RubyGems - inspec - Versions diffs - 1.40.0 → 1.41.0 - Mend

inspec 1.40.0 → 1.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (114) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +30 -9
data/docs/matchers.md +18 -0
data/docs/plugin_kitchen_inspec.md +18 -24
data/docs/profiles.md +39 -2
data/docs/resources/aide_conf.md.erb +18 -28
data/docs/resources/apache_conf.md.erb +19 -33
data/docs/resources/apt.md.erb +22 -36
data/docs/resources/audit_policy.md.erb +9 -24
data/docs/resources/auditd.md.erb +9 -24
data/docs/resources/auditd_conf.md.erb +20 -34
data/docs/resources/auditd_rules.md.erb +8 -24
data/docs/resources/bash.md.erb +4 -26
data/docs/resources/bond.md.erb +25 -40
data/docs/resources/bridge.md.erb +5 -25
data/docs/resources/bsd_service.md.erb +5 -25
data/docs/resources/command.md.erb +35 -50
data/docs/resources/crontab.md.erb +9 -23
data/docs/resources/csv.md.erb +12 -27
data/docs/resources/dh_params.md +1 -0
data/docs/resources/directory.md.erb +5 -25
data/docs/resources/docker.md.erb +60 -57
data/docs/resources/docker_container.md.erb +23 -19
data/docs/resources/docker_image.md.erb +20 -16
data/docs/resources/etc_fstab.md.erb +5 -2
data/docs/resources/etc_group.md.erb +29 -45
data/docs/resources/etc_hosts.md.erb +6 -0
data/docs/resources/etc_hosts_allow.md.erb +6 -2
data/docs/resources/etc_hosts_deny.md.erb +6 -2
data/docs/resources/file.md.erb +198 -212
data/docs/resources/firewalld.md.erb +7 -1
data/docs/resources/gem.md.erb +21 -35
data/docs/resources/group.md.erb +16 -30
data/docs/resources/grub_conf.md.erb +9 -24
data/docs/resources/host.md.erb +32 -49
data/docs/resources/http.md.erb +38 -44
data/docs/resources/iis_app.md.erb +25 -35
data/docs/resources/iis_site.md.erb +26 -40
data/docs/resources/inetd_conf.md.erb +27 -42
data/docs/resources/ini.md.erb +9 -23
data/docs/resources/interface.md.erb +5 -25
data/docs/resources/iptables.md.erb +15 -29
data/docs/resources/json.md.erb +12 -27
data/docs/resources/kernel_module.md.erb +47 -61
data/docs/resources/kernel_parameter.md.erb +15 -29
data/docs/resources/key_rsa.md.erb +3 -0
data/docs/resources/launchd_service.md.erb +5 -25
data/docs/resources/limits_conf.md.erb +15 -29
data/docs/resources/login_def.md.erb +15 -30
data/docs/resources/mount.md.erb +18 -33
data/docs/resources/mssql_session.md.erb +9 -12
data/docs/resources/mysql_conf.md.erb +17 -32
data/docs/resources/mysql_session.md.erb +15 -29
data/docs/resources/nginx.md.erb +6 -0
data/docs/resources/nginx_conf.md.erb +25 -20
data/docs/resources/npm.md.erb +19 -35
data/docs/resources/ntp_conf.md.erb +20 -37
data/docs/resources/oneget.md.erb +15 -30
data/docs/resources/oracledb_session.md.erb +9 -11
data/docs/resources/os.md.erb +29 -43
data/docs/resources/os_env.md.erb +29 -44
data/docs/resources/package.md.erb +33 -42
data/docs/resources/parse_config.md.erb +5 -25
data/docs/resources/parse_config_file.md.erb +31 -43
data/docs/resources/passwd.md.erb +24 -39
data/docs/resources/pip.md.erb +20 -35
data/docs/resources/port.md.erb +43 -57
data/docs/resources/postgres_conf.md.erb +17 -31
data/docs/resources/postgres_hba_conf.md.erb +26 -38
data/docs/resources/postgres_ident_conf.md.erb +25 -37
data/docs/resources/postgres_session.md.erb +15 -29
data/docs/resources/powershell.md.erb +27 -42
data/docs/resources/processes.md.erb +17 -33
data/docs/resources/rabbitmq_config.md.erb +9 -24
data/docs/resources/registry_key.md.erb +27 -42
data/docs/resources/runit_service.md.erb +5 -25
data/docs/resources/security_policy.md.erb +12 -27
data/docs/resources/service.md.erb +27 -42
data/docs/resources/shadow.md.erb +20 -35
data/docs/resources/ssh_config.md.erb +19 -34
data/docs/resources/sshd_config.md.erb +19 -34
data/docs/resources/ssl.md.erb +39 -54
data/docs/resources/sys_info.md.erb +12 -26
data/docs/resources/systemd_service.md.erb +5 -25
data/docs/resources/sysv_service.md.erb +5 -25
data/docs/resources/upstart_service.md.erb +5 -25
data/docs/resources/user.md.erb +29 -44
data/docs/resources/users.md.erb +12 -26
data/docs/resources/vbscript.md.erb +9 -24
data/docs/resources/virtualization.md.erb +8 -23
data/docs/resources/windows_feature.md.erb +15 -30
data/docs/resources/windows_hotfix.md.erb +15 -9
data/docs/resources/windows_task.md.erb +12 -26
data/docs/resources/wmi.md.erb +9 -24
data/docs/resources/x509_certificate.md.erb +4 -0
data/docs/resources/xinetd_conf.md.erb +65 -80
data/docs/resources/xml.md.erb +12 -26
data/docs/resources/yaml.md.erb +12 -27
data/docs/resources/yum.md.erb +37 -51
data/docs/resources/zfs_dataset.md.erb +15 -26
data/docs/resources/zfs_pool.md.erb +9 -20
data/lib/inspec/backend.rb +8 -0
data/lib/inspec/profile.rb +9 -1
data/lib/inspec/shell.rb +13 -13
data/lib/inspec/version.rb +1 -1
data/lib/matchers/matchers.rb +2 -0
data/lib/resources/etc_hosts.rb +1 -1
data/lib/resources/host.rb +4 -1
data/lib/resources/http.rb +173 -23
data/lib/resources/processes.rb +106 -20
data/lib/resources/ssh_conf.rb +1 -1
data/lib/resources/ssl.rb +4 -3
data/lib/utils/object_traversal.rb +35 -10
metadata +2 -2

