inspec 1.40.0 → 1.41.0

data/docs/resources/iis_site.md.erb

@@ -6,6 +6,8 @@ title: About the iis_site Resource
 
 Use the `iis_site` InSpec audit resource to test the state of IIS on Windows Server 2012 (and later).
 
+<br>
+
 ## Syntax
 
 An `iis_site` resource block declares details about the named site:
@@ -36,27 +38,40 @@ For example:
       it { should have_path('C:\\inetpub\\wwwroot') }
     end
 
-## Matchers
+<br>
 
-This InSpec audit resource has the following matchers:
+## Examples
 
-### be
+The following examples show how to use this InSpec audit resource.
 
-<%= partial "/shared/matcher_be" %>
+### Test a default IIS site
 
-### be_running
+    describe iis_site('Default Web Site') do
+      it { should exist }
+      it { should be_running }
+      it { should have_app_pool('DefaultAppPool') }
+      it { should have_binding('http *:80:') }
+      it { should have_path('%SystemDrive%\\inetpub\\wwwroot') }
+    end
 
-The `be_running` matcher tests if the site is running:
+### Test if IIS service is running
 
-    it { should be_running }
+    describe service('W3SVC') do
+      it { should be_installed }
+      it { should be_running }
+    end
 
-### cmp
+<br>
 
-<%= partial "/shared/matcher_cmp" %>
+## Matchers
+
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### be_running
 
-### eq
+The `be_running` matcher tests if the site is running:
 
-<%= partial "/shared/matcher_eq" %>
+    it { should be_running }
 
 ### exist
 
@@ -111,32 +126,3 @@ Testing a site with 128-bit SSL enabled:
 The `have_path` matcher tests if the named path is defined for the site:
 
     it { should have_path('C:\\inetpub\\wwwroot') }
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### match
-
-<%= partial "/shared/matcher_match" %>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test a default IIS site
-
-    describe iis_site('Default Web Site') do
-      it { should exist }
-      it { should be_running }
-      it { should have_app_pool('DefaultAppPool') }
-      it { should have_binding('http *:80:') }
-      it { should have_path('%SystemDrive%\\inetpub\\wwwroot') }
-    end
-
-### Test if IIS service is running
-
-    describe service('W3SVC') do
-      it { should be_installed }
-      it { should be_running }
-    end

data/docs/resources/inetd_conf.md.erb

@@ -6,6 +6,8 @@ title: About the inetd_conf Resource
 
 Use the `inetd_conf` InSpec audit resource to test if a service is listed in the `inetd.conf` file on Linux and Unix platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The `inetd.conf` file is typically located at `/etc/inetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.`
 
+<br>
+
 ## Syntax
 
 An `inetd_conf` resource block declares the list of services that are enabled in the `inetd.conf` file:
@@ -20,48 +22,7 @@ where
 * `('path')` is the non-default path to the `inetd.conf` file
 * `should eq 'value'` is the value that is expected
 
-
-## Matchers
-
-This resource matches any service that is listed in the `inetd.conf` file. You may want to ensure that specific services do not listen via `inetd.conf`:
-
-    its('shell') { should eq nil }
-
-or:
-
-    its('netstat') { should eq nil }
-
-or:
-
-    its('systat') { should eq nil }
-
-For example:
-
-    describe inetd_conf do
-      its('shell') { should eq nil }
-      its('login') { should eq nil }
-      its('exec') { should eq nil }
-    end
-
-### be
-
-<%= partial "/shared/matcher_be" %>
-
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
-
-### eq
-
-<%= partial "/shared/matcher_eq" %>
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### match
-
-<%= partial "/shared/matcher_match" %>
+<br>
 
 ## Examples
 
@@ -97,3 +58,27 @@ then the same test will return `false` for `ftp` and the entire test will fail.
     describe inetd_conf do
       its('telnet') { should eq nil }
     end
+
+<br>
+
+## Matchers
+
+This resource matches any service that is listed in the `inetd.conf` file. You may want to ensure that specific services do not listen via `inetd.conf`. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+    its('shell') { should eq nil }
+
+or:
+
+    its('netstat') { should eq nil }
+
+or:
+
+    its('systat') { should eq nil }
+
+For example:
+
+    describe inetd_conf do
+      its('shell') { should eq nil }
+      its('login') { should eq nil }
+      its('exec') { should eq nil }
+    end

data/docs/resources/ini.md.erb

@@ -6,6 +6,8 @@ title: About the ini Resource
 
 Use the `ini` InSpec audit resource to test settings in an INI file.
 
