RubyGems - inspec - Versions diffs - 1.40.0 → 1.41.0 - Mend

inspec 1.40.0 → 1.41.0

Files changed (114) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +30 -9
data/docs/matchers.md +18 -0
data/docs/plugin_kitchen_inspec.md +18 -24
data/docs/profiles.md +39 -2
data/docs/resources/aide_conf.md.erb +18 -28
data/docs/resources/apache_conf.md.erb +19 -33
data/docs/resources/apt.md.erb +22 -36
data/docs/resources/audit_policy.md.erb +9 -24
data/docs/resources/auditd.md.erb +9 -24
data/docs/resources/auditd_conf.md.erb +20 -34
data/docs/resources/auditd_rules.md.erb +8 -24
data/docs/resources/bash.md.erb +4 -26
data/docs/resources/bond.md.erb +25 -40
data/docs/resources/bridge.md.erb +5 -25
data/docs/resources/bsd_service.md.erb +5 -25
data/docs/resources/command.md.erb +35 -50
data/docs/resources/crontab.md.erb +9 -23
data/docs/resources/csv.md.erb +12 -27
data/docs/resources/dh_params.md +1 -0
data/docs/resources/directory.md.erb +5 -25
data/docs/resources/docker.md.erb +60 -57
data/docs/resources/docker_container.md.erb +23 -19
data/docs/resources/docker_image.md.erb +20 -16
data/docs/resources/etc_fstab.md.erb +5 -2
data/docs/resources/etc_group.md.erb +29 -45
data/docs/resources/etc_hosts.md.erb +6 -0
data/docs/resources/etc_hosts_allow.md.erb +6 -2
data/docs/resources/etc_hosts_deny.md.erb +6 -2
data/docs/resources/file.md.erb +198 -212
data/docs/resources/firewalld.md.erb +7 -1
data/docs/resources/gem.md.erb +21 -35
data/docs/resources/group.md.erb +16 -30
data/docs/resources/grub_conf.md.erb +9 -24
data/docs/resources/host.md.erb +32 -49
data/docs/resources/http.md.erb +38 -44
data/docs/resources/iis_app.md.erb +25 -35
data/docs/resources/iis_site.md.erb +26 -40
data/docs/resources/inetd_conf.md.erb +27 -42
data/docs/resources/ini.md.erb +9 -23
data/docs/resources/interface.md.erb +5 -25
data/docs/resources/iptables.md.erb +15 -29
data/docs/resources/json.md.erb +12 -27
data/docs/resources/kernel_module.md.erb +47 -61
data/docs/resources/kernel_parameter.md.erb +15 -29
data/docs/resources/key_rsa.md.erb +3 -0
data/docs/resources/launchd_service.md.erb +5 -25
data/docs/resources/limits_conf.md.erb +15 -29
data/docs/resources/login_def.md.erb +15 -30
data/docs/resources/mount.md.erb +18 -33
data/docs/resources/mssql_session.md.erb +9 -12
data/docs/resources/mysql_conf.md.erb +17 -32
data/docs/resources/mysql_session.md.erb +15 -29
data/docs/resources/nginx.md.erb +6 -0
data/docs/resources/nginx_conf.md.erb +25 -20
data/docs/resources/npm.md.erb +19 -35
data/docs/resources/ntp_conf.md.erb +20 -37
data/docs/resources/oneget.md.erb +15 -30
data/docs/resources/oracledb_session.md.erb +9 -11
data/docs/resources/os.md.erb +29 -43
data/docs/resources/os_env.md.erb +29 -44
data/docs/resources/package.md.erb +33 -42
data/docs/resources/parse_config.md.erb +5 -25
data/docs/resources/parse_config_file.md.erb +31 -43
data/docs/resources/passwd.md.erb +24 -39
data/docs/resources/pip.md.erb +20 -35
data/docs/resources/port.md.erb +43 -57
data/docs/resources/postgres_conf.md.erb +17 -31
data/docs/resources/postgres_hba_conf.md.erb +26 -38
data/docs/resources/postgres_ident_conf.md.erb +25 -37
data/docs/resources/postgres_session.md.erb +15 -29
data/docs/resources/powershell.md.erb +27 -42
data/docs/resources/processes.md.erb +17 -33
data/docs/resources/rabbitmq_config.md.erb +9 -24
data/docs/resources/registry_key.md.erb +27 -42
data/docs/resources/runit_service.md.erb +5 -25
data/docs/resources/security_policy.md.erb +12 -27
data/docs/resources/service.md.erb +27 -42
data/docs/resources/shadow.md.erb +20 -35
data/docs/resources/ssh_config.md.erb +19 -34
data/docs/resources/sshd_config.md.erb +19 -34
data/docs/resources/ssl.md.erb +39 -54
data/docs/resources/sys_info.md.erb +12 -26
data/docs/resources/systemd_service.md.erb +5 -25
data/docs/resources/sysv_service.md.erb +5 -25
data/docs/resources/upstart_service.md.erb +5 -25
data/docs/resources/user.md.erb +29 -44
data/docs/resources/users.md.erb +12 -26
data/docs/resources/vbscript.md.erb +9 -24
data/docs/resources/virtualization.md.erb +8 -23
data/docs/resources/windows_feature.md.erb +15 -30
data/docs/resources/windows_hotfix.md.erb +15 -9
data/docs/resources/windows_task.md.erb +12 -26
data/docs/resources/wmi.md.erb +9 -24
data/docs/resources/x509_certificate.md.erb +4 -0
data/docs/resources/xinetd_conf.md.erb +65 -80
data/docs/resources/xml.md.erb +12 -26
data/docs/resources/yaml.md.erb +12 -27
data/docs/resources/yum.md.erb +37 -51
data/docs/resources/zfs_dataset.md.erb +15 -26
data/docs/resources/zfs_pool.md.erb +9 -20
data/lib/inspec/backend.rb +8 -0
data/lib/inspec/profile.rb +9 -1
data/lib/inspec/shell.rb +13 -13
data/lib/inspec/version.rb +1 -1
data/lib/matchers/matchers.rb +2 -0
data/lib/resources/etc_hosts.rb +1 -1
data/lib/resources/host.rb +4 -1
data/lib/resources/http.rb +173 -23
data/lib/resources/processes.rb +106 -20
data/lib/resources/ssh_conf.rb +1 -1
data/lib/resources/ssl.rb +4 -3
data/lib/utils/object_traversal.rb +35 -10
metadata +2 -2