data/docs/resources/kernel_parameter.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the kernel_parameter Resource
 Use the `kernel_parameter` InSpec audit resource to test kernel parameters on Linux platforms.
+<br>
 ## Syntax
 A `kernel_parameter` resource block declares a parameter and then a value to be tested:
@@ -19,35 +21,7 @@ where
 * `'kernel.parameter'` must specify a kernel parameter, such as `'net.ipv4.conf.all.forwarding'`
 * `{ should eq 0 }` states the value to be tested
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### value
-The `value` matcher tests the value assigned to the named IP address versus the value declared in the test:
-    its('value') { should eq 0 }
+<br>
 ## Examples
@@ -70,3 +44,15 @@ The following examples show how to use this InSpec audit resource.
     describe kernel_parameter('net.ipv6.conf.interface.accept_redirects') do
       its('value') { should eq 'true' }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### value
+The `value` matcher tests the value assigned to the named IP address versus the value declared in the test:
+    its('value') { should eq 0 }

data/docs/resources/key_rsa.md.erb CHANGED

@@ -8,6 +8,7 @@ Use the `key_rsa` InSpec audit resource to test RSA public/private keypairs.
 This resource is mainly useful when used in conjunction with the x509_certificate resource but it can also be used for checking SSH keys.
+<br>
 ## Syntax
@@ -26,6 +27,8 @@ You can use an optional passphrase with `key_rsa`
       it { should be_private }
     end
+<br>
 ## Supported Properties
 ### public?

