inspec 1.40.0 → 1.41.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +30 -9
- data/docs/matchers.md +18 -0
- data/docs/plugin_kitchen_inspec.md +18 -24
- data/docs/profiles.md +39 -2
- data/docs/resources/aide_conf.md.erb +18 -28
- data/docs/resources/apache_conf.md.erb +19 -33
- data/docs/resources/apt.md.erb +22 -36
- data/docs/resources/audit_policy.md.erb +9 -24
- data/docs/resources/auditd.md.erb +9 -24
- data/docs/resources/auditd_conf.md.erb +20 -34
- data/docs/resources/auditd_rules.md.erb +8 -24
- data/docs/resources/bash.md.erb +4 -26
- data/docs/resources/bond.md.erb +25 -40
- data/docs/resources/bridge.md.erb +5 -25
- data/docs/resources/bsd_service.md.erb +5 -25
- data/docs/resources/command.md.erb +35 -50
- data/docs/resources/crontab.md.erb +9 -23
- data/docs/resources/csv.md.erb +12 -27
- data/docs/resources/dh_params.md +1 -0
- data/docs/resources/directory.md.erb +5 -25
- data/docs/resources/docker.md.erb +60 -57
- data/docs/resources/docker_container.md.erb +23 -19
- data/docs/resources/docker_image.md.erb +20 -16
- data/docs/resources/etc_fstab.md.erb +5 -2
- data/docs/resources/etc_group.md.erb +29 -45
- data/docs/resources/etc_hosts.md.erb +6 -0
- data/docs/resources/etc_hosts_allow.md.erb +6 -2
- data/docs/resources/etc_hosts_deny.md.erb +6 -2
- data/docs/resources/file.md.erb +198 -212
- data/docs/resources/firewalld.md.erb +7 -1
- data/docs/resources/gem.md.erb +21 -35
- data/docs/resources/group.md.erb +16 -30
- data/docs/resources/grub_conf.md.erb +9 -24
- data/docs/resources/host.md.erb +32 -49
- data/docs/resources/http.md.erb +38 -44
- data/docs/resources/iis_app.md.erb +25 -35
- data/docs/resources/iis_site.md.erb +26 -40
- data/docs/resources/inetd_conf.md.erb +27 -42
- data/docs/resources/ini.md.erb +9 -23
- data/docs/resources/interface.md.erb +5 -25
- data/docs/resources/iptables.md.erb +15 -29
- data/docs/resources/json.md.erb +12 -27
- data/docs/resources/kernel_module.md.erb +47 -61
- data/docs/resources/kernel_parameter.md.erb +15 -29
- data/docs/resources/key_rsa.md.erb +3 -0
- data/docs/resources/launchd_service.md.erb +5 -25
- data/docs/resources/limits_conf.md.erb +15 -29
- data/docs/resources/login_def.md.erb +15 -30
- data/docs/resources/mount.md.erb +18 -33
- data/docs/resources/mssql_session.md.erb +9 -12
- data/docs/resources/mysql_conf.md.erb +17 -32
- data/docs/resources/mysql_session.md.erb +15 -29
- data/docs/resources/nginx.md.erb +6 -0
- data/docs/resources/nginx_conf.md.erb +25 -20
- data/docs/resources/npm.md.erb +19 -35
- data/docs/resources/ntp_conf.md.erb +20 -37
- data/docs/resources/oneget.md.erb +15 -30
- data/docs/resources/oracledb_session.md.erb +9 -11
- data/docs/resources/os.md.erb +29 -43
- data/docs/resources/os_env.md.erb +29 -44
- data/docs/resources/package.md.erb +33 -42
- data/docs/resources/parse_config.md.erb +5 -25
- data/docs/resources/parse_config_file.md.erb +31 -43
- data/docs/resources/passwd.md.erb +24 -39
- data/docs/resources/pip.md.erb +20 -35
- data/docs/resources/port.md.erb +43 -57
- data/docs/resources/postgres_conf.md.erb +17 -31
- data/docs/resources/postgres_hba_conf.md.erb +26 -38
- data/docs/resources/postgres_ident_conf.md.erb +25 -37
- data/docs/resources/postgres_session.md.erb +15 -29
- data/docs/resources/powershell.md.erb +27 -42
- data/docs/resources/processes.md.erb +17 -33
- data/docs/resources/rabbitmq_config.md.erb +9 -24
- data/docs/resources/registry_key.md.erb +27 -42
- data/docs/resources/runit_service.md.erb +5 -25
- data/docs/resources/security_policy.md.erb +12 -27
- data/docs/resources/service.md.erb +27 -42
- data/docs/resources/shadow.md.erb +20 -35
- data/docs/resources/ssh_config.md.erb +19 -34
- data/docs/resources/sshd_config.md.erb +19 -34
- data/docs/resources/ssl.md.erb +39 -54
- data/docs/resources/sys_info.md.erb +12 -26
