RubyGems - inspec - Versions diffs - 1.40.0 → 1.41.0 - Mend

inspec 1.40.0 → 1.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (114) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +30 -9
data/docs/matchers.md +18 -0
data/docs/plugin_kitchen_inspec.md +18 -24
data/docs/profiles.md +39 -2
data/docs/resources/aide_conf.md.erb +18 -28
data/docs/resources/apache_conf.md.erb +19 -33
data/docs/resources/apt.md.erb +22 -36
data/docs/resources/audit_policy.md.erb +9 -24
data/docs/resources/auditd.md.erb +9 -24
data/docs/resources/auditd_conf.md.erb +20 -34
data/docs/resources/auditd_rules.md.erb +8 -24
data/docs/resources/bash.md.erb +4 -26
data/docs/resources/bond.md.erb +25 -40
data/docs/resources/bridge.md.erb +5 -25
data/docs/resources/bsd_service.md.erb +5 -25
data/docs/resources/command.md.erb +35 -50
data/docs/resources/crontab.md.erb +9 -23
data/docs/resources/csv.md.erb +12 -27
data/docs/resources/dh_params.md +1 -0
data/docs/resources/directory.md.erb +5 -25
data/docs/resources/docker.md.erb +60 -57
data/docs/resources/docker_container.md.erb +23 -19
data/docs/resources/docker_image.md.erb +20 -16
data/docs/resources/etc_fstab.md.erb +5 -2
data/docs/resources/etc_group.md.erb +29 -45
data/docs/resources/etc_hosts.md.erb +6 -0
data/docs/resources/etc_hosts_allow.md.erb +6 -2
data/docs/resources/etc_hosts_deny.md.erb +6 -2
data/docs/resources/file.md.erb +198 -212
data/docs/resources/firewalld.md.erb +7 -1
data/docs/resources/gem.md.erb +21 -35
data/docs/resources/group.md.erb +16 -30
data/docs/resources/grub_conf.md.erb +9 -24
data/docs/resources/host.md.erb +32 -49
data/docs/resources/http.md.erb +38 -44
data/docs/resources/iis_app.md.erb +25 -35
data/docs/resources/iis_site.md.erb +26 -40
data/docs/resources/inetd_conf.md.erb +27 -42
data/docs/resources/ini.md.erb +9 -23
data/docs/resources/interface.md.erb +5 -25
data/docs/resources/iptables.md.erb +15 -29
data/docs/resources/json.md.erb +12 -27
data/docs/resources/kernel_module.md.erb +47 -61
data/docs/resources/kernel_parameter.md.erb +15 -29
data/docs/resources/key_rsa.md.erb +3 -0
data/docs/resources/launchd_service.md.erb +5 -25
data/docs/resources/limits_conf.md.erb +15 -29
data/docs/resources/login_def.md.erb +15 -30
data/docs/resources/mount.md.erb +18 -33
data/docs/resources/mssql_session.md.erb +9 -12
data/docs/resources/mysql_conf.md.erb +17 -32
data/docs/resources/mysql_session.md.erb +15 -29
data/docs/resources/nginx.md.erb +6 -0
data/docs/resources/nginx_conf.md.erb +25 -20
data/docs/resources/npm.md.erb +19 -35
data/docs/resources/ntp_conf.md.erb +20 -37
data/docs/resources/oneget.md.erb +15 -30
data/docs/resources/oracledb_session.md.erb +9 -11
data/docs/resources/os.md.erb +29 -43
data/docs/resources/os_env.md.erb +29 -44
data/docs/resources/package.md.erb +33 -42
data/docs/resources/parse_config.md.erb +5 -25
data/docs/resources/parse_config_file.md.erb +31 -43
data/docs/resources/passwd.md.erb +24 -39
data/docs/resources/pip.md.erb +20 -35
data/docs/resources/port.md.erb +43 -57
data/docs/resources/postgres_conf.md.erb +17 -31
data/docs/resources/postgres_hba_conf.md.erb +26 -38
data/docs/resources/postgres_ident_conf.md.erb +25 -37
data/docs/resources/postgres_session.md.erb +15 -29
data/docs/resources/powershell.md.erb +27 -42
data/docs/resources/processes.md.erb +17 -33
data/docs/resources/rabbitmq_config.md.erb +9 -24
data/docs/resources/registry_key.md.erb +27 -42
data/docs/resources/runit_service.md.erb +5 -25
data/docs/resources/security_policy.md.erb +12 -27
data/docs/resources/service.md.erb +27 -42
data/docs/resources/shadow.md.erb +20 -35
data/docs/resources/ssh_config.md.erb +19 -34
data/docs/resources/sshd_config.md.erb +19 -34
data/docs/resources/ssl.md.erb +39 -54
data/docs/resources/sys_info.md.erb +12 -26
data/docs/resources/systemd_service.md.erb +5 -25
data/docs/resources/sysv_service.md.erb +5 -25
data/docs/resources/upstart_service.md.erb +5 -25
data/docs/resources/user.md.erb +29 -44
data/docs/resources/users.md.erb +12 -26
data/docs/resources/vbscript.md.erb +9 -24
data/docs/resources/virtualization.md.erb +8 -23
data/docs/resources/windows_feature.md.erb +15 -30
data/docs/resources/windows_hotfix.md.erb +15 -9
data/docs/resources/windows_task.md.erb +12 -26
data/docs/resources/wmi.md.erb +9 -24
data/docs/resources/x509_certificate.md.erb +4 -0
data/docs/resources/xinetd_conf.md.erb +65 -80
data/docs/resources/xml.md.erb +12 -26
data/docs/resources/yaml.md.erb +12 -27
data/docs/resources/yum.md.erb +37 -51
data/docs/resources/zfs_dataset.md.erb +15 -26
data/docs/resources/zfs_pool.md.erb +9 -20
data/lib/inspec/backend.rb +8 -0
data/lib/inspec/profile.rb +9 -1
data/lib/inspec/shell.rb +13 -13
data/lib/inspec/version.rb +1 -1
data/lib/matchers/matchers.rb +2 -0
data/lib/resources/etc_hosts.rb +1 -1
data/lib/resources/host.rb +4 -1
data/lib/resources/http.rb +173 -23
data/lib/resources/processes.rb +106 -20
data/lib/resources/ssh_conf.rb +1 -1
data/lib/resources/ssl.rb +4 -3
data/lib/utils/object_traversal.rb +35 -10
metadata +2 -2