@@ -6,6 +6,8 @@ title: About the pip Resource
 Use the `pip` InSpec audit resource to test packages that are installed using the Python PIP installer.
+<br>
 ## Syntax
 A `pip` resource block declares a package and (optionally) a package version:
@@ -19,56 +21,39 @@ where
 * `'package_name'` is the name of the package, such as `'Jinja2'`
 * `be_installed` tests to see if the package described above is installed
+<br>
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
+## Examples
-### be_installed
+The following examples show how to use this InSpec audit resource.
-The `be_installed` matcher tests if the named package is installed on the system:
+### Test if Jinja2 is installed on the system
-    it { should be_installed }
+    describe pip('Jinja2') do
+      it { should be_installed }
+    end
-### cmp
+### Test if Jinja2 2.8 is installed on the system
-<%= partial "/shared/matcher_cmp" %>
+    describe pip('Jinja2') do
+      it { should be_installed }
+      its('version') { should eq '2.8' }
+    end
-### eq
+<br>
-<%= partial "/shared/matcher_eq" %>
+## Matchers
-### include
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-<%= partial "/shared/matcher_include" %>
+### be_installed
-### match
+The `be_installed` matcher tests if the named package is installed on the system:
-<%= partial "/shared/matcher_match" %>
+    it { should be_installed }
 ### version
 The `version` matcher tests if the named package version is on the system:
     its('version') { should eq '1.2.3' }
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Test if Jinja2 is installed on the system
-    describe pip('Jinja2') do
-      it { should be_installed }
-    end
-### Test if Jinja2 2.8 is installed on the system
-    describe pip('Jinja2') do
-      it { should be_installed }
-      its('version') { should eq '2.8' }
-    end

