash with 'version' and 'date' as keys
53
+
54
+ describe nginx do
55
+ its('openssl_version.date') { should eq '11 Feb 2013' }
56
+ end
57
+
58
+ ### compiler_info(Hash)
59
+
60
+ `compiler_info ` returns a hash with 'compiler' , version' and 'date' as keys
61
+
62
+ describe nginx do
63
+ its('compiler_info.compiler') { should eq 'gcc' }
64
+ end
65
+
66
+ ### support_info(String)
67
+
68
+ `support_info ` returns a string containing supported protocols
69
+
70
+ describe nginx do
71
+ its('support_info') { should match /TLS/ }
72
+ end
@@ -148,6 +148,17 @@ Finished in 0.02862 seconds (files took 0.62628 seconds to load)
148
148
  5 examples, 0 failures, 1 pending
149
149
  ```
150
150
 
151
+ Exec a specific version(2.0.1) of a profile when logged in with Automate:
152
+
153
+ ```
154
+ $ inspec exec compliance://admin/apache-baseline#2.0.1
155
+ ```
156
+
157
+ Download a specific version(2.0.2) of a profile when logged in with Automate:
158
+ ```
159
+ $ inspec compliance download compliance://admin/apache-baseline#2.0.2
160
+ ```
161
+
151
162
  ### To Logout from Chef Compliance
152
163
 
153
164
  ```
@@ -83,9 +83,13 @@ module Compliance
83
83
  # verifies that a profile
84
84
  def self.exist?(config, profile)
85
85
  _msg, profiles = Compliance::API.profiles(config)
86
+ owner, id, ver = profile_split(profile)
86
87
  if !profiles.empty?
87
- index = profiles.index { |p| "#{p['owner_id']}/#{p['name']}" == profile }
88
- !index.nil? && index >= 0
88
+ profiles.any? do |p|
89
+ p['owner_id'] == owner &&
90
+ p['name'] == id &&
91
+ (ver.nil? || p['version'] == ver)
92
+ end
89
93
  else
90
94
  false
91
95
  end
@@ -179,14 +183,21 @@ module Compliance
179
183
  end
180
184
 
181
185
  def self.target_url(config, profile)
182
- if is_automate_server?(config)
183
- owner, id = profile.split('/')
184
- target = "#{config['server']}/profiles/#{owner}/#{id}/tar"
186
+ owner, id, ver = profile_split(profile)
187
+
188
+ return "#{config['server']}/owners/#{owner}/compliance/#{id}/tar" unless is_automate_server?(config)
189
+
190
+ if ver.nil?
191
+ "#{config['server']}/profiles/#{owner}/#{id}/tar"
185
192
  else
186
- owner, id = profile.split('/')
187
- target = "#{config['server']}/owners/#{owner}/compliance/#{id}/tar"
193
+ "#{config['server']}/profiles/#{owner}/#{id}/version/#{ver}/tar"
188
194
  end
189
- target
195
+ end
196
+
197
+ def self.profile_split(profile)
198
+ owner, id = profile.split('/')
199
+ id, version = id.split('#')
200
+ [owner, id, version]
190
201
  end
191
202
 
192
203
  # returns a parsed url for `admin/profile` or `compliance://admin/profile`
@@ -104,7 +104,7 @@ module Compliance
104
104
  # iterate over profiles
105
105
  headline('Available profiles:')
106
106
  profiles.each { |profile|
107
- li("#{profile['title']} #{mark_text(profile['owner_id'] + '/' + profile['name'])}")
107
+ li("#{profile['title']} v#{profile['version']} (#{mark_text(profile['owner_id'] + '/' + profile['name'])})")
108
108
  }
109
109
  else
110
110
  puts msg, 'Could not find any profiles'
@@ -3,6 +3,8 @@
3
3
 
