inspec 1.40.0 → 1.41.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +30 -9
- data/docs/matchers.md +18 -0
- data/docs/plugin_kitchen_inspec.md +18 -24
- data/docs/profiles.md +39 -2
- data/docs/resources/aide_conf.md.erb +18 -28
- data/docs/resources/apache_conf.md.erb +19 -33
- data/docs/resources/apt.md.erb +22 -36
- data/docs/resources/audit_policy.md.erb +9 -24
- data/docs/resources/auditd.md.erb +9 -24
- data/docs/resources/auditd_conf.md.erb +20 -34
- data/docs/resources/auditd_rules.md.erb +8 -24
- data/docs/resources/bash.md.erb +4 -26
- data/docs/resources/bond.md.erb +25 -40
- data/docs/resources/bridge.md.erb +5 -25
- data/docs/resources/bsd_service.md.erb +5 -25
- data/docs/resources/command.md.erb +35 -50
- data/docs/resources/crontab.md.erb +9 -23
- data/docs/resources/csv.md.erb +12 -27
- data/docs/resources/dh_params.md +1 -0
- data/docs/resources/directory.md.erb +5 -25
- data/docs/resources/docker.md.erb +60 -57
- data/docs/resources/docker_container.md.erb +23 -19
- data/docs/resources/docker_image.md.erb +20 -16
- data/docs/resources/etc_fstab.md.erb +5 -2
- data/docs/resources/etc_group.md.erb +29 -45
- data/docs/resources/etc_hosts.md.erb +6 -0
- data/docs/resources/etc_hosts_allow.md.erb +6 -2
- data/docs/resources/etc_hosts_deny.md.erb +6 -2
- data/docs/resources/file.md.erb +198 -212
- data/docs/resources/firewalld.md.erb +7 -1
- data/docs/resources/gem.md.erb +21 -35
- data/docs/resources/group.md.erb +16 -30
- data/docs/resources/grub_conf.md.erb +9 -24
- data/docs/resources/host.md.erb +32 -49
- data/docs/resources/http.md.erb +38 -44
- data/docs/resources/iis_app.md.erb +25 -35
- data/docs/resources/iis_site.md.erb +26 -40
- data/docs/resources/inetd_conf.md.erb +27 -42
- data/docs/resources/ini.md.erb +9 -23
- data/docs/resources/interface.md.erb +5 -25
- data/docs/resources/iptables.md.erb +15 -29
- data/docs/resources/json.md.erb +12 -27
- data/docs/resources/kernel_module.md.erb +47 -61
- data/docs/resources/kernel_parameter.md.erb +15 -29
- data/docs/resources/key_rsa.md.erb +3 -0
- data/docs/resources/launchd_service.md.erb +5 -25
- data/docs/resources/limits_conf.md.erb +15 -29
- data/docs/resources/login_def.md.erb +15 -30
- data/docs/resources/mount.md.erb +18 -33
- data/docs/resources/mssql_session.md.erb +9 -12
- data/docs/resources/mysql_conf.md.erb +17 -32
- data/docs/resources/mysql_session.md.erb +15 -29
- data/docs/resources/nginx.md.erb +6 -0
- data/docs/resources/nginx_conf.md.erb +25 -20
- data/docs/resources/npm.md.erb +19 -35
- data/docs/resources/ntp_conf.md.erb +20 -37
- data/docs/resources/oneget.md.erb +15 -30
- data/docs/resources/oracledb_session.md.erb +9 -11
- data/docs/resources/os.md.erb +29 -43
- data/docs/resources/os_env.md.erb +29 -44
- data/docs/resources/package.md.erb +33 -42
- data/docs/resources/parse_config.md.erb +5 -25
- data/docs/resources/parse_config_file.md.erb +31 -43
- data/docs/resources/passwd.md.erb +24 -39
- data/docs/resources/pip.md.erb +20 -35
- data/docs/resources/port.md.erb +43 -57
- data/docs/resources/postgres_conf.md.erb +17 -31
- data/docs/resources/postgres_hba_conf.md.erb +26 -38
- data/docs/resources/postgres_ident_conf.md.erb +25 -37
- data/docs/resources/postgres_session.md.erb +15 -29
- data/docs/resources/powershell.md.erb +27 -42
- data/docs/resources/processes.md.erb +17 -33
