RubyGems - inspec - Versions diffs - 1.40.0 → 1.41.0 - Mend

inspec 1.40.0 → 1.41.0

Files changed (114) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +30 -9
data/docs/matchers.md +18 -0
data/docs/plugin_kitchen_inspec.md +18 -24
data/docs/profiles.md +39 -2
data/docs/resources/aide_conf.md.erb +18 -28
data/docs/resources/apache_conf.md.erb +19 -33
data/docs/resources/apt.md.erb +22 -36
data/docs/resources/audit_policy.md.erb +9 -24
data/docs/resources/auditd.md.erb +9 -24
data/docs/resources/auditd_conf.md.erb +20 -34
data/docs/resources/auditd_rules.md.erb +8 -24
data/docs/resources/bash.md.erb +4 -26
data/docs/resources/bond.md.erb +25 -40
data/docs/resources/bridge.md.erb +5 -25
data/docs/resources/bsd_service.md.erb +5 -25
data/docs/resources/command.md.erb +35 -50
data/docs/resources/crontab.md.erb +9 -23
data/docs/resources/csv.md.erb +12 -27
data/docs/resources/dh_params.md +1 -0
data/docs/resources/directory.md.erb +5 -25
data/docs/resources/docker.md.erb +60 -57
data/docs/resources/docker_container.md.erb +23 -19
data/docs/resources/docker_image.md.erb +20 -16
data/docs/resources/etc_fstab.md.erb +5 -2
data/docs/resources/etc_group.md.erb +29 -45
data/docs/resources/etc_hosts.md.erb +6 -0
data/docs/resources/etc_hosts_allow.md.erb +6 -2
data/docs/resources/etc_hosts_deny.md.erb +6 -2
data/docs/resources/file.md.erb +198 -212
data/docs/resources/firewalld.md.erb +7 -1
data/docs/resources/gem.md.erb +21 -35
data/docs/resources/group.md.erb +16 -30
data/docs/resources/grub_conf.md.erb +9 -24
data/docs/resources/host.md.erb +32 -49
data/docs/resources/http.md.erb +38 -44
data/docs/resources/iis_app.md.erb +25 -35
data/docs/resources/iis_site.md.erb +26 -40
data/docs/resources/inetd_conf.md.erb +27 -42
data/docs/resources/ini.md.erb +9 -23
data/docs/resources/interface.md.erb +5 -25
data/docs/resources/iptables.md.erb +15 -29
data/docs/resources/json.md.erb +12 -27
data/docs/resources/kernel_module.md.erb +47 -61
data/docs/resources/kernel_parameter.md.erb +15 -29
data/docs/resources/key_rsa.md.erb +3 -0
data/docs/resources/launchd_service.md.erb +5 -25
data/docs/resources/limits_conf.md.erb +15 -29
data/docs/resources/login_def.md.erb +15 -30
data/docs/resources/mount.md.erb +18 -33
data/docs/resources/mssql_session.md.erb +9 -12
data/docs/resources/mysql_conf.md.erb +17 -32
data/docs/resources/mysql_session.md.erb +15 -29
data/docs/resources/nginx.md.erb +6 -0
data/docs/resources/nginx_conf.md.erb +25 -20
data/docs/resources/npm.md.erb +19 -35
data/docs/resources/ntp_conf.md.erb +20 -37
data/docs/resources/oneget.md.erb +15 -30
data/docs/resources/oracledb_session.md.erb +9 -11
data/docs/resources/os.md.erb +29 -43
data/docs/resources/os_env.md.erb +29 -44
data/docs/resources/package.md.erb +33 -42
data/docs/resources/parse_config.md.erb +5 -25
data/docs/resources/parse_config_file.md.erb +31 -43
data/docs/resources/passwd.md.erb +24 -39
data/docs/resources/pip.md.erb +20 -35
data/docs/resources/port.md.erb +43 -57
data/docs/resources/postgres_conf.md.erb +17 -31
data/docs/resources/postgres_hba_conf.md.erb +26 -38
data/docs/resources/postgres_ident_conf.md.erb +25 -37
data/docs/resources/postgres_session.md.erb +15 -29
data/docs/resources/powershell.md.erb +27 -42
data/docs/resources/processes.md.erb +17 -33
data/docs/resources/rabbitmq_config.md.erb +9 -24
data/docs/resources/registry_key.md.erb +27 -42
data/docs/resources/runit_service.md.erb +5 -25
data/docs/resources/security_policy.md.erb +12 -27
data/docs/resources/service.md.erb +27 -42
data/docs/resources/shadow.md.erb +20 -35
data/docs/resources/ssh_config.md.erb +19 -34
data/docs/resources/sshd_config.md.erb +19 -34
data/docs/resources/ssl.md.erb +39 -54
data/docs/resources/sys_info.md.erb +12 -26
data/docs/resources/systemd_service.md.erb +5 -25
data/docs/resources/sysv_service.md.erb +5 -25
data/docs/resources/upstart_service.md.erb +5 -25
data/docs/resources/user.md.erb +29 -44
data/docs/resources/users.md.erb +12 -26
data/docs/resources/vbscript.md.erb +9 -24
data/docs/resources/virtualization.md.erb +8 -23
data/docs/resources/windows_feature.md.erb +15 -30
data/docs/resources/windows_hotfix.md.erb +15 -9
data/docs/resources/windows_task.md.erb +12 -26
data/docs/resources/wmi.md.erb +9 -24
data/docs/resources/x509_certificate.md.erb +4 -0
data/docs/resources/xinetd_conf.md.erb +65 -80
data/docs/resources/xml.md.erb +12 -26
data/docs/resources/yaml.md.erb +12 -27
data/docs/resources/yum.md.erb +37 -51
data/docs/resources/zfs_dataset.md.erb +15 -26
data/docs/resources/zfs_pool.md.erb +9 -20
data/lib/inspec/backend.rb +8 -0
data/lib/inspec/profile.rb +9 -1
data/lib/inspec/shell.rb +13 -13
data/lib/inspec/version.rb +1 -1
data/lib/matchers/matchers.rb +2 -0
data/lib/resources/etc_hosts.rb +1 -1
data/lib/resources/host.rb +4 -1
data/lib/resources/http.rb +173 -23
data/lib/resources/processes.rb +106 -20
data/lib/resources/ssh_conf.rb +1 -1
data/lib/resources/ssl.rb +4 -3
data/lib/utils/object_traversal.rb +35 -10
metadata +2 -2