data/docs/resources/pip.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the pip Resource
 Use the `pip` InSpec audit resource to test packages that are installed using the Python PIP installer.
+<br>
 ## Syntax
 A `pip` resource block declares a package and (optionally) a package version:
@@ -19,56 +21,39 @@ where
 * `'package_name'` is the name of the package, such as `'Jinja2'`
 * `be_installed` tests to see if the package described above is installed
+<br>
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
+## Examples
-### be_installed
+The following examples show how to use this InSpec audit resource.
-The `be_installed` matcher tests if the named package is installed on the system:
+### Test if Jinja2 is installed on the system
-    it { should be_installed }
+    describe pip('Jinja2') do
+      it { should be_installed }
+    end
-### cmp
+### Test if Jinja2 2.8 is installed on the system
-<%= partial "/shared/matcher_cmp" %>
+    describe pip('Jinja2') do
+      it { should be_installed }
+      its('version') { should eq '2.8' }
+    end
-### eq
+<br>
-<%= partial "/shared/matcher_eq" %>
+## Matchers
-### include
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-<%= partial "/shared/matcher_include" %>
+### be_installed
-### match
+The `be_installed` matcher tests if the named package is installed on the system:
-<%= partial "/shared/matcher_match" %>
+    it { should be_installed }
 ### version
 The `version` matcher tests if the named package version is on the system:
     its('version') { should eq '1.2.3' }
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Test if Jinja2 is installed on the system
-    describe pip('Jinja2') do
-      it { should be_installed }
-    end
-### Test if Jinja2 2.8 is installed on the system
-    describe pip('Jinja2') do
-      it { should be_installed }
-      its('version') { should eq '2.8' }
-    end

