inspec 1.38.8 → 1.39.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +30 -22
- data/docs/resources/etc_hosts_allow.md.erb +64 -0
- data/docs/resources/etc_hosts_deny.md.erb +64 -0
- data/docs/resources/windows_hotfix.md.erb +44 -0
- data/inspec.gemspec +1 -1
- data/lib/inspec/resource.rb +7 -5
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/etc_hosts_allow_deny.rb +122 -0
- data/lib/resources/windows_hotfix.rb +35 -0
- metadata +8 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 97699693b6d62f4d9e4c0a0bba1976a9336e45f5
|
|
4
|
+
data.tar.gz: e63ab2af1bf3052abcac967c638ebdfb433e4ba3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c002fbc3e01f146eb0626a0848a57cb3d51e50cd10fbec05d39712f887765fd0b48fda1136ad467e84e72ec2d5c99ed64bd5899a64faeee2c801a89d762b1fbb
|
|
7
|
+
data.tar.gz: 7bdcbd01f32a11d195fc2f84c092e6584fd8f0d0632feb981e923d96f8a7f05ccdf0c2100a1d078b5ea778bc76b605f52329e087ef830d710322e2927953f85b
|
data/CHANGELOG.md
CHANGED
|
@@ -1,39 +1,48 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
|
3
|
-
<!-- latest_release 1.
|
|
4
|
-
## [v1.
|
|
3
|
+
<!-- latest_release 1.39.1 -->
|
|
4
|
+
## [v1.39.0](https://github.com/chef/inspec/tree/v1.39.0) (2017-09-25)
|
|
5
5
|
|
|
6
6
|
#### Merged Pull Requests
|
|
7
|
-
- Bump train to 0.
|
|
7
|
+
- Bump train to 0.28 to allow for more net-ssh versions [#2185](https://github.com/chef/inspec/pull/2185) ([adamleff](https://github.com/adamleff))
|
|
8
8
|
<!-- latest_release -->
|
|
9
9
|
|
|
10
|
-
<!-- release_rollup since=1.
|
|
10
|
+
<!-- release_rollup since=1.38.8 -->
|
|
11
11
|
### Changes since 1.37.6 release
|
|
12
12
|
|
|
13
|
-
####
|
|
14
|
-
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
-
|
|
13
|
+
#### Merged Pull Requests
|
|
14
|
+
- Bump train to 0.28 to allow for more net-ssh versions [#2185](https://github.com/chef/inspec/pull/2185) ([adamleff](https://github.com/adamleff)) <!-- 1.39.1 -->
|
|
15
|
+
|
|
16
|
+
#### New Resources
|
|
17
|
+
- etc_hosts_allow and etc_hosts_deny resources: test the content of the tcpwrappers configuration files [#2073](https://github.com/chef/inspec/pull/2073) ([dromazmj](https://github.com/dromazmj)) <!-- 1.39.0 -->
|
|
18
|
+
- windows_hotfix resource: test whether a Windows HotFix is installed [#2178](https://github.com/chef/inspec/pull/2178) ([mattray](https://github.com/mattray)) <!-- 1.38.9 -->
|
|
19
|
+
<!-- release_rollup -->
|
|
20
|
+
|
|
21
|
+
<!-- latest_stable_release -->
|
|
22
|
+
## [v1.38.8](https://github.com/chef/inspec/tree/v1.38.8) (2017-09-23)
|
|
18
23
|
|
|
19
24
|
#### New Resources
|
|
20
|
-
- auditd resource: test active auditd configuration against the audit daemon [#2133](https://github.com/chef/inspec/pull/2133) ([jburns12](https://github.com/jburns12))
|
|
25
|
+
- auditd resource: test active auditd configuration against the audit daemon [#2133](https://github.com/chef/inspec/pull/2133) ([jburns12](https://github.com/jburns12))
|
|
21
26
|
|
|
22
27
|
#### Enhancements
|
|
23
|
-
-
|
|
24
|
-
-
|
|
25
|
-
-
|
|
28
|
+
- Add wildcard support to `Utils::FindFiles` [#2159](https://github.com/chef/inspec/pull/2159) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
29
|
+