- data/docs/resources/systemd_service.md.erb +5 -25
- data/docs/resources/sysv_service.md.erb +5 -25
- data/docs/resources/upstart_service.md.erb +5 -25
- data/docs/resources/user.md.erb +29 -44
- data/docs/resources/users.md.erb +12 -26
- data/docs/resources/vbscript.md.erb +9 -24
- data/docs/resources/virtualization.md.erb +8 -23
- data/docs/resources/windows_feature.md.erb +15 -30
- data/docs/resources/windows_hotfix.md.erb +15 -9
- data/docs/resources/windows_task.md.erb +12 -26
- data/docs/resources/wmi.md.erb +9 -24
- data/docs/resources/x509_certificate.md.erb +4 -0
- data/docs/resources/xinetd_conf.md.erb +65 -80
- data/docs/resources/xml.md.erb +12 -26
- data/docs/resources/yaml.md.erb +12 -27
- data/docs/resources/yum.md.erb +37 -51
- data/docs/resources/zfs_dataset.md.erb +15 -26
- data/docs/resources/zfs_pool.md.erb +9 -20
- data/lib/inspec/backend.rb +8 -0
- data/lib/inspec/profile.rb +9 -1
- data/lib/inspec/shell.rb +13 -13
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +2 -0
- data/lib/resources/etc_hosts.rb +1 -1
- data/lib/resources/host.rb +4 -1
- data/lib/resources/http.rb +173 -23
- data/lib/resources/processes.rb +106 -20
- data/lib/resources/ssh_conf.rb +1 -1
- data/lib/resources/ssl.rb +4 -3
- data/lib/utils/object_traversal.rb +35 -10
- metadata +2 -2
@@ -6,6 +6,8 @@ title: About the kernel_parameter Resource
|
|
6
6
|
|
7
7
|
Use the `kernel_parameter` InSpec audit resource to test kernel parameters on Linux platforms.
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
A `kernel_parameter` resource block declares a parameter and then a value to be tested:
|
@@ -19,35 +21,7 @@ where
|
|
19
21
|
* `'kernel.parameter'` must specify a kernel parameter, such as `'net.ipv4.conf.all.forwarding'`
|
20
22
|
* `{ should eq 0 }` states the value to be tested
|
21
23
|
|
22
|
-
|
23
|
-
|
24
|
-
This InSpec audit resource has the following matchers:
|
25
|
-
|
26
|
-
### be
|
27
|
-
|
28
|
-
<%= partial "/shared/matcher_be" %>
|
29
|
-
|
30
|
-
### cmp
|
31
|
-
|
32
|
-
<%= partial "/shared/matcher_cmp" %>
|
33
|
-
|
34
|
-
### eq
|
35
|
-
|
36
|
-
<%= partial "/shared/matcher_eq" %>
|
37
|
-
|
38
|
-
### include
|
39
|
-
|
40
|
-
<%= partial "/shared/matcher_include" %>
|
41
|
-
|
42
|
-
### match
|
43
|
-
|
44
|
-
<%= partial "/shared/matcher_match" %>
|
45
|
-
|
46
|
-
### value
|
47
|
-
|
48
|
-
The `value` matcher tests the value assigned to the named IP address versus the value declared in the test:
|
49
|
-
|
50
|
-
its('value') { should eq 0 }
|
24
|
+
<br>
|
51
25
|
|
52
26
|
## Examples
|
53
27
|
|
@@ -70,3 +44,15 @@ The following examples show how to use this InSpec audit resource.
|
|
70
44
|
describe kernel_parameter('net.ipv6.conf.interface.accept_redirects') do
|
71
45
|
its('value') { should eq 'true' }
|
72
46
|
end
|
47
|
+
|
48
|
+
<br>
|
49
|
+
|
50
|
+
## Matchers
|
51
|
+
|
52
|
+
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
53
|
+
|
54
|
+
### value
|
55
|
+
|
56
|
+
The `value` matcher tests the value assigned to the named IP address versus the value declared in the test:
|
57
|
+
|
58
|
+
its('value') { should eq 0 }
|
@@ -8,6 +8,7 @@ Use the `key_rsa` InSpec audit resource to test RSA public/private keypairs.
|
|
8
8
|
|
9
9
|
This resource is mainly useful when used in conjunction with the x509_certificate resource but it can also be used for checking SSH keys.
|
10
10
|
|
11
|
+
<br>
|
11
12
|
|
12
13
|
## Syntax
|
13
14
|
|
@@ -26,6 +27,8 @@ You can use an optional passphrase with `key_rsa`
|
|
26
27
|
it { should be_private }
|
27
28
|
end
|
28
29
|
|
30
|
+
<br>
|
31
|
+
|
29
32
|
## Supported Properties
|
30
33
|
|
31
34
|
### public?
|
@@ -6,6 +6,8 @@ title: About the launchd_service Resource
|
|
6
6
|
|
7
7
|
Use the ``launchd_service`` InSpec audit resource to test a service using Launchd.