data/docs/resources/port.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the port Resource
 Use the `port` InSpec audit resource to test basic port properties, such as port, process, if it's listening.
+<br>
 ## Syntax
 A `port` resource block declares a port, and then depending on what needs to be tested, a process, protocol, process identifier, and its state (is it listening?):
@@ -35,63 +37,7 @@ For example, to test if the SSH daemon is available on a Linux machine via the d
       its('addresses') { should include '0.0.0.0' }
     end
-## Matchers
-This InSpec audit resource has the following matchers:
-### address
-The `addresses` matcher tests if the specified address is associated with a port:
-    its('addresses') { should include '0.0.0.0' }
-### be
-<%= partial "/shared/matcher_be" %>
-### be_listening
-The `be_listening` matcher tests if the port is listening for traffic:
-    it { should be_listening }
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### pids
-The `pids` matcher tests the process identifiers (PIDs):
-    its('pids') { should cmp 27808 }
-### processes
-The `processes` matcher tests if the named process is running on the system:
-    its('processes') { should cmp 'syslog' }
-### protocols
-The `protocols` matcher tests the Internet protocol: ICMP (`'icmp'`), TCP (`'tcp'` or `'tcp6'`), or UDP (`'udp'` or `'udp6'`):
-    its('protocols') { should include 'tcp' }
-or for the IPv6 protocol:
-    its('protocols') { should include 'tcp6' }
+<br>
 ## Examples
@@ -148,3 +94,43 @@ or:
     describe port(65432) do
       it { should_not be_listening }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### address
+The `addresses` matcher tests if the specified address is associated with a port:
+    its('addresses') { should include '0.0.0.0' }
+### be_listening
+The `be_listening` matcher tests if the port is listening for traffic:
+    it { should be_listening }
+### pids
+The `pids` matcher tests the process identifiers (PIDs):
+    its('pids') { should cmp 27808 }
+### processes
+The `processes` matcher tests if the named process is running on the system:
+    its('processes') { should cmp 'syslog' }
+### protocols
+The `protocols` matcher tests the Internet protocol: ICMP (`'icmp'`), TCP (`'tcp'` or `'tcp6'`), or UDP (`'udp'` or `'udp6'`):
+    its('protocols') { should include 'tcp' }
+or for the IPv6 protocol:
+    its('protocols') { should include 'tcp6' }

data/docs/resources/postgres_conf.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the postgres_conf Resource
 Use the `postgres_conf` InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at `/etc/postgresql/<version>/main/postgresql.conf` or `/var/lib/postgres/data/postgresql.conf`, depending on the platform.
+<br>
 ## Syntax
 A `postgres_conf` resource block declares one (or more) settings in the `postgresql.conf` file, and then compares the setting in the configuration file to the value stated in the test:
@@ -21,37 +23,7 @@ where
 * `('path')` is the non-default path to the `postgresql.conf` file (optional)
 * `should eq 'value'` is the value that is expected
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### setting
-The `setting` matcher tests specific, named settings in the `postgresql.conf` file:
-    its('setting') { should eq 'value' }
-Use a `setting` matcher for each setting to be tested.
+<br>
 ## Examples
@@ -90,3 +62,17 @@ The following examples show how to use this InSpec audit resource.
     end
 where `unix_socket_group` is set to the PostgreSQL default setting (the group to which the server user belongs).
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### setting
+The `setting` matcher tests specific, named settings in the `postgresql.conf` file:
+    its('setting') { should eq 'value' }
+Use a `setting` matcher for each setting to be tested.