- Add wildcard/multiple server support to nginx_conf resource [#2141](https://github.com/chef/inspec/pull/2141) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
30
|
+
- Support array syntax for registry_key resource [#2160](https://github.com/chef/inspec/pull/2160) ([adamleff](https://github.com/adamleff))
|
|
31
|
+
- forgiving default attributes [#2177](https://github.com/chef/inspec/pull/2177) ([arlimus](https://github.com/arlimus))
|
|
26
32
|
|
|
27
|
-
####
|
|
28
|
-
-
|
|
29
|
-
- Properly return postgres query errors on failure [#2179](https://github.com/chef/inspec/pull/2179) ([adamleff](https://github.com/adamleff))
|
|
30
|
-
-
|
|
31
|
-
-
|
|
32
|
-
-
|
|
33
|
-
-
|
|
34
|
-
<!-- release_rollup -->
|
|
33
|
+
#### Bug Fixes
|
|
34
|
+
- Modify `DirProvider` to allow special characters [#2174](https://github.com/chef/inspec/pull/2174) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
35
|
+
- Properly return postgres query errors on failure [#2179](https://github.com/chef/inspec/pull/2179) ([adamleff](https://github.com/adamleff))
|
|
36
|
+
- Update method in which Pry hooks are removed [#2170](https://github.com/chef/inspec/pull/2170) ([adamleff](https://github.com/adamleff))
|
|
37
|
+
- quote username and hostname in mssql_session.rb [#2151](https://github.com/chef/inspec/pull/2151) ([bratdim](https://github.com/bratdim))
|
|
38
|
+
- Support `false` for attribute value [#2168](https://github.com/chef/inspec/pull/2168) ([adamleff](https://github.com/adamleff))
|
|
39
|
+
- Modify Upstart enabled check to use config file [#2163](https://github.com/chef/inspec/pull/2163) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
35
40
|
|
|
41
|
+
#### Merged Pull Requests
|
|
42
|
+
- Add deprecation warning to auditd_rules resource [#2156](https://github.com/chef/inspec/pull/2156) ([adamleff](https://github.com/adamleff))
|
|
43
|
+
- Bump train to 0.27 [#2180](https://github.com/chef/inspec/pull/2180) ([adamleff](https://github.com/adamleff))
|
|
36
44
|
<!-- latest_stable_release -->
|
|
45
|
+
|
|
37
46
|
## [v1.37.6](https://github.com/chef/inspec/tree/v1.37.6) (2017-09-14)
|
|
38
47
|
|
|
39
48
|
#### New Resources
|
|
@@ -50,7 +59,6 @@
|
|
|
50
59
|
|
|
51
60
|
#### Merged Pull Requests
|
|
52
61
|
- Bump Ruby to 2.3.5 for Omnibus build [#2149](https://github.com/chef/inspec/pull/2149) ([adamleff](https://github.com/adamleff))
|
|
53
|
-
<!-- latest_stable_release -->
|
|
54
62
|
|
|
55
63
|
## [v1.36.1](https://github.com/chef/inspec/tree/v1.36.1) (2017-09-07)
|
|
56
64
|
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: About the etc_hosts_allow Resource
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# etc_hosts_allow
|
|
6
|
+
|
|
7
|
+
Use the `etc_hosts_allow` InSpec audit resource to test rules set to accept daemon and client traffic set in /etc/hosts.allow file.
|
|
8
|
+
|
|
9
|
+
## Syntax
|
|
10
|
+
|
|
11
|
+
An etc/hosts.allow rule specifies one or more daemons mapped to one or more clients,
|
|
12
|
+
with zero or more options to use to accept traffic when found.
|
|
13
|
+
|
|
14
|
+
## Syntax
|
|
15
|
+
|
|
16
|
+
Use the where clause to match a property to one or more rules in the hosts.allow file.