+<br>
+
 ## Syntax
 
 An `ini` resource block declares the configuration settings to be tested:
@@ -27,29 +29,7 @@ For example:
       its('server') { should eq '192.0.2.62' }
     end
 
-## Matchers
-
-This InSpec audit resource has the following matchers:
-
-### be
-
-<%= partial "/shared/matcher_be" %>
-
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
-
-### eq
-
-<%= partial "/shared/matcher_eq" %>
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### match
-
-<%= partial "/shared/matcher_match" %>
+<br>
 
 ## Examples
 
@@ -67,3 +47,9 @@ and can be tested like this:
     describe ini(/etc/php5/apache2/php.ini) do
       its('smtp_port') { should eq('465') }
     end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/interface.md.erb

@@ -9,6 +9,8 @@ Use the `interface` InSpec audit resource to test basic network adapter properti
 * On Linux platforms, `/sys/class/net/#{iface}` is used as source
 * On the Windows platform, the `Get-NetAdapter` cmdlet is used as source
 
+<br>
+
 ## Syntax
 
 An `interface` resource block declares network interface properties to be tested:
@@ -19,13 +21,11 @@ An `interface` resource block declares network interface properties to be tested
       its('name') { should eq eth0 }
     end
 
-## Matchers
-
-This InSpec audit resource has the following matchers:
+<br>
 
-### be
+## Matchers
 
-<%= partial "/shared/matcher_be" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 
 ### be_up
 
@@ -33,22 +33,6 @@ The `be_up` matcher tests if the network interface is available:
 
     it { should be_up }
 
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
-
-### eq
-
-<%= partial "/shared/matcher_eq" %>
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### match
-
-<%= partial "/shared/matcher_match" %>
-
 ### name
 
 The `name` matcher tests if the named network interface exists:
@@ -60,7 +44,3 @@ The `name` matcher tests if the named network interface exists:
 The `speed` matcher tests the speed of the network interface, in MB/sec:
 
     its('speed') { should eq 1000 }
-
-## Examples
-
-None.

data/docs/resources/iptables.md.erb

@@ -6,6 +6,8 @@ title: About the iptables Resource
 
 Use the `iptables` InSpec audit resource to test rules that are defined in `iptables`, which maintains tables of IP packet filtering rules. There may be more than one table. Each table contains one (or more) chains (both built-in and custom). A chain is a list of rules that match packets. When the rule matches, the rule defines what target to assign to the packet.
 
+<br>
+
 ## Syntax
 
 A `iptables` resource block declares tests for rules in IP tables:
@@ -22,35 +24,7 @@ where
 * `chain: 'name'` is the name of a user-defined chain or one of `ACCEPT`, `DROP`, `QUEUE`, or `RETURN`
 * `have_rule('RULE')` tests that rule in the iptables list. This must match the entire line taken from `iptables -S CHAIN`.
 
-## Matchers
-
-This InSpec audit resource has the following matchers:
-
-### be
-
-<%= partial "/shared/matcher_be" %>
-
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
-
-### eq
-
-<%= partial "/shared/matcher_eq" %>
-
-### have_rule
-
-The `have_rule` matcher tests the named rule against the information in the `iptables` file:
-
-    it { should have_rule('RULE') }
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### match
-
-<%= partial "/shared/matcher_match" %>
+<br>
 
 ## Examples
 
@@ -75,3 +49,15 @@ The following examples show how to use this InSpec audit resource.
     end
 
 Note that the rule specification must exactly match what's in the output of `iptables -S INPUT`, which will depend on how you've built your rules.
+
+<br>
+
+## Matchers
+
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### have_rule
+
+The `have_rule` matcher tests the named rule against the information in the `iptables` file:
+
+    it { should have_rule('RULE') }

data/docs/resources/json.md.erb

@@ -6,6 +6,8 @@ title: About the json Resource
 
 Use the `json` InSpec audit resource to test data in a JSON file.
 
+<br>
+
 ## Syntax
 
 A `json` resource block declares the data to be tested. Assume the following JSON file:
@@ -34,43 +36,26 @@ where
 * `name` is a configuration setting in a JSON file
 * `should eq 'foo'` tests a value of `name` as read from a JSON file versus the value declared in the test
 
+<br>
 
-## Matchers
-
-This InSpec audit resource has the following matchers:
-
-### be
-
-<%= partial "/shared/matcher_be" %>
-
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
+## Examples
 
-### eq
+The following examples show how to use this InSpec audit resource.
 
