RubyGems - inspec - Versions diffs - 1.40.0 → 1.41.0 - Mend

inspec 1.40.0 → 1.41.0

Files changed (114) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +30 -9
data/docs/matchers.md +18 -0
data/docs/plugin_kitchen_inspec.md +18 -24
data/docs/profiles.md +39 -2
data/docs/resources/aide_conf.md.erb +18 -28
data/docs/resources/apache_conf.md.erb +19 -33
data/docs/resources/apt.md.erb +22 -36
data/docs/resources/audit_policy.md.erb +9 -24
data/docs/resources/auditd.md.erb +9 -24
data/docs/resources/auditd_conf.md.erb +20 -34
data/docs/resources/auditd_rules.md.erb +8 -24
data/docs/resources/bash.md.erb +4 -26
data/docs/resources/bond.md.erb +25 -40
data/docs/resources/bridge.md.erb +5 -25
data/docs/resources/bsd_service.md.erb +5 -25
data/docs/resources/command.md.erb +35 -50
data/docs/resources/crontab.md.erb +9 -23
data/docs/resources/csv.md.erb +12 -27
data/docs/resources/dh_params.md +1 -0
data/docs/resources/directory.md.erb +5 -25
data/docs/resources/docker.md.erb +60 -57
data/docs/resources/docker_container.md.erb +23 -19
data/docs/resources/docker_image.md.erb +20 -16
data/docs/resources/etc_fstab.md.erb +5 -2
data/docs/resources/etc_group.md.erb +29 -45
data/docs/resources/etc_hosts.md.erb +6 -0
data/docs/resources/etc_hosts_allow.md.erb +6 -2
data/docs/resources/etc_hosts_deny.md.erb +6 -2
data/docs/resources/file.md.erb +198 -212
data/docs/resources/firewalld.md.erb +7 -1
data/docs/resources/gem.md.erb +21 -35
data/docs/resources/group.md.erb +16 -30
data/docs/resources/grub_conf.md.erb +9 -24
data/docs/resources/host.md.erb +32 -49
data/docs/resources/http.md.erb +38 -44
data/docs/resources/iis_app.md.erb +25 -35
data/docs/resources/iis_site.md.erb +26 -40
data/docs/resources/inetd_conf.md.erb +27 -42
data/docs/resources/ini.md.erb +9 -23
data/docs/resources/interface.md.erb +5 -25
data/docs/resources/iptables.md.erb +15 -29
data/docs/resources/json.md.erb +12 -27
data/docs/resources/kernel_module.md.erb +47 -61
data/docs/resources/kernel_parameter.md.erb +15 -29
data/docs/resources/key_rsa.md.erb +3 -0
data/docs/resources/launchd_service.md.erb +5 -25
data/docs/resources/limits_conf.md.erb +15 -29
data/docs/resources/login_def.md.erb +15 -30
data/docs/resources/mount.md.erb +18 -33
data/docs/resources/mssql_session.md.erb +9 -12
data/docs/resources/mysql_conf.md.erb +17 -32
data/docs/resources/mysql_session.md.erb +15 -29
data/docs/resources/nginx.md.erb +6 -0
data/docs/resources/nginx_conf.md.erb +25 -20
data/docs/resources/npm.md.erb +19 -35
data/docs/resources/ntp_conf.md.erb +20 -37
data/docs/resources/oneget.md.erb +15 -30
data/docs/resources/oracledb_session.md.erb +9 -11
data/docs/resources/os.md.erb +29 -43
data/docs/resources/os_env.md.erb +29 -44
data/docs/resources/package.md.erb +33 -42
data/docs/resources/parse_config.md.erb +5 -25
data/docs/resources/parse_config_file.md.erb +31 -43
data/docs/resources/passwd.md.erb +24 -39
data/docs/resources/pip.md.erb +20 -35
data/docs/resources/port.md.erb +43 -57
data/docs/resources/postgres_conf.md.erb +17 -31
data/docs/resources/postgres_hba_conf.md.erb +26 -38
data/docs/resources/postgres_ident_conf.md.erb +25 -37
data/docs/resources/postgres_session.md.erb +15 -29
data/docs/resources/powershell.md.erb +27 -42
data/docs/resources/processes.md.erb +17 -33
data/docs/resources/rabbitmq_config.md.erb +9 -24
data/docs/resources/registry_key.md.erb +27 -42
data/docs/resources/runit_service.md.erb +5 -25
data/docs/resources/security_policy.md.erb +12 -27
data/docs/resources/service.md.erb +27 -42
data/docs/resources/shadow.md.erb +20 -35
data/docs/resources/ssh_config.md.erb +19 -34
data/docs/resources/sshd_config.md.erb +19 -34
data/docs/resources/ssl.md.erb +39 -54
data/docs/resources/sys_info.md.erb +12 -26
data/docs/resources/systemd_service.md.erb +5 -25
data/docs/resources/sysv_service.md.erb +5 -25
data/docs/resources/upstart_service.md.erb +5 -25
data/docs/resources/user.md.erb +29 -44
data/docs/resources/users.md.erb +12 -26
data/docs/resources/vbscript.md.erb +9 -24
data/docs/resources/virtualization.md.erb +8 -23
data/docs/resources/windows_feature.md.erb +15 -30
data/docs/resources/windows_hotfix.md.erb +15 -9
data/docs/resources/windows_task.md.erb +12 -26
data/docs/resources/wmi.md.erb +9 -24
data/docs/resources/x509_certificate.md.erb +4 -0
data/docs/resources/xinetd_conf.md.erb +65 -80
data/docs/resources/xml.md.erb +12 -26
data/docs/resources/yaml.md.erb +12 -27
data/docs/resources/yum.md.erb +37 -51
data/docs/resources/zfs_dataset.md.erb +15 -26
data/docs/resources/zfs_pool.md.erb +9 -20
data/lib/inspec/backend.rb +8 -0
data/lib/inspec/profile.rb +9 -1
data/lib/inspec/shell.rb +13 -13
data/lib/inspec/version.rb +1 -1
data/lib/matchers/matchers.rb +2 -0
data/lib/resources/etc_hosts.rb +1 -1
data/lib/resources/host.rb +4 -1
data/lib/resources/http.rb +173 -23
data/lib/resources/processes.rb +106 -20
data/lib/resources/ssh_conf.rb +1 -1
data/lib/resources/ssl.rb +4 -3
data/lib/utils/object_traversal.rb +35 -10
metadata +2 -2