|
|
17
|
+
|
|
18
|
+
describe etc_hosts_allow.where { daemon == 'value' } do
|
|
19
|
+
its ('client_list') { should include ['values'] }
|
|
20
|
+
its ('options') { should include ['values'] }
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
Use the optional constructor parameter to give an alternative path to hosts.allow
|
|
24
|
+
|
|
25
|
+
describe etc_hosts_allow(hosts_path).where { daemon == 'value' } do
|
|
26
|
+
its ('client_list') { should include ['values'] }
|
|
27
|
+
its ('options') { should include ['values'] }
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
where
|
|
31
|
+
|
|
32
|
+
* `daemon` is a daemon that will be allowed to pass traffic in.
|
|
33
|
+
* `client_list` is a list of clients will be allowed to pass traffic in.
|
|
34
|
+
* `options` is a list of tasks that to be done with the rule when traffic is found.
|
|
35
|
+
|
|
36
|
+
## Supported Properties
|
|
37
|
+
|
|
38
|
+
'daemon', 'client_list', 'options'
|
|
39
|
+
|
|
40
|
+
## Property Examples and Return Types
|
|
41
|
+
|
|
42
|
+
### daemon
|
|
43
|
+
|
|
44
|
+
`daemon` returns a string containing the daemon that is allowed in the rule.
|
|
45
|
+
|
|
46
|
+
describe etc_hosts_allow.where { client_list == ['127.0.1.154', '[:fff:fAb0::]'] } do
|
|
47
|
+
its('daemon') { should eq ['vsftpd', 'sshd'] }
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
### client_list
|
|
51
|
+
|
|
52
|
+
`client_list` returns a 2d string array where each entry contains the clients specified for the rule.
|
|
53
|
+
|
|
54
|
+
describe etc_hosts_allow.where { daemon == 'sshd' } do
|
|
55
|
+
its('client_list') { should include ['192.168.0.0/16', '[abcd::0000:1234]'] }
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
### options
|
|
59
|
+
|
|
60
|
+
`options` returns a 2d string array where each entry contains any options specified for the rule.
|
|
61
|
+
|
|
62
|
+
describe etc_hosts_allow.where { daemon == 'sshd' } do
|
|
63
|
+
its('options') { should include ['deny', 'echo "REJECTED"'] }
|
|
64
|
+
end
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: About the etc_hosts_deny Resource
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# etc_hosts_deny
|
|
6
|
+
|
|
7
|
+
Use the `etc_hosts_deny` InSpec audit resource to test rules set to reject daemon and client traffic set in /etc/hosts.deny.
|
|
8
|
+
|
|
9
|
+
## Syntax
|
|
10
|
+
|
|
11
|
+
An etc/hosts.deny rule specifies one or more daemons mapped to one or more clients,
|
|
12
|
+
with zero or more options to use to reject traffic when found.
|
|
13
|
+
|
|
14
|
+
## Syntax
|
|
15
|
+
|
|
16
|
+
Use the where clause to match a property to one or more rules in the hosts.deny file.
|
|
17
|
+
|
|
18
|
+
describe etc_hosts_deny.where { daemon == 'value' } do
|
|
19
|
+
its ('client_list') { should include ['values'] }
|
|
20
|
+
its ('options') { should include ['values'] }
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
Use the optional constructor parameter to give an alternative path to hosts.deny
|
|
24
|
+
|
|
25
|
+
describe etc_hosts_deny(hosts_path).where { daemon == 'value' } do
|
|
26
|
+
its ('client_list') { should include ['values'] }
|
|
27
|
+
its ('options') { should include ['values'] }
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
where
|
|
31
|
+
|
|
32
|
+
* `daemon` is a daemon that will be rejected to pass traffic in.
|
|
33
|
+
* `client_list` is a list of clients will be rejected to pass traffic in.
|
|
34
|
+
* `options` is a list of tasks that to be done with the rule when traffic is found.