4
4
  module Inspec
5
5
  module Exceptions
6
+ class AttributesFileDoesNotExist < ArgumentError; end
7
+ class AttributesFileNotReadable < ArgumentError; end
6
8
  class SecretsBackendNotFound < ArgumentError; end
7
9
  end
8
10
  end
@@ -89,6 +89,7 @@ require 'resources/directory'
89
89
  require 'resources/docker'
90
90
  require 'resources/docker_image'
91
91
  require 'resources/docker_container'
92
+ require 'resources/etc_fstab'
92
93
  require 'resources/etc_group'
93
94
  require 'resources/etc_hosts'
94
95
  require 'resources/file'
@@ -113,6 +114,7 @@ require 'resources/mssql_session'
113
114
  require 'resources/mysql'
114
115
  require 'resources/mysql_conf'
115
116
  require 'resources/mysql_session'
117
+ require 'resources/nginx'
116
118
  require 'resources/nginx_conf'
117
119
  require 'resources/npm'
118
120
  require 'resources/ntp_conf'
@@ -124,11 +124,13 @@ module Inspec
124
124
  return options[:attributes] if secrets_targets.nil?
125
125
 
126
126
  secrets_targets.each do |target|
127
+ validate_attributes_file_readability!(target)
128
+
127
129
  secrets = Inspec::SecretsBackend.resolve(target)
128
130
  if secrets.nil?
129
131
  raise Inspec::Exceptions::SecretsBackendNotFound,
130
- "Unable to find a parser for attributes file #{target}. " \
131
- 'Check to make sure the file exists and has the appropriate extension.'
132
+ "Cannot find parser for attributes file '#{target}'. " \
133
+ 'Check to make sure file has the appropriate extension.'
132
134
  end
133
135
 
134
136
  next if secrets.attributes.nil?
@@ -270,5 +272,21 @@ module Inspec
270
272
 
271
273
  examples.each { |e| @test_collector.add_test(e, rule) }
272
274
  end
275
+
276
+ def validate_attributes_file_readability!(target)
277
+ unless File.exist?(target)
278
+ raise Inspec::Exceptions::AttributesFileDoesNotExist,
279
+ "Cannot find attributes file '#{target}'. " \
280
+ 'Check to make sure file exists.'
281
+ end
282
+
283
+ unless File.readable?(target)
284
+ raise Inspec::Exceptions::AttributesFileNotReadable,
285
+ "Cannot read attributes file '#{target}'. " \
286
+ 'Check to make sure file is readable.'
287
+ end
288
+
289
+ true
290
+ end
273
291
  end
274
292
  end
@@ -4,5 +4,5 @@
4
4
  # author: Christoph Hartmann
5
5
 
6
6
  module Inspec
7
- VERSION = '1.36.1'.freeze
7
+ VERSION = '1.37.6'.freeze
8
8
  end
@@ -63,7 +63,7 @@ module Inspec::Resources
63
63
  # For compatability with Serverspec we also offer the following resouses:
64
64
  # - docker_container
65
65
  # - docker_image
66
- class Docker < Inspec.resource(1)
66
+ class Docker < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
67
67
  name 'docker'
68
68
 
