inspec 1.40.0 → 1.41.0

data/docs/resources/shadow.md.erb

@@ -19,6 +19,8 @@ These entries are defined as a colon-delimited row in the file, one row per user
 
     dannos:Gb7crrO5CDF.:10063:0:99999:7:::
 
+<br>
+
 ## Syntax
 
 A `shadow` resource block declares one (or more) users and associated user information to be tested:
@@ -39,18 +41,30 @@ where
 * `homes`, `gids`, `passwords`, `shells`, `uids`, and `users` are valid accessors for `passwd`
 * `filter` one (or more) arguments, for example: `passwd.users(/name/)` used to define filtering; `filter` may take any of the following arguments: `count` (retrieves the number of entries), `lines` (provides raw `passwd` lines), and `params` (returns an array of maps for all entries)
 
+<br>
 
-## Matchers
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test for a forbidden user
+
+    describe shadow do
+      its('users') { should_not include 'forbidden_user' }
+    end
 
-This InSpec audit resource has the following matchers:
+### Test that a user appears one time
 
-### be
+    describe shadow.users('bin') do
+      its('passwords') { should cmp 'x' }
+      its('count') { should eq 1 }
+    end
 
-<%= partial "/shared/matcher_be" %>
+<br>
 
-### cmp
+## Matchers
 
-<%= partial "/shared/matcher_cmp" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 
 ### count
 
@@ -64,10 +78,6 @@ TThis matcher is best used in conjunction with filters. For example:
        its('count') { should eq 1 }
     end
 
-### eq
-
-<%= partial "/shared/matcher_eq" %>
-
 ### expiry_dates
 
 The `expiry_dates` matcher tests the number of days a user account has been disabled:
@@ -80,20 +90,12 @@ The `inactive_days` matcher tests the number of days a user must be inactive bef
 
     its('inactive_days') { should eq '' }
 
-### include
-
-<%= partial "/shared/matcher_include" %>
-
 ### last_changes
 
 The `last_changes` matcher tests the last time a password was changed:
 
     its('last_changes') { should eq '' }
 
-### match
-
-<%= partial "/shared/matcher_match" %>
-
 ### max_days
 
 The `max_days` matcher tests the maximum number of days after which a password must be changed:
@@ -130,20 +132,3 @@ The `users` matcher tests if the user name exists `/etc/shadow`:
 The `warn_days` matcher tests the number of days a user is warned about an expiring password:
 
     its('warn_days') { should eq 7 }
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test for a forbidden user
-
-    describe shadow do
-      its('users') { should_not include 'forbidden_user' }
-    end
-
-### Test that a user appears one time
-
-    describe shadow.users('bin') do
-      its('passwords') { should cmp 'x' }
-      its('count') { should eq 1 }
-    end

data/docs/resources/ssh_config.md.erb

@@ -6,6 +6,8 @@ title: About the ssh_config Resource
 
 Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms.
 
+<br>
+
 ## Syntax
 
 An `ssh_config` resource block declares the client OpenSSH configuration data to be tested:
@@ -20,40 +22,7 @@ where
 * `('path')` is the non-default `/path/to/ssh_config`
 * `{ should include('foo') }` tests the value of `name` as read from `ssh_config` versus the value declared in the test
 
-
-## Matchers
-
-This InSpec audit resource has the following matchers:
-
-### be
-
-<%= partial "/shared/matcher_be" %>
-
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
-
-### eq
-
-<%= partial "/shared/matcher_eq" %>
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### match
-
-<%= partial "/shared/matcher_match" %>
-
-### name
-
-The `name` matcher tests the value of `name` as read from `ssh_config` versus the value declared in the test:
-
-    its('name') { should eq 'foo' }
-
-or:
-
-    its('name') { should include('bar') }
+<br>
 
 ## Examples
 
@@ -92,3 +61,19 @@ The following examples show how to use this InSpec audit resource.
       its('SendEnv') { should eq 'LANG LC_*' }
       its('HashKnownHosts') { should eq 'yes' }
     end
+
+<br>
+
+## Matchers
+
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### name
+
+The `name` matcher tests the value of `name` as read from `ssh_config` versus the value declared in the test:
+
+    its('name') { should eq 'foo' }
+
+or:
+
+    its('name') { should include('bar') }

data/docs/resources/sshd_config.md.erb

@@ -6,6 +6,8 @@ title: About the sshd_config Resource
 
 Use the `sshd_config` InSpec audit resource to test configuration data for the OpenSSH daemon located at `/etc/ssh/sshd_config` on Linux and Unix platforms. sshd---the OpenSSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges.
 
+<br>
+
 ## Syntax
 
 An `sshd_config` resource block declares the client OpenSSH configuration data to be tested:
@@ -20,40 +22,7 @@ where
 * `('path')` is the non-default `/path/to/sshd_config`
 * `{ should include('foo') }` tests the value of `name` as read from `sshd_config` versus the value declared in the test
 
-
-## Matchers
-
-This InSpec audit resource has the following matchers:
-
-### be
-
-<%= partial "/shared/matcher_be" %>
-
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
-
-### eq
-
-<%= partial "/shared/matcher_eq" %>
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### match
-
-<%= partial "/shared/matcher_match" %>
-
-### name
-
-The `name` matcher tests the value of `name` as read from `sshd_config` versus the value declared in the test:
-
-    its('name') { should cmp 'foo' }
-
-or:
-
-    its('name') {should include('bar') }
+<br>
 
 ## Examples
 
@@ -95,3 +64,19 @@ The following examples show how to use this InSpec audit resource.
           '/etc/ssh/ssh_host_ecdsa_key',
         ] }
     end
+
+<br>
+
+## Matchers
+
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### name
+
+The `name` matcher tests the value of `name` as read from `sshd_config` versus the value declared in the test:
+
+    its('name') { should cmp 'foo' }
+
+or:
+
+    its('name') {should include('bar') }

data/docs/resources/ssl.md.erb

@@ -6,6 +6,8 @@ title: About the ssl Resource
 
 Use the `ssl` InSpec audit resource to test SSL settings for the named port.
 