|
|
35
|
+
|
|
36
|
+
## Supported Properties
|
|
37
|
+
|
|
38
|
+
'daemon', 'client_list', 'options'
|
|
39
|
+
|
|
40
|
+
## Property Examples and Return Types
|
|
41
|
+
|
|
42
|
+
### daemon
|
|
43
|
+
|
|
44
|
+
`daemon` returns a string containing the daemon that is allowed in the rule.
|
|
45
|
+
|
|
46
|
+
describe etc_hosts_deny.where { client_list == ['127.0.1.154', '[:fff:fAb0::]'] } do
|
|
47
|
+
its('daemon') { should eq ['vsftpd', 'sshd'] }
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
### client_list
|
|
51
|
+
|
|
52
|
+
`client_list` returns a 2d string array where each entry contains the clients specified for the rule.
|
|
53
|
+
|
|
54
|
+
describe etc_hosts_deny.where { daemon == 'sshd' } do
|
|
55
|
+
its('client_list') { should include ['192.168.0.0/16', '[abcd::0000:1234]'] }
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
### options
|
|
59
|
+
|
|
60
|
+
`options` returns a 2d string array where each entry contains any options specified for the rule.
|
|
61
|
+
|
|
62
|
+
describe etc_hosts_deny.where { daemon == 'sshd' } do
|
|
63
|
+
its('options') { should include ['deny', 'echo "REJECTED"'] }
|
|
64
|
+
end
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: About the windows_hotfix Resource
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Use the `windows_hotfix` InSpec audit resource to test if the hotfix has been installed on a Windows system.
|
|
6
|
+
|
|
7
|
+
## Syntax
|
|
8
|
+
|
|
9
|
+
A `windows_hotfix` resource block declares a hotfix to validate:
|
|
10
|
+
|
|
11
|
+
describe windows_hotfix('name') do
|
|
12
|
+
it { should be_installed }
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
where
|
|
16
|
+
|
|
17
|
+
* `('name')` must specify the name of a hotfix, such as `'KB4012213'`
|
|
18
|
+
* `be_installed` is a valid matcher for this resource
|
|
19
|
+
|
|
20
|
+
## Matcher
|
|
21
|
+
|
|
22
|
+
This InSpec audit resource has the following matcher:
|
|
23
|
+
|
|
24
|
+
### be_installed
|
|
25
|
+
|
|
26
|
+
The `be_installed` matcher tests if the named hotfix is installed on the system:
|
|
27
|
+
|
|
28
|
+
it { should be_installed }
|
|
29
|
+
|
|
30
|
+
## Examples
|
|
31
|
+
|
|
32
|
+
The following examples show how to use this InSpec audit resource.
|
|
33
|
+
|
|
34
|
+
### Test if KB4012213 is installed
|
|
35
|
+
|
|
36
|
+
describe windows_hotfix('KB4012213') do
|
|
37
|
+
it { should be_installed }
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
### Test that a hotfix is not installed
|
|
41
|
+
|
|
42
|
+
describe windows_hotfix('KB9999999') do
|
|
43
|
+
it { should_not be_installed }
|
|
44
|
+
end
|
data/inspec.gemspec
CHANGED
|
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
|
|
|
26
26
|
|
|
27
27
|
spec.required_ruby_version = '>= 2.1'
|
|
28
28
|
|
|
29
|
-
spec.add_dependency 'train', '~> 0.