69
69
  desc "
@@ -167,6 +167,13 @@ module Inspec::Resources
167
167
 
168
168
  # ensure all keys are there
169
169
  j = ensure_container_keys(j)
170
+
171
+ # strip off any linked container names
172
+ # Depending on how it was linked, the actual container name may come before
173
+ # or after the link information, so we'll just look for the first name that
174
+ # does not include a slash since that is not a valid character in a container name
175
+ j['names'] = j['names'].split(',').find { |c| !c.include?('/') }
176
+
170
177
  ps.push(j)
171
178
  }
172
179
  ps
@@ -0,0 +1,107 @@
1
+ # encoding: utf-8
2
+ # copyright:
3
+ # author: Matthew Dromazos
4
+
5
+ require 'utils/parser'
6
+
7
+ class EtcFstab < Inspec.resource(1)
8
+ name 'etc_fstab'
9
+ desc 'Use the etc_fstab InSpec audit resource to check the configuration of the etc/fstab file.'
10
+ example "
11
+ removable_media = etc_fstab.removable_media_file_systems
12
+ removable_media.each do |media|
13
+ describe media do
14
+ its ('mount_options') { should include 'nosuid' }
15
+ end
16
+ end
17
+
18
+ nfs_systems = etc_fstab.nfs_file_systems
19
+ nfs_systems.each do |file_system|
20
+ describe file_system do
21
+ its ('mount_options') { should include 'nosuid' }
22
+ its ('mount_options') { should include 'noexec' }
23
+ its ('mount_options') { should include '\'sec=krb5:krb5i:krb5p\'' }
24
+ end
25
+ end
26
+
27
+ describe etc_fstab do
28
+ its ('home_mount_options') { should include 'nosuid' }
29
+ end
30
+ "
31
+
32
+ attr_reader :params
33
+
34
+ include CommentParser
35
+
36
+ def initialize(fstab_path = nil)
37
+ return skip_resource 'The `etc_fstab` resource is not supported on your OS.' unless inspec.os.linux?
38
+ @conf_path = fstab_path || '/etc/fstab'
39
+ @files_contents = {}
40
+ @content = nil
41
+ @params = nil
42
+ read_content
43
+ end
44
+
45
+ filter = FilterTable.create
46
+ filter.add_accessor(:where)
47
+ .add_accessor(:entries)
48
+ .add(:device_name, field: 'device_name')
49
+ .add(:mount_point, field: 'mount_point')
50
+ .add(:file_system_type, field: 'file_system_type')
51
+ .add(:mount_options, field: 'mount_options')
52
+ .add(:dump_options, field: 'dump_options')
53
+ .add(:file_system_options, field: 'file_system_options')
54
+ .add(:configured?) { |x| x.entries.any? }
55
+
56
+ filter.connect(self, :params)
57
+
58
+ def nfs_file_systems
59
+ where { file_system_type.match(/nfs/) }
60
+ end
61
+
62
+ def home_mount_options
63
+ return nil unless where { mount_point == '/home' }.configured?
64
+ where { mount_point == '/home' }.entries[0].mount_options
65
+ end
66
+
67
+ private
68
+
69
+ def read_content
70
+ @content = ''
71
+ @params = {}
72
+ @content = read_file(@conf_path)
73
+ @params = parse_conf(@content)
74
+ end
75
+
76
+ def parse_conf(content)
77
+ content.map do |line|
78
+ data, = parse_comment_line(line, comment_char: '#', standalone_comments: false)
79
+ parse_line(data) unless data == ''
80
+ end.compact
81
+ end
82
+
83
+ def parse_line(line)
84
+ attributes = line.split
85
+ {
86
+ 'device_name' => attributes[0],
87
+ 'mount_point' => attributes[1],
88
+ 'file_system_type' => attributes[2],
89
+ 'mount_options' => attributes[3].split(','),
90
+ 'dump_options' => attributes[4].to_i,
91
+ 'file_system_options' => attributes[5].to_i,
92
+ }
93
+ end
94
+
95
+ def read_file(conf_path = @conf_path)
96
+ file = inspec.file(conf_path)
97
+ if !file.file?
98
+ return skip_resource "Can't find \"#{@conf_path}\""
99
+ end
100
+
101
+ raw_conf = file.content
102
+ if raw_conf.empty? && !file.empty?
103
+ return skip_resource("File is empty or unable to read file at path:\"#{@conf_path}\"")
104
+ end
105
+ raw_conf.lines
106
+ end
107
+ end
@@ -33,6 +33,16 @@ module Inspec::Resources
33
33
  describe mysql_conf('path') do
34
34
  its('setting') { should eq 'value' }
35
35
  end
36
+
37
+ # Test a parameter set within the [mysqld] section
38
+ describe mysql_conf do
39
+ its('mysqld.port') { should cmp 3306 }
40
+ end
41
+
42
+ # Test a parameter set within the [mariadb] section using array notation
43
+ describe mysql_conf do
44
+ its(['mariadb', 'max-connections']) { should_not be_nil }
45
+ end
36
46
  "
37
47
 
