RubyGems - inspec - Versions diffs - 1.40.0 → 1.41.0 - Mend

inspec 1.40.0 → 1.41.0

Files changed (114) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +30 -9
data/docs/matchers.md +18 -0
data/docs/plugin_kitchen_inspec.md +18 -24
data/docs/profiles.md +39 -2
data/docs/resources/aide_conf.md.erb +18 -28
data/docs/resources/apache_conf.md.erb +19 -33
data/docs/resources/apt.md.erb +22 -36
data/docs/resources/audit_policy.md.erb +9 -24
data/docs/resources/auditd.md.erb +9 -24
data/docs/resources/auditd_conf.md.erb +20 -34
data/docs/resources/auditd_rules.md.erb +8 -24
data/docs/resources/bash.md.erb +4 -26
data/docs/resources/bond.md.erb +25 -40
data/docs/resources/bridge.md.erb +5 -25
data/docs/resources/bsd_service.md.erb +5 -25
data/docs/resources/command.md.erb +35 -50
data/docs/resources/crontab.md.erb +9 -23
data/docs/resources/csv.md.erb +12 -27
data/docs/resources/dh_params.md +1 -0
data/docs/resources/directory.md.erb +5 -25
data/docs/resources/docker.md.erb +60 -57
data/docs/resources/docker_container.md.erb +23 -19
data/docs/resources/docker_image.md.erb +20 -16
data/docs/resources/etc_fstab.md.erb +5 -2
data/docs/resources/etc_group.md.erb +29 -45
data/docs/resources/etc_hosts.md.erb +6 -0
data/docs/resources/etc_hosts_allow.md.erb +6 -2
data/docs/resources/etc_hosts_deny.md.erb +6 -2
data/docs/resources/file.md.erb +198 -212
data/docs/resources/firewalld.md.erb +7 -1
data/docs/resources/gem.md.erb +21 -35
data/docs/resources/group.md.erb +16 -30
data/docs/resources/grub_conf.md.erb +9 -24
data/docs/resources/host.md.erb +32 -49
data/docs/resources/http.md.erb +38 -44
data/docs/resources/iis_app.md.erb +25 -35
data/docs/resources/iis_site.md.erb +26 -40
data/docs/resources/inetd_conf.md.erb +27 -42
data/docs/resources/ini.md.erb +9 -23
data/docs/resources/interface.md.erb +5 -25
data/docs/resources/iptables.md.erb +15 -29
data/docs/resources/json.md.erb +12 -27
data/docs/resources/kernel_module.md.erb +47 -61
data/docs/resources/kernel_parameter.md.erb +15 -29
data/docs/resources/key_rsa.md.erb +3 -0
data/docs/resources/launchd_service.md.erb +5 -25
data/docs/resources/limits_conf.md.erb +15 -29
data/docs/resources/login_def.md.erb +15 -30
data/docs/resources/mount.md.erb +18 -33
data/docs/resources/mssql_session.md.erb +9 -12
data/docs/resources/mysql_conf.md.erb +17 -32
data/docs/resources/mysql_session.md.erb +15 -29
data/docs/resources/nginx.md.erb +6 -0
data/docs/resources/nginx_conf.md.erb +25 -20
data/docs/resources/npm.md.erb +19 -35
data/docs/resources/ntp_conf.md.erb +20 -37
data/docs/resources/oneget.md.erb +15 -30
data/docs/resources/oracledb_session.md.erb +9 -11
data/docs/resources/os.md.erb +29 -43
data/docs/resources/os_env.md.erb +29 -44
data/docs/resources/package.md.erb +33 -42
data/docs/resources/parse_config.md.erb +5 -25
data/docs/resources/parse_config_file.md.erb +31 -43
data/docs/resources/passwd.md.erb +24 -39
data/docs/resources/pip.md.erb +20 -35
data/docs/resources/port.md.erb +43 -57
data/docs/resources/postgres_conf.md.erb +17 -31
data/docs/resources/postgres_hba_conf.md.erb +26 -38
data/docs/resources/postgres_ident_conf.md.erb +25 -37
data/docs/resources/postgres_session.md.erb +15 -29
data/docs/resources/powershell.md.erb +27 -42
data/docs/resources/processes.md.erb +17 -33
data/docs/resources/rabbitmq_config.md.erb +9 -24
data/docs/resources/registry_key.md.erb +27 -42
data/docs/resources/runit_service.md.erb +5 -25
data/docs/resources/security_policy.md.erb +12 -27
data/docs/resources/service.md.erb +27 -42
data/docs/resources/shadow.md.erb +20 -35
data/docs/resources/ssh_config.md.erb +19 -34
data/docs/resources/sshd_config.md.erb +19 -34
data/docs/resources/ssl.md.erb +39 -54
data/docs/resources/sys_info.md.erb +12 -26
data/docs/resources/systemd_service.md.erb +5 -25
data/docs/resources/sysv_service.md.erb +5 -25
data/docs/resources/upstart_service.md.erb +5 -25
data/docs/resources/user.md.erb +29 -44
data/docs/resources/users.md.erb +12 -26
data/docs/resources/vbscript.md.erb +9 -24
data/docs/resources/virtualization.md.erb +8 -23
data/docs/resources/windows_feature.md.erb +15 -30
data/docs/resources/windows_hotfix.md.erb +15 -9
data/docs/resources/windows_task.md.erb +12 -26
data/docs/resources/wmi.md.erb +9 -24
data/docs/resources/x509_certificate.md.erb +4 -0
data/docs/resources/xinetd_conf.md.erb +65 -80
data/docs/resources/xml.md.erb +12 -26
data/docs/resources/yaml.md.erb +12 -27
data/docs/resources/yum.md.erb +37 -51
data/docs/resources/zfs_dataset.md.erb +15 -26
data/docs/resources/zfs_pool.md.erb +9 -20
data/lib/inspec/backend.rb +8 -0
data/lib/inspec/profile.rb +9 -1
data/lib/inspec/shell.rb +13 -13
data/lib/inspec/version.rb +1 -1
data/lib/matchers/matchers.rb +2 -0
data/lib/resources/etc_hosts.rb +1 -1
data/lib/resources/host.rb +4 -1
data/lib/resources/http.rb +173 -23
data/lib/resources/processes.rb +106 -20
data/lib/resources/ssh_conf.rb +1 -1
data/lib/resources/ssl.rb +4 -3
data/lib/utils/object_traversal.rb +35 -10
metadata +2 -2