|
|
29
|
+
spec.add_dependency 'train', '~> 0.28'
|
|
30
30
|
spec.add_dependency 'thor', '~> 0.19'
|
|
31
31
|
spec.add_dependency 'json', '>= 1.8', '< 3.0'
|
|
32
32
|
spec.add_dependency 'rainbow', '~> 2'
|
data/lib/inspec/resource.rb
CHANGED
|
@@ -88,10 +88,11 @@ require 'resources/crontab'
|
|
|
88
88
|
require 'resources/dh_params'
|
|
89
89
|
require 'resources/directory'
|
|
90
90
|
require 'resources/docker'
|
|
91
|
-
require 'resources/docker_image'
|
|
92
91
|
require 'resources/docker_container'
|
|
92
|
+
require 'resources/docker_image'
|
|
93
93
|
require 'resources/etc_fstab'
|
|
94
94
|
require 'resources/etc_group'
|
|
95
|
+
require 'resources/etc_hosts_allow_deny'
|
|
95
96
|
require 'resources/etc_hosts'
|
|
96
97
|
require 'resources/file'
|
|
97
98
|
require 'resources/gem'
|
|
@@ -127,12 +128,12 @@ require 'resources/package'
|
|
|
127
128
|
require 'resources/packages'
|
|
128
129
|
require 'resources/parse_config'
|
|
129
130
|
require 'resources/passwd'
|
|
130
|
-
require 'resources/postgres_hba_conf'
|
|
131
|
-
require 'resources/postgres_ident_conf'
|
|
132
131
|
require 'resources/pip'
|
|
133
132
|
require 'resources/port'
|
|
134
133
|
require 'resources/postgres'
|
|
135
134
|
require 'resources/postgres_conf'
|
|
135
|
+
require 'resources/postgres_hba_conf'
|
|
136
|
+
require 'resources/postgres_ident_conf'
|
|
136
137
|
require 'resources/postgres_session'
|
|
137
138
|
require 'resources/powershell'
|
|
138
139
|
require 'resources/processes'
|
|
@@ -141,18 +142,19 @@ require 'resources/registry_key'
|
|
|
141
142
|
require 'resources/security_policy'
|
|
142
143
|
require 'resources/service'
|
|
143
144
|
require 'resources/shadow'
|
|
144
|
-
require 'resources/ssl'
|
|
145
145
|
require 'resources/ssh_conf'
|
|
146
|
+
require 'resources/ssl'
|
|
146
147
|
require 'resources/sys_info'
|
|
147
148
|
require 'resources/toml'
|
|
148
149
|
require 'resources/users'
|
|
149
150
|
require 'resources/vbscript'
|
|
150
151
|
require 'resources/virtualization'
|
|
151
152
|
require 'resources/windows_feature'
|
|
153
|
+
require 'resources/windows_hotfix'
|
|
152
154
|
require 'resources/windows_task'
|
|
153
|
-
require 'resources/xinetd'
|
|
154
155
|
require 'resources/wmi'
|
|
155
156
|
require 'resources/x509_certificate'
|
|
157
|
+
require 'resources/xinetd'
|
|
156
158
|
require 'resources/yum'
|
|
157
159
|
require 'resources/zfs_dataset'
|
|
158
160
|
require 'resources/zfs_pool'
|
data/lib/inspec/version.rb
CHANGED
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# author: Matthew Dromazos
|
|
3
|
+
|
|
4
|
+
require 'utils/parser'
|
|
5
|
+
|
|
6
|
+
module Inspec::Resources
|
|
7
|
+
class EtcHostsAllow < Inspec.resource(1)
|
|
8
|
+
name 'etc_hosts_allow'
|
|
9
|
+
desc 'Use the etc_hosts_allow InSpec audit resource to test the connections
|
|
10
|
+
the client will allow. Controlled by the /etc/hosts.allow file.'
|
|
11
|
+
example "
|
|
12
|
+
describe etc_hosts_allow.where { daemon == 'ALL' } do
|
|
13
|
+
its('client_list') { should include ['127.0.0.1', '[::1]'] }
|
|
14
|
+
its('options') { should eq [[]] }
|
|
15
|
+
end
|
|
16
|
+
"
|
|
17
|
+
|
|
18
|
+
attr_reader :params
|
|
19
|
+
|
|
20
|
+
include CommentParser
|
|
21
|
+
|
|
22
|
+
def initialize(hosts_allow_path = nil)
|
|
23
|
+
return skip_resource 'The `etc_hosts_allow` resource is not supported on your OS.' unless inspec.os.linux?