38
48
  include FindFiles
@@ -0,0 +1,97 @@
1
+ # encoding: utf-8
2
+ # author: Aaron Lippold, lippold@gmail.com
3
+ # author: Rony Xavier, rx294@gmail.com
4
+
5
+ require 'pathname'
6
+ require 'hashie/mash'
7
+
8
+ module Inspec::Resources
9
+ class Nginx < Inspec.resource(1)
10
+ name 'nginx'
11
+ desc 'Use the nginx InSpec audit resource to test information about your NGINX instance.'
12
+ example "
13
+ describe nginx do
14
+ its('conf_path') { should cmp '/etc/nginx/nginx.conf' }
15
+ end
16
+ describe nginx('/etc/sbin/') do
17
+ its('version') { should be >= '1.0.0' }
18
+ end
19
+ describe nginx do
20
+ its('modules') { should include 'my_module' }
21
+ end
22
+ "
23
+ attr_reader :params, :bin_dir
24
+
25
+ def initialize(nginx_path = '/usr/sbin/nginx')
26
+ return skip_resource 'The `nginx` resource is not yet available on your OS.' if inspec.os.windows?
27
+ return skip_resource 'The `nginx` binary not found in the path provided.' unless inspec.command(nginx_path).exist?
28
+
29
+ cmd = inspec.command("#{nginx_path} -V 2>&1")
30
+ if !cmd.exit_status.zero?
31
+ return skip_resource 'Error using the command nginx -V'
32
+ end
33
+ @data = cmd.stdout
34
+ @params = {}
35
+ read_content
36
+ end
37
+
38
+ %w{compiler_info error_log_path http_client_body_temp_path http_fastcgi_temp_path http_log_path http_proxy_temp_path http_scgi_temp_path http_uwsgi_temp_path lock_path modules_path openssl_version prefix sbin_path service support_info version}.each do |property|
39
+ define_method(property.to_sym) do
40
+ @params[property.to_sym]
41
+ end
42
+ end
43
+
44
+ def openssl_version
45
+ result = @data.scan(/built with OpenSSL\s(\S+)\s(\d+\s\S+\s\d{4})/).flatten
46
+ Hashie::Mash.new({ 'version' => result[0], 'date' => result[1] })
47
+ end
48
+
49
+ def compiler_info
50
+ result = @data.scan(/built by (\S+)\s(\S+)\s(\S+)/).flatten
51
+ Hashie::Mash.new({ 'compiler' => result[0], 'version' => result[1], 'date' => result[2] })
52
+ end
53
+
54
+ def support_info
55
+ support_info = @data.scan(/(.*\S+) support enabled/).flatten
56
+ support_info.empty? ? nil : support_info.join(' ')
57
+ end
58
+
59
+ def modules
60
+ @data.scan(/--with-(\S+)_module/).flatten
61
+ end
62
+
63
+ def to_s
64
+ 'Nginx Environment'
65
+ end
66
+
67
+ private
68
+
69
+ def read_content
70
+ parse_config
71
+ parse_path
72
+ parse_http_path
73
+ end
74
+
75
+ def parse_config
76
+ @params[:prefix] = @data.scan(/--prefix=(\S+)\s/).flatten.first
77
+ @params[:service] = 'nginx'
78
+ @params[:version] = @data.scan(%r{nginx version: nginx\/(\S+)\s}).flatten.first
79
+ end
80
+
81
+ def parse_path
82
+ @params[:sbin_path] = @data.scan(/--sbin-path=(\S+)\s/).flatten.first
83
+ @params[:modules_path] = @data.scan(/--modules-path=(\S+)\s/).flatten.first
84
+ @params[:error_log_path] = @data.scan(/--error-log-path=(\S+)\s/).flatten.first
85
+ @params[:http_log_path] = @data.scan(/--http-log-path=(\S+)\s/).flatten.first