data/docs/resources/audit_policy.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the audit_policy Resource
 Use the `audit_policy` Inspec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each auditing category property that is enabled, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
+<br>
 ## Syntax
 An `audit_policy` resource block declares a parameter that belongs to an audit policy category or subcategory:
@@ -19,30 +21,7 @@ where
 * `'parameter'` must specify a parameter
 * `'value'` must be one of `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
+<br>
 ## Examples
@@ -59,3 +38,9 @@ The following examples show how to use this InSpec audit resource.
     describe audit_policy do
       its('User Account Management') { should eq 'Success' }
     end
+<br>
+## Matchers
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/auditd.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the auditd Resource
 Use the `auditd` InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command. This resource supports versions of `audit` >= 2.3.
+<br>
 ## Syntax
 An `auditd` resource block declares one (or more) rules to be tested, and then what that rule should do:
@@ -23,30 +25,7 @@ or test that multiple individual rules are defined:
 where each test must declare one (or more) rules to be tested.
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
+<br>
 ## Examples
@@ -91,3 +70,9 @@ The key filter may be useful in evaluating rules with particular key values:
   describe auditd.where { key == "privileged" } do
     its('permissions') { should include ['x'] }
   end
+<br>
+## Matchers
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/auditd_conf.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the auditd_conf Resource
 Use the `auditd_conf` InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under `/etc/audit/auditd.conf'` on Unix and Linux platforms.
+<br>
 ## Syntax
 A `auditd_conf` resource block declares configuration settings that should be tested:
@@ -20,40 +22,7 @@ where
 * `('path')` is the non-default path to the `auditd.conf` configuration file
 * `{ should cmp 'value' }` is the value that is expected
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### keyword
-This matcher will matche any keyword that is listed in the `auditd.conf` configuration file. Option names and values are case-insensitive:
-    its('log_format') { should cmp 'raw' }
-or:
-    its('max_log_file') { should cmp 6 }
-### match
-<%= partial "/shared/matcher_match" %>
+<br>
 ## Examples
@@ -77,3 +46,20 @@ The following examples show how to use this InSpec audit resource.
       its('disk_full_action') { should cmp 'halt' }
       its('disk_error_action') { should cmp 'halt' }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### keyword
+This matcher will matche any keyword that is listed in the `auditd.conf` configuration file. Option names and values are case-insensitive:
+    its('log_format') { should cmp 'raw' }
+or:
+    its('max_log_file') { should cmp 6 }