|
|
24
|
+
@conf_path = hosts_allow_path || '/etc/hosts.allow'
|
|
25
|
+
@content = nil
|
|
26
|
+
@params = nil
|
|
27
|
+
read_content
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
filter = FilterTable.create
|
|
31
|
+
filter.add_accessor(:where)
|
|
32
|
+
.add_accessor(:entries)
|
|
33
|
+
.add(:daemon, field: 'daemon')
|
|
34
|
+
.add(:client_list, field: 'client_list')
|
|
35
|
+
.add(:options, field: 'options')
|
|
36
|
+
|
|
37
|
+
filter.connect(self, :params)
|
|
38
|
+
|
|
39
|
+
private
|
|
40
|
+
|
|
41
|
+
def read_content
|
|
42
|
+
@content = ''
|
|
43
|
+
@params = {}
|
|
44
|
+
@content = split_daemons(read_file(@conf_path))
|
|
45
|
+
@params = parse_conf(@content)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def split_daemons(content)
|
|
49
|
+
split_daemons_list = []
|
|
50
|
+
content.each do |line|
|
|
51
|
+
data, = parse_comment_line(line, comment_char: '#', standalone_comments: false)
|
|
52
|
+
next unless data != ''
|
|
53
|
+
data.split(':')[0].split(',').each do |daemon|
|
|
54
|
+
split_daemons_list.push("#{daemon} : " + line.split(':', 2)[1])
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
split_daemons_list
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def parse_conf(content)
|
|
61
|
+
content.map do |line|
|
|
62
|
+
data, = parse_comment_line(line, comment_char: '#', standalone_comments: false)
|
|
63
|
+
parse_line(data) unless data == ''
|
|
64
|
+
end.compact
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def parse_line(line)
|
|
68
|
+
daemon, clients_and_options = line.split(/:\s+/, 2)
|
|
69
|
+
daemon = daemon.strip
|
|
70
|
+
|
|
71
|
+
clients_and_options ||= ''
|
|
72
|
+
clients, options = clients_and_options.split(/\s+:\s+/, 2)
|
|
73
|
+
client_list = clients.split(/,/).map(&:strip)
|
|
74
|
+
|
|
75
|
+
options ||= ''
|
|
76
|
+
options_list = options.split(/:\s+/).map(&:strip)
|
|
77
|
+
|
|
78
|
+
{
|
|
79
|
+
'daemon' => daemon,
|
|
80
|
+
'client_list' => client_list,
|
|
81
|
+
'options' => options_list,
|
|
82
|
+
}
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def read_file(conf_path = @conf_path)
|
|
86
|
+
# Determine if the file exists and contains anything, if not
|
|
87
|
+
# then access control is turned off.
|
|
88
|
+
file = inspec.file(conf_path)
|
|
89
|
+
if !file.file?
|
|
90
|
+
return skip_resource "Can't find file at \"#{@conf_path}\""
|
|
91
|
+
end
|
|
92
|
+
raw_conf = file.content
|
|
93
|
+
if raw_conf.empty? && !file.empty?
|
|
94
|
+
return skip_resource("Unable to read file \"#{@conf_path}\"")
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
# If there is a file and it contains content, continue
|
|
98
|
+
raw_conf.lines
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
class EtcHostsDeny < EtcHostsAllow
|
|
103
|
+
name 'etc_hosts_deny'
|
|
104
|
+
desc 'Use the etc_hosts_deny InSpec audit resource to test the connections
|
|
105
|
+
the client will deny. Controlled by the /etc/hosts.deny file.'
|
|
106
|
+
example "
|
|
107
|
+
describe etc_hosts_deny.where { daemon_list == 'ALL' } do
|
|
108
|
+
its('client_list') { should eq [['127.0.0.1', '[::1]']] }
|
|
109
|
+
its('options') { should eq [] }
|
|
110
|
+
end
|
|
111
|
+
"
|
|
112
|
+
|
|
113
|
+
def initialize(path = nil)
|
|
114
|
+
return skip_resource '`etc_hosts_deny` is not supported on your OS' unless inspec.os.linux?