- data/docs/resources/rabbitmq_config.md.erb +9 -24
- data/docs/resources/registry_key.md.erb +27 -42
- data/docs/resources/runit_service.md.erb +5 -25
- data/docs/resources/security_policy.md.erb +12 -27
- data/docs/resources/service.md.erb +27 -42
- data/docs/resources/shadow.md.erb +20 -35
- data/docs/resources/ssh_config.md.erb +19 -34
- data/docs/resources/sshd_config.md.erb +19 -34
- data/docs/resources/ssl.md.erb +39 -54
- data/docs/resources/sys_info.md.erb +12 -26
- data/docs/resources/systemd_service.md.erb +5 -25
- data/docs/resources/sysv_service.md.erb +5 -25
- data/docs/resources/upstart_service.md.erb +5 -25
- data/docs/resources/user.md.erb +29 -44
- data/docs/resources/users.md.erb +12 -26
- data/docs/resources/vbscript.md.erb +9 -24
- data/docs/resources/virtualization.md.erb +8 -23
- data/docs/resources/windows_feature.md.erb +15 -30
- data/docs/resources/windows_hotfix.md.erb +15 -9
- data/docs/resources/windows_task.md.erb +12 -26
- data/docs/resources/wmi.md.erb +9 -24
- data/docs/resources/x509_certificate.md.erb +4 -0
- data/docs/resources/xinetd_conf.md.erb +65 -80
- data/docs/resources/xml.md.erb +12 -26
- data/docs/resources/yaml.md.erb +12 -27
- data/docs/resources/yum.md.erb +37 -51
- data/docs/resources/zfs_dataset.md.erb +15 -26
- data/docs/resources/zfs_pool.md.erb +9 -20
- data/lib/inspec/backend.rb +8 -0
- data/lib/inspec/profile.rb +9 -1
- data/lib/inspec/shell.rb +13 -13
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +2 -0
- data/lib/resources/etc_hosts.rb +1 -1
- data/lib/resources/host.rb +4 -1
- data/lib/resources/http.rb +173 -23
- data/lib/resources/processes.rb +106 -20
- data/lib/resources/ssh_conf.rb +1 -1
- data/lib/resources/ssl.rb +4 -3
- data/lib/utils/object_traversal.rb +35 -10
- metadata +2 -2
@@ -6,6 +6,8 @@ title: About the command Resource
|
|
6
6
|
|
7
7
|
Use the `command` InSpec audit resource to test an arbitrary command that is run on the system.
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
A `command` resource block declares a command to be run, one (or more) expected outputs, and the location to which that output is sent:
|
@@ -21,56 +23,7 @@ where
|
|
21
23
|
* `'matcher'` is one of `exit_status`, `stderr`, or `stdout`
|
22
24
|
* `'output'` tests the output of the command run on the system versus the output value stated in the test
|
23
25
|
|
24
|
-
|
25
|
-
## Matchers
|
26
|
-
|
27
|
-
This InSpec audit resource has the following matchers:
|
28
|
-
|
29
|
-
### be
|
30
|
-
|
31
|
-
<%= partial "/shared/matcher_be" %>
|
32
|
-
|
33
|
-
### cmp
|
34
|
-
|
35
|
-
<%= partial "/shared/matcher_cmp" %>
|
36
|
-
|
37
|
-
### eq
|
38
|
-
|
39
|
-
<%= partial "/shared/matcher_eq" %>
|
40
|
-
|
41
|
-
### exist
|
42
|
-
|
43
|
-
The `exist` matcher tests if a command may be run on the system:
|
44
|
-
|
45
|
-
it { should exist }
|
46
|
-
|
47
|
-
### exit_status
|
48
|
-
|
49
|
-
The `exit_status` matcher tests the exit status for the command:
|
50
|
-
|
51
|
-
its('exit_status') { should eq 123 }
|
52
|
-
|
53
|
-
### include
|
54
|
-
|
55
|
-
<%= partial "/shared/matcher_include" %>
|
56
|
-
|
57
|
-
### match
|
58
|
-
|
59
|
-
<%= partial "/shared/matcher_match" %>
|
60
|
-
|
61
|
-
### stderr
|
62
|
-
|
63
|
-
The `stderr` matcher tests results of the command as returned in standard error (stderr):