data/docs/resources/auditd_rules.md.erb CHANGED

@@ -6,6 +6,7 @@ title: About the auditd_rules Resource
 Use the `auditd_rules` InSpec audit resource to test the rules for logging that exist on the system. The `audit.rules` file is typically located under `/etc/audit/` and contains the list of rules that define what is captured in log files. This resource uses `auditctl` to query the run-time `auditd` rules setup, which may be different from `audit.rules`.
+<br>
 ## Syntax
@@ -61,30 +62,7 @@ or test that individual rules are defined:
 where each test must declare one (or more) rules to be tested.
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
+<br>
 ## Examples
@@ -130,3 +108,9 @@ Filters may be chained. For example:
     describe auditd_rules.syscall('open').action('always').list do
       it { should eq(['exit']) }
     end
+<br>
+## Matchers
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/bash.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the bash Resource
 Use the `bash` InSpec audit resource to test an arbitrary command that is run on the system using a Bash script.
+<br>
 ## Syntax
 A `command` resource block declares a command to be run, one (or more) expected outputs, and the location to which that output is sent:
@@ -29,22 +31,11 @@ For example:
       its('exit_status') { should eq 0 }
     end
+<br>
 ## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### exist
@@ -58,14 +49,6 @@ The `exit_status` matcher tests the exit status for the command:
     its('exit_status') { should eq 0 }
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
 ### stderr
 The `stderr` matcher tests results of the command as returned in standard error (stderr):
@@ -77,8 +60,3 @@ The `stderr` matcher tests results of the command as returned in standard error
 The `stdout` matcher tests results of the command as returned in standard output (stdout).
     its('stdout') { should match /bin/ }
-## Examples
-None.