data/docs/resources/sysv_service.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the sysv_service Resource
 Use the `sysv_service` InSpec audit resource to test a service using SystemV.
+<br>
 ## Syntax
 A `sysv_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
@@ -29,13 +31,11 @@ The path to the service manager's control may be specified for situations where
       it { should be_running }
     end
-## Matchers
-This InSpec audit resource has the following matchers:
+<br>
-### be
+## Matchers
-<%= partial "/shared/matcher_be" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### be_enabled
@@ -54,23 +54,3 @@ The `be_installed` matcher tests if the named service is installed:
 The `be_running` matcher tests if the named service is running:
     it { should be_running }
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-## Examples
-None.

data/docs/resources/upstart_service.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the upstart_service Resource
 Use the `upstart_service` InSpec audit resource to test a service using Upstart.
+<br>
 ## Syntax
 An `upstart_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
@@ -29,13 +31,11 @@ The path to the service manager's control may be specified for situations where
       it { should be_running }
     end
-## Matchers
-This InSpec audit resource has the following matchers:
+<br>
-### be
+## Matchers
-<%= partial "/shared/matcher_be" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### be_enabled
@@ -54,23 +54,3 @@ The `be_installed` matcher tests if the named service is installed:
 The `be_running` matcher tests if the named service is running:
     it { should be_running }
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-## Examples
-None.

data/docs/resources/user.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the user Resource
 Use the `user` InSpec audit resource to test user profiles for a single, known/expected local user, including the groups to which that user belongs, the frequency of required password changes, and the directory paths to home and shell.
+<br>
 ## Syntax
 A `user` resource block declares a user name, and then one (or more) matchers:
@@ -29,21 +31,40 @@ where
 * `it { should exist }` tests if the user exists
 * `gid`, `group`, `groups`, `home`, `maxdays`, `mindays`, `shell`, `uid`, and `warndays` are valid matchers for this resource
-## Matchers
+<br>
+## Examples
-This InSpec audit resource has the following matchers:
+The following examples show how to use this InSpec audit resource.
-### be
+### Verify available users for the MySQL server
-<%= partial "/shared/matcher_be" %>
+    describe user('root') do
+      it { should exist }
+      it { should belong_to_group 'root' }
+      its('uid') { should eq 0 }
+      its('groups') { should eq ['root'] }
+    end
-### cmp
+    describe user('mysql') do
+     it { should_not exist }
+    end
-<%= partial "/shared/matcher_cmp" %>
+### Test users on multiple platforms
-### eq
+The `nginx` user is typically `www-data`, but on CentOS it's `nginx`. The following example shows how to test for the `nginx` user with a single test, but accounting for all platforms:
+    web_user = 'www-data'
+    web_user = 'nginx' if os[:family] == 'centos'
+    describe user(web_user) do
+      it { should exist }
+    end
+<br>
+## Matchers
-<%= partial "/shared/matcher_eq" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### exist
@@ -79,14 +100,6 @@ The `home` matcher tests the home directory path for the user:
     its('home') { should eq '/root' }
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
 ### maxdays
 The `maxdays` matcher tests the maximum number of days between password changes:
@@ -124,31 +137,3 @@ The `warndays` matcher tests the number of days a user is warned before a passwo
     its('warndays') { should eq 5 }
 where `5` represents the number of days a user is warned.
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Verify available users for the MySQL server
-    describe user('root') do
-      it { should exist }
-      it { should belong_to_group 'root' }
-      its('uid') { should eq 0 }
-      its('groups') { should eq ['root'] }
-    end
-    describe user('mysql') do
-     it { should_not exist }
-    end
-### Test users on multiple platforms
-The `nginx` user is typically `www-data`, but on CentOS it's `nginx`. The following example shows how to test for the `nginx` user with a single test, but accounting for all platforms:
-    web_user = 'www-data'
-    web_user = 'nginx' if os[:family] == 'centos'
-    describe user(web_user) do
-      it { should exist }
-    end