|
64
|
-
|
65
|
-
its('stderr') { should eq 'error' }
|
66
|
-
|
67
|
-
### stdout
|
68
|
-
|
69
|
-
The `stdout` matcher tests results of the command as returned in standard output (stdout). The following example shows matching output using a regular expression:
|
70
|
-
|
71
|
-
describe command('echo 1') do
|
72
|
-
its('stdout') { should match (/[0-9]/) }
|
73
|
-
end
|
26
|
+
<br>
|
74
27
|
|
75
28
|
## Examples
|
76
29
|
|
@@ -149,3 +102,35 @@ Wix includes serveral tools -- such as `candle` (preprocesses and compiles sourc
|
|
149
102
|
it { should be_file }
|
150
103
|
end
|
151
104
|
end
|
105
|
+
|
106
|
+
<br>
|
107
|
+
|
108
|
+
## Matchers
|
109
|
+
|
110
|
+
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
111
|
+
|
112
|
+
### exist
|
113
|
+
|
114
|
+
The `exist` matcher tests if a command may be run on the system:
|
115
|
+
|
116
|
+
it { should exist }
|
117
|
+
|
118
|
+
### exit_status
|
119
|
+
|
120
|
+
The `exit_status` matcher tests the exit status for the command:
|
121
|
+
|
122
|
+
its('exit_status') { should eq 123 }
|
123
|
+
|
124
|
+
### stderr
|
125
|
+
|
126
|
+
The `stderr` matcher tests results of the command as returned in standard error (stderr):
|
127
|
+
|
128
|
+
its('stderr') { should eq 'error' }
|
129
|
+
|
130
|
+
### stdout
|
131
|
+
|
132
|
+
The `stdout` matcher tests results of the command as returned in standard output (stdout). The following example shows matching output using a regular expression:
|
133
|
+
|
134
|
+
describe command('echo 1') do
|
135
|
+
its('stdout') { should match (/[0-9]/) }
|
136
|
+
end
|
@@ -6,6 +6,8 @@ title: About the crontab Resource
|
|
6
6
|
|
7
7
|
Use the `crontab` InSpec audit resource to test the crontab entries for a particular user on the system. It recognizes special time strings (@yearly, @weekly, etc).
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
A `crontab` resource block declares a user (which defaults to the current user, if not specified), and then the details to be tested, such as the schedule elements for each crontab entry or the commands itself:
|
@@ -14,29 +16,7 @@ A `crontab` resource block declares a user (which defaults to the current user,
|
|
14
16
|
its('commands') { should include '/some/scheduled/task.sh' }
|
15
17
|
end
|
16
18
|
|
17
|
-
|
18
|
-
|
19
|
-
This InSpec audit resource has the following matchers:
|
20
|
-
|
21
|
-
### be
|
22
|
-
|
23
|
-
<%= partial "/shared/matcher_be" %>
|
24
|
-
|
25
|
-
### cmp
|
26
|
-
|
27
|
-
<%= partial "/shared/matcher_cmp" %>
|
28
|
-
|
29
|
-
### eq
|
30
|
-
|
31
|
-
<%= partial "/shared/matcher_eq" %>
|
32
|
-
|
33
|
-
### include
|
34
|
-
|
35
|
-
<%= partial "/shared/matcher_include" %>
|
36
|
-
|
37
|
-
### match
|
38
|
-
|
39
|
-
<%= partial "/shared/matcher_match" %>
|
19
|
+
<br>
|
40
20
|
|
41
21
|
## Examples
|
42
22
|
|
@@ -82,3 +62,9 @@ The following examples show how to use this InSpec audit resource.
|
|
82
62
|
its('hours') { should cmp '-1' }
|
83
63
|
its('minutes') { should cmp '-1' }
|
84
64
|
end
|
65
|
+
|
66
|
+
<br>
|
67
|
+
|
68
|
+
## Matchers
|
69
|
+
|
70
|
+
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
data/docs/resources/csv.md.erb
CHANGED
@@ -6,6 +6,8 @@ title: About the csv Resource
|
|
6
6
|
|
7
7
|
Use the `csv` InSpec audit resource to test configuration data in a CSV file.