data/docs/resources/launchd_service.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the launchd_service Resource
 Use the ``launchd_service`` InSpec audit resource to test a service using Launchd.
+<br>
 ## Syntax
 A ``launchd_service`` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
@@ -29,13 +31,11 @@ The path to the service manager's control may be specified for situations where
       it { should be_running }
     end
-## Matchers
-This InSpec audit resource has the following matchers:
+<br>
-### be
+## Matchers
-<%= partial "/shared/matcher_be" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### be_enabled
@@ -54,23 +54,3 @@ The `be_installed` matcher tests if the named service is installed:
 The `be_running` matcher tests if the named service is running:
     it { should be_running }
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-## Examples
-None.

data/docs/resources/limits_conf.md.erb CHANGED

@@ -17,6 +17,8 @@ Entries in the `limits.conf` file are similar to:
     ^^^^^^^^^   ^^^^   ^^^^^^   ^^^^^
     domain      type    item    value
+<br>
 ## Syntax
 A `limits_conf` resource block declares a domain to be tested, along with associated type, item, and value:
@@ -34,17 +36,24 @@ where
 * `'item'` is the item for which limits are defined, such as `core`, `nofile`, `stack`, `nproc`, `priority`, or `maxlogins`
 * `'value'` is the value associated with the `item`
-## Matchers
+<br>
-This InSpec audit resource has the following matchers:
+## Examples
-### be
+The following examples show how to use this InSpec audit resource.
-<%= partial "/shared/matcher_be" %>
+### Test limits
-### cmp
+    describe limits_conf('path') do
+      its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
+      its('ftp') { should eq ['hard', 'nproc', '0'] }
+    end
+<br>
+## Matchers
-<%= partial "/shared/matcher_cmp" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### domain
@@ -55,26 +64,3 @@ The `domain` matcher tests the domain in the `limits.conf` file, along with asso
 For example:
     its('grantmc') { should include ['hard', 'nofile', '63536'] }
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Test limits
-    describe limits_conf('path') do
-      its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
-      its('ftp') { should eq ['hard', 'nproc', '0'] }
-    end

data/docs/resources/login_def.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the login_defs Resource
 Use the `login_defs` InSpec audit resource to test configuration settings in the `/etc/login.defs` file. The `logins.defs` file defines site-specific configuration for the shadow password suite on Linux and Unix platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.
+<br>
 ## Syntax
 A `login_defs` resource block declares the `login.defs` configuration data to be tested:
@@ -19,36 +21,7 @@ where
 * `name` is a configuration setting in `login.defs`
 * `{ should include('foo') }` tests the value of `name` as read from `login.defs` versus the value declared in the test
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### name
-The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test:
-    its('name') { should eq 'foo' }
+<br>
 ## Examples
@@ -75,3 +48,15 @@ The following examples show how to use this InSpec audit resource.
       its('UMASK') { should eq '077' }
       its('PASS_MAX_DAYS') { should eq '90' }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### name
+The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test:
+    its('name') { should eq 'foo' }