data/docs/resources/users.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the users Resource
 Use the `users` InSpec audit resource to look up all local users available on the system, and then test specific properties of those users. This resource does not return information about users that may be located on other systems, such as LDAP or Active Directory.
+<br>
 ## Syntax
 A `users` resource block declares a user name, and then one (or more) matchers:
@@ -33,21 +35,23 @@ or:
       it { should exist }
     end
-## Matchers
+<br>
-This InSpec audit resource has the following matchers:
+## Examples
-### be
+The following examples show how to use this InSpec audit resource.
-<%= partial "/shared/matcher_be" %>
+### Use a regular expression to find users
-### cmp
+    describe users.where { uid =~ /S\-1\-5\-21\-\d+\-\d+\-\d+\-500/ } do
+      it { should exist }
+    end
-<%= partial "/shared/matcher_cmp" %>
+<br>
-### eq
+## Matchers
-<%= partial "/shared/matcher_eq" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### exist
@@ -83,14 +87,6 @@ The `home` matcher tests the home directory path for the user:
     its('home') { should eq '/root' }
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
 ### maxdays
 The `maxdays` matcher tests the maximum number of days between password changes:
@@ -128,13 +124,3 @@ The `warndays` matcher tests the number of days a user is warned before a passwo
     its('warndays') { should eq 5 }
 where `5` represents the number of days a user is warned.
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Use a regular expression to find users
-    describe users.where { uid =~ /S\-1\-5\-21\-\d+\-\d+\-\d+\-500/ } do
-      it { should exist }
-    end

data/docs/resources/vbscript.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the vbscript Resource
 Use the `vbscript` InSpec audit resource to test a VBScript on the Windows platform.
+<br>
 ## Syntax
 A `vbscript` resource block tests the output of a VBScript on the Windows platform:
@@ -19,30 +21,7 @@ where
 * `'script_name'` is the name of the VBScript to test
 * `('output')` is the expected output of the VBScript
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
+<br>
 ## Examples
@@ -67,3 +46,9 @@ and tested for whitespace removal from standard output:
     describe vbscript(script) do
       its('strip') { should eq "hello" }
     end
+<br>
+## Matchers
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/virtualization.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the virtualization Resource
 Use the `virtualization` InSpec audit resource to test the virtualization platform on which the system is running.
+<br>
 ## Syntax
 An `virtualization` resource block declares the virtualization platform that should be tested:
@@ -20,29 +22,7 @@ where
 * `MATCHER` is a valid matcher for this resource
 * `'value'` is the value to be tested
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
+<br>
 ## Examples
@@ -69,3 +49,8 @@ The following examples show how to use this InSpec audit resource.
       end
     end
+<br>
+## Matchers
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/windows_feature.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the windows_feature Resource
 Use the `windows_feature` InSpec audit resource to test features on Windows via the `Get-WindowsFeature` cmdlet.
+<br>
 ## Syntax
 A `windows_feature` resource block declares the name of the Windows feature, tests if that feature is installed, and then returns information about that feature:
@@ -19,36 +21,7 @@ where
 * `('feature_name')` must specify a Windows feature name, such as `DHCP Server` or `IIS-Webserver`
 * `be_installed` is a valid matcher for this resource
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### be_installed
-The `be_installed` matcher tests if the named Windows feature is installed:
-    it { should be_installed }
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
+<br>
 ## Examples
@@ -59,3 +32,15 @@ The following examples show how to use this InSpec audit resource.
     describe windows_feature('DHCP Server') do
       it{ should be_installed }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### be_installed
+The `be_installed` matcher tests if the named Windows feature is installed:
+    it { should be_installed }

data/docs/resources/windows_hotfix.md.erb CHANGED

@@ -4,6 +4,8 @@ title: About the windows_hotfix Resource
 Use the `windows_hotfix` InSpec audit resource to test if the hotfix has been installed on a Windows system.
+<br>
 ## Syntax
 A `windows_hotfix` resource block declares a hotfix to validate:
@@ -17,15 +19,7 @@ where
 * `('name')` must specify the name of a hotfix, such as `'KB4012213'`
 * `be_installed` is a valid matcher for this resource
-## Matcher
-This InSpec audit resource has the following matcher:
-### be_installed
-The `be_installed` matcher tests if the named hotfix is installed on the system:
-    it { should be_installed }
+<br>
 ## Examples
@@ -42,3 +36,15 @@ The following examples show how to use this InSpec audit resource.
     describe windows_hotfix('KB9999999') do
       it { should_not be_installed }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### be_installed
+The `be_installed` matcher tests if the named hotfix is installed on the system:
+    it { should be_installed }