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
A `csv` resource block declares the configuration data to be tested:
|
@@ -20,43 +22,26 @@ where
|
|
20
22
|
* `name` is a configuration setting in a CSV file
|
21
23
|
* `should eq 'foo'` tests a value of `name` as read from a CSV file versus the value declared in the test
|
22
24
|
|
25
|
+
<br>
|
23
26
|
|
24
|
-
##
|
25
|
-
|
26
|
-
This InSpec audit resource has the following matchers:
|
27
|
-
|
28
|
-
### be
|
29
|
-
|
30
|
-
<%= partial "/shared/matcher_be" %>
|
31
|
-
|
32
|
-
### cmp
|
33
|
-
|
34
|
-
<%= partial "/shared/matcher_cmp" %>
|
27
|
+
## Examples
|
35
28
|
|
36
|
-
|
29
|
+
The following examples show how to use this InSpec audit resource.
|
37
30
|
|
38
|
-
|
31
|
+
### Test a CSV file
|
39
32
|
|
40
|
-
|
33
|
+
describe csv('some_file.csv') do
|
34
|
+
its('setting') { should eq 1 }
|
35
|
+
end
|
41
36
|
|
42
|
-
|
37
|
+
<br>
|
43
38
|
|
44
|
-
|
39
|
+
## Matchers
|
45
40
|
|
46
|
-
|
41
|
+
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
47
42
|
|
48
43
|
### name
|
49
44
|
|
50
45
|
The `name` matcher tests the value of `name` as read from a CSV file versus the value declared in the test:
|
51
46
|
|
52
47
|
its('name') { should eq 'foo' }
|
53
|
-
|
54
|
-
## Examples
|
55
|
-
|
56
|
-
The following examples show how to use this InSpec audit resource.
|
57
|
-
|
58
|
-
### Test a CSV file
|
59
|
-
|
60
|
-
describe csv('some_file.csv') do
|
61
|
-
its('setting') { should eq 1 }
|
62
|
-
end
|
data/docs/resources/dh_params.md
CHANGED
@@ -6,6 +6,8 @@ title: About the directory Resource
|
|
6
6
|
|
7
7
|
Use the `directory` InSpec audit resource to test if the file type is a directory. This is equivalent to using the `file` resource and the `be_directory` matcher, but provides a simpler and more direct way to test directories. All of the matchers available to `file` may be used with `directory`.
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
A `directory` resource block declares the location of the directory to be tested, and then one (or more) matchers:
|
@@ -14,30 +16,8 @@ A `directory` resource block declares the location of the directory to be tested
|
|
14
16
|
it { should MATCHER 'value' }
|
15
17
|
end
|
16
18
|
|
17
|
-
|
18
|
-
|
19
|
-
This resource may use any of the matchers available to the `file` resource that may be useful when testing a directory.
|
20
|
-
|
21
|
-
### be
|
22
|
-
|
23
|
-
<%= partial "/shared/matcher_be" %>
|
24
|
-
|
25
|
-
### cmp
|
26
|
-
|
27
|
-
<%= partial "/shared/matcher_cmp" %>
|
19
|
+
<br>
|
28
20
|
|
29
|
-
|
30
|
-
|
31
|
-
<%= partial "/shared/matcher_eq" %>
|
32
|
-
|
33
|
-
### include
|
34
|
-
|
35
|
-
<%= partial "/shared/matcher_include" %>
|
36
|
-
|
37
|
-
### match
|
38
|
-
|
39
|
-
<%= partial "/shared/matcher_match" %>
|
40
|
-
|
41
|
-
## Examples
|
21
|
+
## Matchers
|
42
22
|
|
43
|
-
|
23
|
+
This resource may use any of the matchers available to the `file` resource that may be useful when testing a directory. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
@@ -6,6 +6,8 @@ title: About the docker Resource
|
|
6
6
|
|
7
7
|
Use the `docker` InSpec audit resource to test configuration data for docker daemon. It is a very comprehensive resource. Please have a look at [docker_container](docker_container) and [docker_image](docker_image), too.