data/docs/resources/command.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the command Resource
 Use the `command` InSpec audit resource to test an arbitrary command that is run on the system.
+<br>
 ## Syntax
 A `command` resource block declares a command to be run, one (or more) expected outputs, and the location to which that output is sent:
@@ -21,56 +23,7 @@ where
 * `'matcher'` is one of `exit_status`, `stderr`, or `stdout`
 * `'output'` tests the output of the command run on the system versus the output value stated in the test
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### exist
-The `exist` matcher tests if a command may be run on the system:
-    it { should exist }
-### exit_status
-The `exit_status` matcher tests the exit status for the command:
-    its('exit_status') { should eq 123 }
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### stderr
-The `stderr` matcher tests results of the command as returned in standard error (stderr):
-    its('stderr') { should eq 'error' }
-### stdout
-The `stdout` matcher tests results of the command as returned in standard output (stdout). The following example shows matching output using a regular expression:
-    describe command('echo 1') do
-       its('stdout') { should match (/[0-9]/) }
-    end
+<br>
 ## Examples
@@ -149,3 +102,35 @@ Wix includes serveral tools -- such as `candle` (preprocesses and compiles sourc
         it { should be_file }
       end
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### exist
+The `exist` matcher tests if a command may be run on the system:
+    it { should exist }
+### exit_status
+The `exit_status` matcher tests the exit status for the command:
+    its('exit_status') { should eq 123 }
+### stderr
+The `stderr` matcher tests results of the command as returned in standard error (stderr):
+    its('stderr') { should eq 'error' }
+### stdout
+The `stdout` matcher tests results of the command as returned in standard output (stdout). The following example shows matching output using a regular expression:
+    describe command('echo 1') do
+       its('stdout') { should match (/[0-9]/) }
+    end