data/docs/resources/bond.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the bond Resource
 Use the `bond` InSpec audit resource to test a logical, bonded network interface (i.e. "two or more network interfaces aggregated into a single, logical network interface"). On Linux platforms, any value in the `/proc/net/bonding` directory may be tested.
+<br>
 ## Syntax
 A `bond` resource block declares a bonded network interface, and then specifies the properties of that bonded network interface to be tested:
@@ -19,18 +21,35 @@ where
 * `'name'` is the name of the bonded network interface
 * `{ should exist }` is a valid matcher for this resource
+<br>
-## Matchers
+## Examples
-This InSpec audit resource has the following matchers:
+The following examples show how to use this InSpec audit resource.
-### be
+### Test if eth0 is a secondary interface for bond0
-<%= partial "/shared/matcher_be" %>
+    describe bond('bond0') do
+      it { should exist }
+      it { should have_interface 'eth0' }
+    end
-### cmp
+### Test parameters for bond0
-<%= partial "/shared/matcher_cmp" %>
+    describe bond('bond0') do
+      its('Bonding Mode') { should eq 'IEEE 802.3ad Dynamic link aggregation' }
+      its('Transmit Hash Policy') { should eq 'layer3+4 (1)' }
+      its('MII Status') { should eq 'up' }
+      its('MII Polling Interval (ms)') { should eq '100' }
+      its('Up Delay (ms)') { should eq '0' }
+      its('Down Delay (ms)') { should eq '0' }
+    end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### content
@@ -38,10 +57,6 @@ The `content` matcher tests if contents in the file that defines the bonded netw
     its('content') { should match('value') }
-### eq
-<%= partial "/shared/matcher_eq" %>
 ### exist
 The `exist` matcher tests if the bonded network interface is available:
@@ -54,44 +69,14 @@ The `have_interface` matcher tests if the bonded network interface has one (or m
     it { should have_interface }
-### include
-<%= partial "/shared/matcher_include" %>
 ### interfaces
 The `interfaces` matcher tests if the named secondary interfaces are available:
     its('interfaces') { should eq ['eth0', 'eth1', ...] }
-### match
-<%= partial "/shared/matcher_match" %>
 ### params
 The `params` matcher tests arbitrary parameters for the bonded network interface:
     its('params') { should eq 'value' }
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Test if eth0 is a secondary interface for bond0
-    describe bond('bond0') do
-      it { should exist }
-      it { should have_interface 'eth0' }
-    end
-### Test parameters for bond0
-    describe bond('bond0') do
-      its('Bonding Mode') { should eq 'IEEE 802.3ad Dynamic link aggregation' }
-      its('Transmit Hash Policy') { should eq 'layer3+4 (1)' }
-      its('MII Status') { should eq 'up' }
-      its('MII Polling Interval (ms)') { should eq '100' }
-      its('Up Delay (ms)') { should eq '0' }
-      its('Down Delay (ms)') { should eq '0' }
-    end

data/docs/resources/bridge.md.erb CHANGED

@@ -9,6 +9,8 @@ Use the `bridge` InSpec audit resource to test basic network bridge properties,
 * On Linux platforms, any value in the `/sys/class/net/{interface}/bridge` directory may be tested
 * On the Windows platform, the `Get-NetAdapter` cmdlet is associated with the `Get-NetAdapterBinding` cmdlet and returns the `ComponentID ms_bridge` value as a JSON object
+<br>
 ## Syntax
 A `bridge` resource block declares the bridge to be tested and what interface it should be associated with:
@@ -18,21 +20,11 @@ A `bridge` resource block declares the bridge to be tested and what interface it
       it { should have_interface 'eth0' }
     end
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
+<br>
-### eq
+## Matchers
-<%= partial "/shared/matcher_eq" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### exist
@@ -46,10 +38,6 @@ The `have_interface` matcher tests if the named interface is defined for the net
     it { should have_interface 'eth0' }
-### include
-<%= partial "/shared/matcher_include" %>
 ### interfaces
 The `interfaces` matcher tests if the named interface is present:
@@ -57,11 +45,3 @@ The `interfaces` matcher tests if the named interface is present:
     its('interfaces') { should eq 'foo' }
     its('interfaces') { should eq 'bar' }
     its('interfaces') { should include('foo') }
-### match
-<%= partial "/shared/matcher_match" %>
-## Examples
-None.

data/docs/resources/bsd_service.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the bsd_service Resource
 Use the `bsd_service` InSpec audit resource to test a service using a Berkeley OS-style `init` on the FreeBSD platform.
+<br>
 ## Syntax
 A `bsd_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
@@ -29,13 +31,11 @@ The path to the service manager's control may be specified for situations where
       it { should be_running }
     end
-## Matchers
-This InSpec audit resource has the following matchers:
+<br>
-### be
+## Matchers
-<%= partial "/shared/matcher_be" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### be_enabled
@@ -54,23 +54,3 @@ The `be_installed` matcher tests if the named service is installed:
 The `be_running` matcher tests if the named service is running:
     it { should be_running }
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-## Examples
-None.