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
A `docker` resource block declares allows you to write test for many containers:
|
@@ -42,63 +44,7 @@ where
|
|
42
44
|
* `.where()` may specify a specific item and value, to which the matchers are compared
|
43
45
|
* `commands`, `ids`, `images`, `labels`, `local_volumes`, `mounts`, `names`, `networks`, `ports`, `sizes` and `'status'` are valid matchers for `containers`
|
44
46
|
|
45
|
-
|
46
|
-
|
47
|
-
## Matchers
|
48
|
-
|
49
|
-
This InSpec audit resource has the following matchers:
|
50
|
-
|
51
|
-
### containers
|
52
|
-
|
53
|
-
`containers` returns information about containers as returned by [docker ps -a](https://docs.docker.com/engine/reference/commandline/ps/). You can determine specific information about
|
54
|
-
|
55
|
-
describe docker.containers do
|
56
|
-
its('ids') { should include 'sha:71b5df59...442b' }
|
57
|
-
its('commands') { should_not include '/bin/sh' }
|
58
|
-
its('images') { should_not include 'u12:latest' }
|
59
|
-
its('ports') { should include '0.0.0.0:1234->1234/tcp' }
|
60
|
-
its('labels') { should include 'License=GPLv2,Vendor=CentOS' }
|
61
|
-
end
|
62
|
-
|
63
|
-
|
64
|
-
### images
|
65
|
-
|
66
|
-
`images` returns information about docker image as returned by [docker images](https://docs.docker.com/engine/reference/commandline/images/). You can determine specific information about
|
67
|
-
|
68
|
-
describe docker.images do
|
69
|
-
its('ids') { should include 'sha:12b5df59...442b' }
|
70
|
-
its('repositories') { should_not include 'my_image' }
|
71
|
-
its('tags') { should_not include 'unwanted_tag' }
|
72
|
-
its('sizes') { should_not include "1.41 GB" }
|
73
|
-
end
|
74
|
-
|
75
|
-
### version
|
76
|
-
|
77
|
-
`info` returns the parsed result of [docker version](https://docs.docker.com/engine/reference/commandline/version/)
|
78
|
-
|
79
|
-
describe docker.version do
|
80
|
-
its('Server.Version') { should cmp >= '1.12'}
|
81
|
-
its('Client.Version') { should cmp >= '1.12'}
|
82
|
-
end
|
83
|
-
|
84
|
-
|
85
|
-
### info
|
86
|
-
|
87
|
-
`info` returns the parsed result of [docker info](https://docs.docker.com/engine/reference/commandline/info/)
|
88
|
-
|
89
|
-
describe docker.info do
|
90
|
-
its('Configuration.Path') { should eq 'value' }
|
91
|
-
end
|
92
|
-
|
93
|
-
|
94
|
-
### object('id')
|
95
|
-
|
96
|
-
`object` returns low-level information about docker objects. It is calling [docker inspect](https://docs.docker.com/engine/reference/commandline/info/) under the hood.
|
97
|
-
|
98
|
-
describe docker.object(id) do
|
99
|
-
its('Configuration.Path') { should eq 'value' }
|
100
|
-
end
|
101
|
-
|
47
|
+
<br>
|
102
48
|
|
103
49
|
## Examples
|
104
50
|
|
@@ -158,3 +104,60 @@ and then run:
|
|
158
104
|
Or execute the profile directly via URL:
|
159
105
|
|
160
106
|
$ inspec exec https://github.com/dev-sec/cis-docker-benchmark
|
107
|
+
|
108
|
+
<br>
|
109
|
+
|
110
|
+
## Matchers
|
111
|
+
|
112
|
+
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
113
|
+
|
114
|
+
### containers
|
115
|
+
|
116
|
+
`containers` returns information about containers as returned by [docker ps -a](https://docs.docker.com/engine/reference/commandline/ps/). You can determine specific information about
|
117
|
+
|
118
|
+
describe docker.containers do
|
119
|
+
its('ids') { should include 'sha:71b5df59...442b' }
|
120
|
+
its('commands') { should_not include '/bin/sh' }
|
121
|
+
its('images') { should_not include 'u12:latest' }
|
122
|
+
its('ports') { should include '0.0.0.0:1234->1234/tcp' }
|
123
|
+
its('labels') { should include 'License=GPLv2,Vendor=CentOS' }