data/docs/resources/crontab.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the crontab Resource
 Use the `crontab` InSpec audit resource to test the crontab entries for a particular user on the system. It recognizes special time strings (@yearly, @weekly, etc).
+<br>
 ## Syntax
 A `crontab` resource block declares a user (which defaults to the current user, if not specified), and then the details to be tested, such as the schedule elements for each crontab entry or the commands itself:
@@ -14,29 +16,7 @@ A `crontab` resource block declares a user (which defaults to the current user,
       its('commands') { should include '/some/scheduled/task.sh' }
     end
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
+<br>
 ## Examples
@@ -82,3 +62,9 @@ The following examples show how to use this InSpec audit resource.
       its('hours') { should cmp '-1' }
       its('minutes') { should cmp '-1' }
     end
+<br>
+## Matchers
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/csv.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the csv Resource
 Use the `csv` InSpec audit resource to test configuration data in a CSV file.
+<br>
 ## Syntax
 A `csv` resource block declares the configuration data to be tested:
@@ -20,43 +22,26 @@ where
 * `name` is a configuration setting in a CSV file
 * `should eq 'foo'` tests a value of `name` as read from a CSV file versus the value declared in the test
+<br>
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
+## Examples
-### eq
+The following examples show how to use this InSpec audit resource.
-<%= partial "/shared/matcher_eq" %>
+### Test a CSV file
-### include
+    describe csv('some_file.csv') do
+      its('setting') { should eq 1 }
+    end
-<%= partial "/shared/matcher_include" %>
+<br>
-### match
+## Matchers
-<%= partial "/shared/matcher_match" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### name
 The `name` matcher tests the value of `name` as read from a CSV file versus the value declared in the test:
     its('name') { should eq 'foo' }
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Test a CSV file
-    describe csv('some_file.csv') do
-      its('setting') { should eq 1 }
-    end

data/docs/resources/dh_params.md CHANGED

@@ -6,6 +6,7 @@ title: The dh_params Resource
 Use the `dh_params` InSpec audit resource to test Diffie-Hellman (DH) parameters.
+<br>
 ## Syntax