data/docs/resources/postgres_hba_conf.md.erb CHANGED

@@ -5,6 +5,9 @@ title: About the postgres_hba_conf Resource
 # postgres_hba_conf
 Use the `postgres_hba_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.
+<br>
 ## Syntax
 An `postgres_hba_conf` InSpec audit resource block declares client authentication data that should be tested:
@@ -19,48 +22,14 @@ where
 * `'filter_value'` is the value that is to be filtered for
 * `'value'` is the value that is to be matched expected
-## Matchers
-This InSpec audit resource matches any service that is listed in the HBA configuration file:
-    its('auth_method') { should_not cmp 'peer' }
-or:
-    its('auth_method') { should cmp 'peer' }
-For example:
-    describe postgres_hba_conf.where { type == 'type' } do
-      its('auth_method') { should cmp 'value' }
-      its('user') { should cmp 'value' }
-    end
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
+<br>
 ## Supported Properties
     'address', 'auth_method', 'auth_params', 'conf_dir' , 'conf_file' , 'database', 'params' ,'type', 'user'
+<br>
 ## Property Examples and Return Types
 ### address([String])
@@ -70,7 +39,7 @@ For example:
     describe postgres_hba_conf.where { type == 'local' } do
       its('address') { should cmp 'value' }
     end
 ### auth_method([String])
 `auth_method` returns a an array of strings that matches the where condition of the filter table
@@ -102,3 +71,22 @@ For example:
     describe postgres_hba_conf.where { database == 'acme_test_db' } do
       its('user') { should cmp 'value' }
     end
+<br>
+## Matchers
+This InSpec audit resource matches any service that is listed in the HBA configuration file. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+    its('auth_method') { should_not cmp 'peer' }
+or:
+    its('auth_method') { should cmp 'peer' }
+For example:
+    describe postgres_hba_conf.where { type == 'type' } do
+      its('auth_method') { should cmp 'value' }
+      its('user') { should cmp 'value' }
+    end

data/docs/resources/postgres_ident_conf.md.erb CHANGED

@@ -5,6 +5,9 @@ title: About the postgres_ident_conf Resource
 # postgres_ident_conf
 Use the `postgres_ident_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.
+<br>
 ## Syntax
 An `postgres_ident_conf` InSpec audit resource block declares client authentication data that should be tested:
@@ -19,48 +22,14 @@ where
 * `'filter_value'` is the value that is to be filtered for
 * `'value'` is the value that is to be matched expected
-## Matchers
-This InSpec audit resource matches any service that is listed in the pg ident  configuration file:
-    its('pg_username') { should_not eq ['peer'] }
-or:
-    its('map_name') { should eq ['value'] }
-For example:
-    describe postgres_ident_conf.where { pg_username == 'name' } do
-      its('system_username') { should eq ['value'] }
-      its('map_name') { should eq ['value'] }
-    end
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
+<br>
 ## Supported Properties
     'conf_file', 'map_name', 'params', 'pg_username', 'system_username'
+<br>
 ## Property Examples and Return Types
 ### map_name([String])
@@ -85,3 +54,22 @@ For example:
     describe pg_hba_conf.where { pg_username == 'name' } do
       its('system_username') { should eq ['value'] }
     end
+<br>
+## Matchers
+This InSpec audit resource matches any service that is listed in the pg ident configuration file. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+    its('pg_username') { should_not eq ['peer'] }
+or:
+    its('map_name') { should eq ['value'] }
+For example:
+    describe postgres_ident_conf.where { pg_username == 'name' } do
+      its('system_username') { should eq ['value'] }
+      its('map_name') { should eq ['value'] }
+    end

data/docs/resources/postgres_session.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the postgres_session Resource
 Use the `postgres_session` InSpec audit resource to test SQL commands run against a PostgreSQL database.
+<br>
 ## Syntax
 A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:
@@ -29,35 +31,7 @@ A full example is:
 where `its('output') { should eq '' }` compares the results of the query against the expected result in the test
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### output
-The `output` matcher tests the results of the query:
-    its('output') { should eq(/^0/) }
+<br>
 ## Examples
@@ -80,3 +54,15 @@ The following examples show how to use this InSpec audit resource.
                   AND lanname!=\'c\';', ['postgres']) do
       its('output') { should eq '0' }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### output
+The `output` matcher tests the results of the query:
+    its('output') { should eq(/^0/) }