|
|
115
|
+
super(path || '/etc/hosts.deny')
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
def to_s
|
|
119
|
+
'hosts.deny Configuration'
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# author: Matt Ray
|
|
3
|
+
|
|
4
|
+
module Inspec::Resources
|
|
5
|
+
class WindowsHotfix < Inspec.resource(1)
|
|
6
|
+
name 'windows_hotfix'
|
|
7
|
+
desc 'Use the windows_hotfix InSpec audit resource to test if the hotfix has been installed on the Windows system.'
|
|
8
|
+
example "
|
|
9
|
+
describe windows_hotfix('KB4012212') do
|
|
10
|
+
it { should be_installed }
|
|
11
|
+
end
|
|
12
|
+
"
|
|
13
|
+
|
|
14
|
+
attr_accessor :content
|
|
15
|
+
|
|
16
|
+
def initialize(hotfix_id = nil)
|
|
17
|
+
@id = hotfix_id.upcase
|
|
18
|
+
@content = nil
|
|
19
|
+
os = inspec.os
|
|
20
|
+
return skip_resource 'The `windows_hotfix` resource is not a feature of your OS.' unless os.windows?
|
|
21
|
+
query = "Get-WmiObject -class \"win32_quickfixengineering\" -filter \"HotFixID = '" + @id + "'\""
|
|
22
|
+
cmd = inspec.powershell(query)
|
|
23
|
+
@content = cmd.stdout
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def to_s
|
|
27
|
+
"Windows Hotfix #{@id}"
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def installed?
|
|
31
|
+
return false if @content.nil?
|
|
32
|
+
@content.include?(@id)
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.39.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dominik Richter
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0.
|
|
19
|
+
version: '0.28'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '0.
|
|
26
|
+
version: '0.28'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: thor
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -334,6 +334,8 @@ files:
|
|
|
334
334
|
- docs/resources/etc_fstab.md.erb
|
|
335
335
|
- docs/resources/etc_group.md.erb
|
|
336
336
|
- docs/resources/etc_hosts.md.erb
|
|
337
|
+
- docs/resources/etc_hosts_allow.md.erb
|
|
338
|
+
- docs/resources/etc_hosts_deny.md.erb
|
|
337
339
|
- docs/resources/file.md.erb
|
|
338
340
|
- docs/resources/gem.md.erb
|
|
339
341
|
- docs/resources/group.md.erb
|
|
@@ -395,6 +397,7 @@ files:
|
|
|
395
397
|
- docs/resources/vbscript.md.erb
|
|
396
398
|
- docs/resources/virtualization.md.erb
|
|
397
399
|
- docs/resources/windows_feature.md.erb
|
|
400
|
+
- docs/resources/windows_hotfix.md.erb
|
|
398
401
|
- docs/resources/windows_task.md.erb
|
|
399
402
|
- docs/resources/wmi.md.erb
|
|
400
403
|
- docs/resources/x509_certificate.md.erb
|
|
@@ -578,6 +581,7 @@ files:
|
|
|
578
581
|
- lib/resources/etc_fstab.rb
|
|
579
582
|
- lib/resources/etc_group.rb
|
|
580
583
|
- lib/resources/etc_hosts.rb
|
|
584
|
+
- lib/resources/etc_hosts_allow_deny.rb
|
|
581
585
|
- lib/resources/file.rb
|
|
582
586
|
- lib/resources/gem.rb
|
|
583
587
|
- lib/resources/groups.rb
|
|
@@ -635,6 +639,7 @@ files:
|
|
|
635
639
|
- lib/resources/vbscript.rb
|
|
636
640
|
- lib/resources/virtualization.rb
|
|
637
641
|
- lib/resources/windows_feature.rb
|
|
642
|
+
- lib/resources/windows_hotfix.rb
|
|
638
643
|
- lib/resources/windows_task.rb
|
|
639
644
|
- lib/resources/wmi.rb
|
|
640
645
|
- lib/resources/x509_certificate.rb
|