data/docs/resources/port.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the port Resource
 Use the `port` InSpec audit resource to test basic port properties, such as port, process, if it's listening.
+<br>
 ## Syntax
 A `port` resource block declares a port, and then depending on what needs to be tested, a process, protocol, process identifier, and its state (is it listening?):
@@ -35,63 +37,7 @@ For example, to test if the SSH daemon is available on a Linux machine via the d
       its('addresses') { should include '0.0.0.0' }
     end
-## Matchers
-This InSpec audit resource has the following matchers:
-### address
-The `addresses` matcher tests if the specified address is associated with a port:
-    its('addresses') { should include '0.0.0.0' }
-### be
-<%= partial "/shared/matcher_be" %>
-### be_listening
-The `be_listening` matcher tests if the port is listening for traffic:
-    it { should be_listening }
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### pids
-The `pids` matcher tests the process identifiers (PIDs):
-    its('pids') { should cmp 27808 }
-### processes
-The `processes` matcher tests if the named process is running on the system:
-    its('processes') { should cmp 'syslog' }
-### protocols
-The `protocols` matcher tests the Internet protocol: ICMP (`'icmp'`), TCP (`'tcp'` or `'tcp6'`), or UDP (`'udp'` or `'udp6'`):
-    its('protocols') { should include 'tcp' }
-or for the IPv6 protocol:
-    its('protocols') { should include 'tcp6' }
+<br>
 ## Examples
@@ -148,3 +94,43 @@ or:
     describe port(65432) do
       it { should_not be_listening }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### address
+The `addresses` matcher tests if the specified address is associated with a port:
+    its('addresses') { should include '0.0.0.0' }
+### be_listening
+The `be_listening` matcher tests if the port is listening for traffic:
+    it { should be_listening }
+### pids
+The `pids` matcher tests the process identifiers (PIDs):
+    its('pids') { should cmp 27808 }
+### processes
+The `processes` matcher tests if the named process is running on the system:
+    its('processes') { should cmp 'syslog' }
+### protocols
+The `protocols` matcher tests the Internet protocol: ICMP (`'icmp'`), TCP (`'tcp'` or `'tcp6'`), or UDP (`'udp'` or `'udp6'`):
+    its('protocols') { should include 'tcp' }
+or for the IPv6 protocol:
+    its('protocols') { should include 'tcp6' }

data/docs/resources/postgres_conf.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the postgres_conf Resource
 Use the `postgres_conf` InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at `/etc/postgresql/<version>/main/postgresql.conf` or `/var/lib/postgres/data/postgresql.conf`, depending on the platform.
+<br>
 ## Syntax
 A `postgres_conf` resource block declares one (or more) settings in the `postgresql.conf` file, and then compares the setting in the configuration file to the value stated in the test:
@@ -21,37 +23,7 @@ where
 * `('path')` is the non-default path to the `postgresql.conf` file (optional)
 * `should eq 'value'` is the value that is expected
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### setting
-The `setting` matcher tests specific, named settings in the `postgresql.conf` file:
-    its('setting') { should eq 'value' }
-Use a `setting` matcher for each setting to be tested.
+<br>
 ## Examples
@@ -90,3 +62,17 @@ The following examples show how to use this InSpec audit resource.
     end
 where `unix_socket_group` is set to the PostgreSQL default setting (the group to which the server user belongs).
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### setting
+The `setting` matcher tests specific, named settings in the `postgresql.conf` file:
+    its('setting') { should eq 'value' }
+Use a `setting` matcher for each setting to be tested.