86
+ @params[:lock_path] = @data.scan(/--lock-path=(\S+)\s/).flatten.first
87
+ end
88
+
89
+ def parse_http_path
90
+ @params[:http_client_body_temp_path] = @data.scan(/--http-client-body-temp-path=(\S+)\s/).flatten.first
91
+ @params[:http_proxy_temp_path] = @data.scan(/--http-proxy-temp-path=(\S+)\s/).flatten.first
92
+ @params[:http_fastcgi_temp_path] = @data.scan(/--http-fastcgi-temp-path=(\S+)\s/).flatten.first
93
+ @params[:http_uwsgi_temp_path] = @data.scan(/--http-uwsgi-temp-path=(\S+)\s/).flatten.first
94
+ @params[:http_scgi_temp_path] = @data.scan(/--http-scgi-temp-path=(\S+)\s/).flatten.first
95
+ end
96
+ end
97
+ end
@@ -193,7 +193,8 @@ module Inspec::Resources
193
193
  # MacOS / Darwin implementation
194
194
  class Brew < PkgManagement
195
195
  def info(package_name)
196
- cmd = inspec.command("brew info --json=v1 #{package_name}")
196
+ brew_path = inspec.command('brew').exist? ? 'brew' : '/usr/local/bin/brew'
197
+ cmd = inspec.command("#{brew_path} info --json=v1 #{package_name}")
197
198
  return nil if cmd.exit_status.to_i != 0
198
199
  # parse data
199
200
  pkg = JSON.parse(cmd.stdout)[0]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.36.1
4
+ version: 1.37.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-09-06 00:00:00.000000000 Z
11
+ date: 2017-09-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: train
@@ -330,6 +330,7 @@ files:
330
330
  - docs/resources/docker.md.erb
331
331
  - docs/resources/docker_container.md.erb
332
332
  - docs/resources/docker_image.md.erb
333
+ - docs/resources/etc_fstab.md.erb
333
334
  - docs/resources/etc_group.md.erb
334
335
  - docs/resources/etc_hosts.md.erb
335
336
  - docs/resources/file.md.erb
@@ -355,6 +356,7 @@ files:
355
356
  - docs/resources/mssql_session.md.erb
356
357
  - docs/resources/mysql_conf.md.erb
357
358
  - docs/resources/mysql_session.md.erb
359
+ - docs/resources/nginx.md.erb
358
360
  - docs/resources/nginx_conf.md.erb
359
361
  - docs/resources/npm.md.erb
360
362
  - docs/resources/ntp_conf.md.erb
@@ -571,6 +573,7 @@ files:
571
573
  - lib/resources/docker.rb
572
574
  - lib/resources/docker_container.rb
573
575
  - lib/resources/docker_image.rb
576
+ - lib/resources/etc_fstab.rb
574
577
  - lib/resources/etc_group.rb
575
578
  - lib/resources/etc_hosts.rb
576
579
  - lib/resources/file.rb
@@ -596,6 +599,7 @@ files:
596
599
  - lib/resources/mysql.rb
597
600
  - lib/resources/mysql_conf.rb
598
601
  - lib/resources/mysql_session.rb
602
+ - lib/resources/nginx.rb
599
603
  - lib/resources/nginx_conf.rb
600
604
  - lib/resources/npm.rb
601
605
  - lib/resources/ntp_conf.rb
@@ -678,7 +682,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
678
682
  version: '0'
679
683
  requirements: []
680
684
  rubyforge_project:
681
- rubygems_version: 2.6.12
685
+ rubygems_version: 2.6.13
682
686
  signing_key:
683
687
  specification_version: 4
684
688
  summary: Infrastructure and compliance testing.