-<%= partial "/shared/matcher_eq" %>
+### Test a cookbook version in a policyfile.lock.json file
 
-### include
+    describe json('policyfile.lock.json') do
+      its(['cookbook_locks', 'omnibus', 'version']) { should eq('2.2.0') }
+    end
 
-<%= partial "/shared/matcher_include" %>
+<br>
 
-### match
+## Matchers
 
-<%= partial "/shared/matcher_match" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 
 ### name
 
 The `name` matcher tests the value of `name` as read from a JSON file versus the value declared in the test:
 
     its('name') { should eq 'foo' }
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test a cookbook version in a policyfile.lock.json file
-
-    describe json('policyfile.lock.json') do
-      its(['cookbook_locks', 'omnibus', 'version']) { should eq('2.2.0') }
-    end

data/docs/resources/kernel_module.md.erb

@@ -12,6 +12,8 @@ The `kernel_module` resource can also verify if a kernel module is `blacklisted`
 or if a module is disabled via a fake install using the `bin_true` or `bin_false`
 method.
 
+<br>
+
 ## Syntax
 
 A `kernel_module` resource block declares a module name, and then tests if that
@@ -32,90 +34,74 @@ where
 * `{ should be_blacklisted }` tests if the module is blacklisted or if the module is disabled via a fake install using /bin/false or /bin/true
 * `{ should be_disabled }` tests if the module is disabled via a fake install using /bin/false or /bin/true
 
-## Matchers
-
-This InSpec audit resource has the following matchers:
+<br>
 
-### be
-
-<%= partial "/shared/matcher_be" %>
+## Examples
 
-### be_loaded
+The following examples show how to use this InSpec audit resource.
 
-The `be_loaded` matcher tests if the module is a loadable kernel module:
+  ### Test a modules 'version'
 
+  describe kernel_module('bridge') do
     it { should be_loaded }
+    its(:version) { should cmp >= '2.2.2' }
+  end
 
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
-
-### eq
-
-<%= partial "/shared/matcher_eq" %>
+  ### Test if a module is loaded, not disabled and not blacklisted
 
-### include
+  describe kernel_module('video') do
+    it { should be_loaded }
+    it { should_not be_disabled }
+    it { should_not be_blacklisted }
+  end
 
-<%= partial "/shared/matcher_include" %>
+  ### Check if a module is blacklisted
 
-### match
+  describe kernel_module('floppy') do
+    it { should be_blacklisted }
+  end
 
-<%= partial "/shared/matcher_match" %>
+  ### Ensure a module is *not* blacklisted and it is loaded
 
-### version
+  describe kernel_module('video') do
+    it { should_not be_blacklisted }
+    it { should be_loaded }
+  end
 
-The `version` matcher tests if the named module version is on the system:
+  ### Ensure a module is disabled via 'bin_false'
 
-    its(:version) { should eq '3.2.2' }
+  describe kernel_module('sstfb') do
+    it { should_not be_loaded }
+    it { should be_disabled }
+  end
 
-## Examples
+  ### Ensure a module is 'blacklisted'/'disabled' via 'bin_true'
 
-The following examples show how to use this InSpec audit resource.
+  describe kernel_module('nvidiafb') do
+    it { should_not be_loaded }
+    it { should be_blacklisted }
+  end
 
-    ### Test a modules 'version'
+  ### Ensure a module is not loaded
 
-    describe kernel_module('bridge') do
-      it { should be_loaded }
-      its(:version) { should cmp >= '2.2.2' }
-    end
+  describe kernel_module('dhcp') do
+    it { should_not be_loaded }
+  end
 
-    ### Test if a module is loaded, not disabled and not blacklisted
+<br>
 
-    describe kernel_module('video') do
-      it { should be_loaded }
-      it { should_not be_disabled }
-      it { should_not be_blacklisted }
-    end
-
-    ### Check if a module is blacklisted
-
-    describe kernel_module('floppy') do
-      it { should be_blacklisted }
-    end
-
-    ### Ensure a module is *not* blacklisted and it is loaded
+## Matchers
 
-    describe kernel_module('video') do
-      it { should_not be_blacklisted }
-      it { should be_loaded }
-    end
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 
-    ### Ensure a module is disabled via 'bin_false'
+### be_loaded
 
-    describe kernel_module('sstfb') do
-      it { should_not be_loaded }
-      it { should be_disabled }
-    end
+The `be_loaded` matcher tests if the module is a loadable kernel module:
 
-    ### Ensure a module is 'blacklisted'/'disabled' via 'bin_true'
+    it { should be_loaded }
 
-    describe kernel_module('nvidiafb') do
-      it { should_not be_loaded }
-      it { should be_blacklisted }
-    end
+### version
 
-    ### Ensure a module is not loaded
+The `version` matcher tests if the named module version is on the system:
 
-    describe kernel_module('dhcp') do
-      it { should_not be_loaded }
-    end
+    its(:version) { should eq '3.2.2' }