+<br>
+
 ## Syntax
 
 An `ssl` resource block declares an SSL port, and then other properties of the test like cipher and/or protocol:
@@ -25,60 +27,7 @@ where
 * `ssl(port: #)` is the port number, such as `ssl(port: 443)`
 * `filter` may take any of the following arguments: `ciphers`, `protocols`, and `handshake`
 
-
-## Matchers
-
-This InSpec audit resource has the following matchers:
-
-### be
-
-<%= partial "/shared/matcher_be" %>
-
-### be_enabled
-
-The `be_enabled` matcher tests if SSL is enabled:
-
-    it { should be_enabled }
-
-### ciphers
-
-The `ciphers` matcher tests the named cipher:
-
-    its('ciphers') { should_not eq '/rc4/i' }
-
-or:
-
-    describe ssl(port: 443).ciphers(/rc4/i) do
-      it { should_not be_enabled }
-    end
-
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
-
-### eq
-
-<%= partial "/shared/matcher_eq" %>
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### match
-
-<%= partial "/shared/matcher_match" %>
-
-### protocols
-
-The `protocols` matcher tests what protocol versions (SSLv3, TLSv1.1, etc) are enabled:
-
-    its('protocols') { should eq 'ssl2' }
-
-or:
-
-    describe ssl(port: 443).protocols('ssl2') do
-      it { should_not be_enabled }
-    end
+<br>
 
 ## Examples
 
@@ -131,3 +80,39 @@ and then run:
 Or execute the profile directly via URL:
 
     $ inspec exec https://github.com/dev-sec/ssl-benchmark
+
+<br>
+
+## Matchers
+
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### be_enabled
+
+The `be_enabled` matcher tests if SSL is enabled:
+
+    it { should be_enabled }
+
+### ciphers
+
+The `ciphers` matcher tests the named cipher:
+
+    its('ciphers') { should_not eq '/rc4/i' }
+
+or:
+
+    describe ssl(port: 443).ciphers(/rc4/i) do
+      it { should_not be_enabled }
+    end
+
+### protocols
+
+The `protocols` matcher tests what protocol versions (SSLv3, TLSv1.1, etc) are enabled:
+
+    its('protocols') { should eq 'ssl2' }
+
+or:
+
+    describe ssl(port: 443).protocols('ssl2') do
+      it { should_not be_enabled }
+    end

data/docs/resources/sys_info.md.erb

@@ -6,6 +6,8 @@ title: About the sys_info Resource
 
 Use the `sys_info` InSpec audit resource to test for operating system properties for the named host, and then returns that info as standard output.
 
+<br>
+
 ## Syntax
 
 An `sys_info` resource block declares the hostname to be tested:
@@ -14,42 +16,26 @@ An `sys_info` resource block declares the hostname to be tested:
       its('hostname') { should eq 'value' }
     end
 
-## Matchers
+<br>
 
-This InSpec audit resource has the following matchers:
+## Examples
 
-### be
+The following examples show how to use this InSpec audit resource.
 
-<%= partial "/shared/matcher_be" %>
+### Get system information for example.com
 
-### cmp
+    describe sys_info do
+      its('hostname') { should eq 'example.com' }
+    end
 
-<%= partial "/shared/matcher_cmp" %>
+<br>
 
-### eq
+## Matchers
 
-<%= partial "/shared/matcher_eq" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 
 ### hostname
 
 The `hostname` matcher tests the host for which standard output is returned:
 
     its('hostname') { should eq 'value' }
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### match
-
-<%= partial "/shared/matcher_match" %>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Get system information for example.com
-
-    describe sys_info do
-      its('hostname') { should eq 'example.com' }
-    end

data/docs/resources/systemd_service.md.erb

@@ -6,6 +6,8 @@ title: About the systemd_service Resource
 
 Use the `systemd_service` InSpec audit resource to test a service using SystemD.
 
+<br>
+
 ## Syntax
 
 A `systemd_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
@@ -29,13 +31,11 @@ The path to the service manager's control may be specified for situations where
       it { should be_running }
     end
 
-## Matchers
-
-This InSpec audit resource has the following matchers:
+<br>
 
-### be
+## Matchers
 
-<%= partial "/shared/matcher_be" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 
 ### be_enabled
 
@@ -54,23 +54,3 @@ The `be_installed` matcher tests if the named service is installed:
 The `be_running` matcher tests if the named service is running:
 
     it { should be_running }
-
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
-
-### eq
-
-<%= partial "/shared/matcher_eq" %>
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### match
-
-<%= partial "/shared/matcher_match" %>
-
-## Examples
-
-None.