data/docs/resources/directory.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the directory Resource
 Use the `directory` InSpec audit resource to test if the file type is a directory. This is equivalent to using the `file` resource and the `be_directory` matcher, but provides a simpler and more direct way to test directories. All of the matchers available to `file` may be used with `directory`.
+<br>
 ## Syntax
 A `directory` resource block declares the location of the directory to be tested, and then one (or more) matchers:
@@ -14,30 +16,8 @@ A `directory` resource block declares the location of the directory to be tested
       it { should MATCHER 'value' }
     end
-## Matchers
-This resource may use any of the matchers available to the `file` resource that may be useful when testing a directory.
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
+<br>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-## Examples
+## Matchers
-None.
+This resource may use any of the matchers available to the `file` resource that may be useful when testing a directory. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/docker.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the docker Resource
 Use the `docker` InSpec audit resource to test configuration data for docker daemon. It is a very comprehensive resource. Please have a look at [docker_container](docker_container) and [docker_image](docker_image), too.
+<br>
 ## Syntax
 A `docker` resource block declares allows you to write test for many containers:
@@ -42,63 +44,7 @@ where
 * `.where()` may specify a specific item and value, to which the matchers are compared
 * `commands`, `ids`, `images`, `labels`, `local_volumes`, `mounts`, `names`, `networks`, `ports`, `sizes`  and `'status'` are valid matchers for `containers`
-## Matchers
-This InSpec audit resource has the following matchers:
-### containers
-`containers` returns information about containers as returned by [docker ps -a](https://docs.docker.com/engine/reference/commandline/ps/). You can determine specific information about
-    describe docker.containers do
-      its('ids') { should include 'sha:71b5df59...442b' }
-      its('commands') { should_not include '/bin/sh' }
-      its('images') { should_not include 'u12:latest' }
-      its('ports') { should include '0.0.0.0:1234->1234/tcp' }
-      its('labels') { should include 'License=GPLv2,Vendor=CentOS' }
-    end
-### images
-`images` returns information about docker image as returned by [docker images](https://docs.docker.com/engine/reference/commandline/images/). You can determine specific information about
-    describe docker.images do
-      its('ids') { should include 'sha:12b5df59...442b' }
-      its('repositories') { should_not include 'my_image' }
-      its('tags') { should_not include 'unwanted_tag' }
-      its('sizes') { should_not include "1.41 GB" }
-    end
-### version
-`info` returns the parsed result of [docker version](https://docs.docker.com/engine/reference/commandline/version/)
-    describe docker.version do
-      its('Server.Version') { should cmp >= '1.12'}
-      its('Client.Version') { should cmp >= '1.12'}
-    end
-### info
-`info` returns the parsed result of [docker info](https://docs.docker.com/engine/reference/commandline/info/)
-    describe docker.info do
-      its('Configuration.Path') { should eq 'value' }
-    end
-### object('id')
-`object` returns low-level information about docker objects. It is calling [docker inspect](https://docs.docker.com/engine/reference/commandline/info/) under the hood.
-    describe docker.object(id) do
-      its('Configuration.Path') { should eq 'value' }
-    end
+<br>
 ## Examples
@@ -158,3 +104,60 @@ and then run:
 Or execute the profile directly via URL:
     $ inspec exec https://github.com/dev-sec/cis-docker-benchmark
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### containers
+`containers` returns information about containers as returned by [docker ps -a](https://docs.docker.com/engine/reference/commandline/ps/). You can determine specific information about
+    describe docker.containers do
+      its('ids') { should include 'sha:71b5df59...442b' }
+      its('commands') { should_not include '/bin/sh' }
+      its('images') { should_not include 'u12:latest' }
+      its('ports') { should include '0.0.0.0:1234->1234/tcp' }
+      its('labels') { should include 'License=GPLv2,Vendor=CentOS' }
+    end
+### images
+`images` returns information about docker image as returned by [docker images](https://docs.docker.com/engine/reference/commandline/images/). You can determine specific information about
+    describe docker.images do
+      its('ids') { should include 'sha:12b5df59...442b' }
+      its('repositories') { should_not include 'my_image' }
+      its('tags') { should_not include 'unwanted_tag' }
+      its('sizes') { should_not include "1.41 GB" }
+    end
+### version
+`info` returns the parsed result of [docker version](https://docs.docker.com/engine/reference/commandline/version/)
+    describe docker.version do
+      its('Server.Version') { should cmp >= '1.12'}
+      its('Client.Version') { should cmp >= '1.12'}
+    end
+### info
+`info` returns the parsed result of [docker info](https://docs.docker.com/engine/reference/commandline/info/)
+    describe docker.info do
+      its('Configuration.Path') { should eq 'value' }
+    end
+### object('id')
+`object` returns low-level information about docker objects. It is calling [docker inspect](https://docs.docker.com/engine/reference/commandline/info/) under the hood.
+    describe docker.object(id) do
+      its('Configuration.Path') { should eq 'value' }
+    end

data/docs/resources/docker_container.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the docker_container Resource
 Use the `docker_container` InSpec audit resource to test a docker container.
+<br>
 ## Syntax
 A `docker_container` resource block declares the configuration data to be tested:
@@ -35,10 +37,30 @@ Alternatively, you can pass in the container id:
       it { should be_running }
     end
+<br>
+## Examples
+The following examples show how to use this InSpec resource.
+### Verify an running container:
+    describe docker_container('an-echo-server') do
+      it { should exist }
+      it { should be_running }
+      its('id') { should_not eq '' }
+      its('image') { should eq 'busybox:latest' }
+      its('repo') { should eq 'busybox' }
+      its('tag') { should eq 'latest' }
+      its('ports') { should eq [] }
+      its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' }
+    end
+<br>
 ## Matchers
-This InSpec audit resource has the following matchers:
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### id
@@ -69,21 +91,3 @@ The `ports` matcher tests the value the docker ports:
 The `command` matcher tests the value of the container run command:
     its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' }
-## Examples
-The following examples show how to use this InSpec resource.
-### Verify an running container:
-    describe docker_container('an-echo-server') do
-      it { should exist }
-      it { should be_running }
-      its('id') { should_not eq '' }
-      its('image') { should eq 'busybox:latest' }
-      its('repo') { should eq 'busybox' }
-      its('tag') { should eq 'latest' }
-      its('ports') { should eq [] }
-      its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' }
-    end