data/docs/resources/mount.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the mount Resource
 Use the `mount` InSpec audit resource to test the mount points on FreeBSD and Linux systems.
+<br>
 ## Syntax
 An `mount` resource block declares the synchronization settings that should be tested:
@@ -20,14 +22,26 @@ where
 * `MATCHER` is a valid matcher for this resource
 * `'value'` is the value to be tested
+<br>
-## Matchers
+## Examples
+The following examples show how to use this InSpec audit resource.
+### Test a the mount point on '/'
+    describe mount('/') do
+      it { should be_mounted }
+      its('device') { should eq  '/dev/mapper/VolGroup-lv_root' }
+      its('type') { should eq  'ext4' }
+      its('options') { should eq ['rw', 'mode=620'] }
+    end
-This InSpec audit resource has the following matchers:
+<br>
-### be
+## Matchers
-<%= partial "/shared/matcher_be" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### be_mounted
@@ -35,28 +49,12 @@ The `be_mounted` matcher tests if the file is accessible from the file system:
     it { should be_mounted }
-### cmp
-<%= partial "/shared/matcher_cmp" %>
 ### device
 The `device` matcher tests the device from the `fstab` table:
     its('device') { should eq  '/dev/mapper/VolGroup-lv_root' }
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
 ### options
 The `options` matcher tests the mount options for the file system from the `fstab` table:
@@ -68,16 +66,3 @@ The `options` matcher tests the mount options for the file system from the `fsta
 The `type` matcher tests the file system type:
     its('type') { should eq  'ext4' }
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Test a the mount point on '/'
-    describe mount('/') do
-      it { should be_mounted }
-      its('device') { should eq  '/dev/mapper/VolGroup-lv_root' }
-      its('type') { should eq  'ext4' }
-      its('options') { should eq ['rw', 'mode=620'] }
-    end

data/docs/resources/mssql_session.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the mssql_session Resource
 Use the `mssql_session` InSpec audit resource to test SQL commands run against a Microsoft SQL database.
+<br>
 ## Syntax
 A `mssql_session` resource block declares the username and password to use for the session, and then the command to be run:
@@ -20,18 +22,7 @@ where
 * `query('QUERY')` contains the query to be run
 * `its('value') { should eq('') }` compares the results of the query against the expected result in the test
-## Matchers
-This InSpec audit resource has the following matchers:
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
+<br>
 ## Examples
@@ -60,3 +51,9 @@ The following examples show how to use this InSpec audit resource.
     describe sql.query("SELECT SERVERPROPERTY('ProductVersion') as result").row(0).column('result') do
       its("value") { should cmp > '12.00.4457' }
     end
+<br>
+## Matchers
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/mysql_conf.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the mysql_conf Resource
 Use the `mysql_conf` InSpec audit resource to test the contents of the configuration file for MySQL, typically located at `/etc/mysql/my.cnf` or `/etc/my.cnf`.
+<br>
 ## Syntax
 A `mysql_conf` resource block declares one (or more) settings in the `my.cnf` file, and then compares the setting in the configuration file to the value stated in the test:
@@ -31,38 +33,7 @@ where
 * `('path')` is the non-default path to the `my.cnf` file
 * `should eq 'value'` is the value that is expected
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### setting
-The `setting` matcher tests specific, named settings in the `my.cnf` file:
-    its('setting') { should eq 'value' }
-Use a `setting` matcher for each setting to be tested.
+<br>
 ## Examples
@@ -111,3 +82,17 @@ The following examples show how to use this InSpec audit resource.
     describe mysql_conf.params('mysqld') do
       its('safe-user-create') { should eq('1') }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### setting
+The `setting` matcher tests specific, named settings in the `my.cnf` file:
+    its('setting') { should eq 'value' }
+Use a `setting` matcher for each setting to be tested.

data/docs/resources/mysql_session.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the mysql_session Resource
 Use the `mysql_session` InSpec audit resource to test SQL commands run against a MySQL database.
+<br>
 ## Syntax
 A `mysql_session` resource block declares the username and password to use for the session, and then the command to be run:
@@ -20,35 +22,7 @@ where
 * `query('QUERY')` contains the query to be run
 * `its('output') { should eq('') }` compares the results of the query against the expected result in the test
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### output
-The `output` matcher tests the results of the query:
-    its('output') { should eq(/^0/) }
+<br>
 ## Examples
@@ -73,3 +47,15 @@ The following examples show how to use this InSpec audit resource.
 ### Alternate Connection: Using a socket
   sql = mysql_session('my_user','password', nil, nil, '/var/lib/mysql-default/mysqld.sock')
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### output
+The `output` matcher tests the results of the query:
+    its('output') { should eq(/^0/) }