|
124
|
+
end
|
125
|
+
|
126
|
+
|
127
|
+
### images
|
128
|
+
|
129
|
+
`images` returns information about docker image as returned by [docker images](https://docs.docker.com/engine/reference/commandline/images/). You can determine specific information about
|
130
|
+
|
131
|
+
describe docker.images do
|
132
|
+
its('ids') { should include 'sha:12b5df59...442b' }
|
133
|
+
its('repositories') { should_not include 'my_image' }
|
134
|
+
its('tags') { should_not include 'unwanted_tag' }
|
135
|
+
its('sizes') { should_not include "1.41 GB" }
|
136
|
+
end
|
137
|
+
|
138
|
+
### version
|
139
|
+
|
140
|
+
`info` returns the parsed result of [docker version](https://docs.docker.com/engine/reference/commandline/version/)
|
141
|
+
|
142
|
+
describe docker.version do
|
143
|
+
its('Server.Version') { should cmp >= '1.12'}
|
144
|
+
its('Client.Version') { should cmp >= '1.12'}
|
145
|
+
end
|
146
|
+
|
147
|
+
|
148
|
+
### info
|
149
|
+
|
150
|
+
`info` returns the parsed result of [docker info](https://docs.docker.com/engine/reference/commandline/info/)
|
151
|
+
|
152
|
+
describe docker.info do
|
153
|
+
its('Configuration.Path') { should eq 'value' }
|
154
|
+
end
|
155
|
+
|
156
|
+
|
157
|
+
### object('id')
|
158
|
+
|
159
|
+
`object` returns low-level information about docker objects. It is calling [docker inspect](https://docs.docker.com/engine/reference/commandline/info/) under the hood.
|
160
|
+
|
161
|
+
describe docker.object(id) do
|
162
|
+
its('Configuration.Path') { should eq 'value' }
|
163
|
+
end
|
@@ -6,6 +6,8 @@ title: About the docker_container Resource
|
|
6
6
|
|
7
7
|
Use the `docker_container` InSpec audit resource to test a docker container.
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
A `docker_container` resource block declares the configuration data to be tested:
|
@@ -35,10 +37,30 @@ Alternatively, you can pass in the container id:
|
|
35
37
|
it { should be_running }
|
36
38
|
end
|
37
39
|
|
40
|
+
<br>
|
41
|
+
|
42
|
+
## Examples
|
43
|
+
|
44
|
+
The following examples show how to use this InSpec resource.
|
45
|
+
|
46
|
+
### Verify an running container:
|
47
|
+
|
48
|
+
describe docker_container('an-echo-server') do
|
49
|
+
it { should exist }
|
50
|
+
it { should be_running }
|
51
|
+
its('id') { should_not eq '' }
|
52
|
+
its('image') { should eq 'busybox:latest' }
|
53
|
+
its('repo') { should eq 'busybox' }
|
54
|
+
its('tag') { should eq 'latest' }
|
55
|
+
its('ports') { should eq [] }
|
56
|
+
its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' }
|
57
|
+
end
|
58
|
+
|
59
|
+
<br>
|
38
60
|
|
39
61
|
## Matchers
|
40
62
|
|
41
|
-
This InSpec audit resource has the following matchers
|
63
|
+
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
42
64
|
|
43
65
|
### id
|
44
66
|
|
@@ -69,21 +91,3 @@ The `ports` matcher tests the value the docker ports:
|
|
69
91
|
The `command` matcher tests the value of the container run command:
|
70
92
|
|
71
93
|
its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' }
|
72
|
-
|
73
|
-
|
74
|
-
## Examples
|
75
|
-
|
76
|
-
The following examples show how to use this InSpec resource.
|
77
|
-
|
78
|
-
### Verify an running container:
|
79
|
-
|
80
|
-
describe docker_container('an-echo-server') do
|
81
|
-
it { should exist }
|
82
|
-
it { should be_running }
|
83
|
-
its('id') { should_not eq '' }
|
84
|
-
its('image') { should eq 'busybox:latest' }
|
85
|
-
its('repo') { should eq 'busybox' }
|
86
|
-
its('tag') { should eq 'latest' }
|
87
|
-
its('ports') { should eq [] }
|
88
|
-
its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' }
|
89
|
-
end
|