data/docs/resources/postgres_hba_conf.md.erb CHANGED

@@ -5,6 +5,9 @@ title: About the postgres_hba_conf Resource
 # postgres_hba_conf
 Use the `postgres_hba_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.
+<br>
 ## Syntax
 An `postgres_hba_conf` InSpec audit resource block declares client authentication data that should be tested:
@@ -19,48 +22,14 @@ where
 * `'filter_value'` is the value that is to be filtered for
 * `'value'` is the value that is to be matched expected
-## Matchers
-This InSpec audit resource matches any service that is listed in the HBA configuration file:
-    its('auth_method') { should_not cmp 'peer' }
-or:
-    its('auth_method') { should cmp 'peer' }
-For example:
-    describe postgres_hba_conf.where { type == 'type' } do
-      its('auth_method') { should cmp 'value' }
-      its('user') { should cmp 'value' }
-    end
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
+<br>
 ## Supported Properties
     'address', 'auth_method', 'auth_params', 'conf_dir' , 'conf_file' , 'database', 'params' ,'type', 'user'
+<br>
 ## Property Examples and Return Types
 ### address([String])
@@ -70,7 +39,7 @@ For example:
     describe postgres_hba_conf.where { type == 'local' } do
       its('address') { should cmp 'value' }
     end
 ### auth_method([String])
 `auth_method` returns a an array of strings that matches the where condition of the filter table
@@ -102,3 +71,22 @@ For example:
     describe postgres_hba_conf.where { database == 'acme_test_db' } do
       its('user') { should cmp 'value' }
     end
+<br>
+## Matchers
+This InSpec audit resource matches any service that is listed in the HBA configuration file. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+    its('auth_method') { should_not cmp 'peer' }
+or:
+    its('auth_method') { should cmp 'peer' }
+For example:
+    describe postgres_hba_conf.where { type == 'type' } do
+      its('auth_method') { should cmp 'value' }
+      its('user') { should cmp 'value' }
+    end

data/docs/resources/postgres_ident_conf.md.erb CHANGED

@@ -5,6 +5,9 @@ title: About the postgres_ident_conf Resource
 # postgres_ident_conf
 Use the `postgres_ident_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.
+<br>
 ## Syntax
 An `postgres_ident_conf` InSpec audit resource block declares client authentication data that should be tested:
@@ -19,48 +22,14 @@ where
 * `'filter_value'` is the value that is to be filtered for
 * `'value'` is the value that is to be matched expected
-## Matchers
-This InSpec audit resource matches any service that is listed in the pg ident  configuration file:
-    its('pg_username') { should_not eq ['peer'] }
-or:
-    its('map_name') { should eq ['value'] }
-For example:
-    describe postgres_ident_conf.where { pg_username == 'name' } do
-      its('system_username') { should eq ['value'] }
-      its('map_name') { should eq ['value'] }
-    end
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
+<br>
 ## Supported Properties
     'conf_file', 'map_name', 'params', 'pg_username', 'system_username'
+<br>
 ## Property Examples and Return Types
 ### map_name([String])
@@ -85,3 +54,22 @@ For example:
     describe pg_hba_conf.where { pg_username == 'name' } do
       its('system_username') { should eq ['value'] }
     end
+<br>
+## Matchers
+This InSpec audit resource matches any service that is listed in the pg ident configuration file. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+    its('pg_username') { should_not eq ['peer'] }
+or:
+    its('map_name') { should eq ['value'] }
+For example:
+    describe postgres_ident_conf.where { pg_username == 'name' } do
+      its('system_username') { should eq ['value'] }
+      its('map_name') { should eq ['value'] }
+    end

data/docs/resources/postgres_session.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the postgres_session Resource
 Use the `postgres_session` InSpec audit resource to test SQL commands run against a PostgreSQL database.
+<br>
 ## Syntax
 A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:
@@ -29,35 +31,7 @@ A full example is:
 where `its('output') { should eq '' }` compares the results of the query against the expected result in the test
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### output
-The `output` matcher tests the results of the query:
-    its('output') { should eq(/^0/) }
+<br>
 ## Examples
@@ -80,3 +54,15 @@ The following examples show how to use this InSpec audit resource.
                   AND lanname!=\'c\';', ['postgres']) do
       its('output') { should eq '0' }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### output
+The `output` matcher tests the results of the query:
+    its('output') { should eq(/^0/) }