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
A ``launchd_service`` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
|
@@ -29,13 +31,11 @@ The path to the service manager's control may be specified for situations where
|
|
29
31
|
it { should be_running }
|
30
32
|
end
|
31
33
|
|
32
|
-
|
33
|
-
|
34
|
-
This InSpec audit resource has the following matchers:
|
34
|
+
<br>
|
35
35
|
|
36
|
-
|
36
|
+
## Matchers
|
37
37
|
|
38
|
-
|
38
|
+
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
39
39
|
|
40
40
|
### be_enabled
|
41
41
|
|
@@ -54,23 +54,3 @@ The `be_installed` matcher tests if the named service is installed:
|
|
54
54
|
The `be_running` matcher tests if the named service is running:
|
55
55
|
|
56
56
|
it { should be_running }
|
57
|
-
|
58
|
-
### cmp
|
59
|
-
|
60
|
-
<%= partial "/shared/matcher_cmp" %>
|
61
|
-
|
62
|
-
### eq
|
63
|
-
|
64
|
-
<%= partial "/shared/matcher_eq" %>
|
65
|
-
|
66
|
-
### include
|
67
|
-
|
68
|
-
<%= partial "/shared/matcher_include" %>
|
69
|
-
|
70
|
-
### match
|
71
|
-
|
72
|
-
<%= partial "/shared/matcher_match" %>
|
73
|
-
|
74
|
-
## Examples
|
75
|
-
|
76
|
-
None.
|
@@ -17,6 +17,8 @@ Entries in the `limits.conf` file are similar to:
|
|
17
17
|
^^^^^^^^^ ^^^^ ^^^^^^ ^^^^^
|
18
18
|
domain type item value
|
19
19
|
|
20
|
+
<br>
|
21
|
+
|
20
22
|
## Syntax
|
21
23
|
|
22
24
|
A `limits_conf` resource block declares a domain to be tested, along with associated type, item, and value:
|
@@ -34,17 +36,24 @@ where
|
|
34
36
|
* `'item'` is the item for which limits are defined, such as `core`, `nofile`, `stack`, `nproc`, `priority`, or `maxlogins`
|
35
37
|
* `'value'` is the value associated with the `item`
|
36
38
|
|
37
|
-
|
39
|
+
<br>
|
38
40
|
|
39
|
-
|
41
|
+
## Examples
|
40
42
|
|
41
|
-
|
43
|
+
The following examples show how to use this InSpec audit resource.
|
42
44
|
|
43
|
-
|
45
|
+
### Test limits
|
44
46
|
|
45
|
-
|
47
|
+
describe limits_conf('path') do
|
48
|
+
its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
|
49
|
+
its('ftp') { should eq ['hard', 'nproc', '0'] }
|
50
|
+
end
|
51
|
+
|
52
|
+
<br>
|
53
|
+
|
54
|
+
## Matchers
|
46
55
|
|
47
|
-
|
56
|
+
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
48
57
|
|
49
58
|
### domain
|
50
59
|
|
@@ -55,26 +64,3 @@ The `domain` matcher tests the domain in the `limits.conf` file, along with asso
|
|
55
64
|
For example:
|
56
65
|
|
57
66
|
its('grantmc') { should include ['hard', 'nofile', '63536'] }
|
58
|
-
|
59
|
-
### eq
|
60
|
-
|
61
|
-
<%= partial "/shared/matcher_eq" %>
|
62
|
-
|
63
|
-
### include
|
64
|
-
|
65
|
-
<%= partial "/shared/matcher_include" %>
|
66
|
-
|
67
|
-
### match
|
68
|
-
|
69
|
-
<%= partial "/shared/matcher_match" %>
|
70
|
-
|
71
|
-
## Examples
|
72
|
-
|
73
|
-
The following examples show how to use this InSpec audit resource.
|
74
|
-
|
75
|
-
### Test limits
|
76
|
-
|
77
|
-
describe limits_conf('path') do
|
78
|
-
its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
|
79
|
-
its('ftp') { should eq ['hard', 'nproc', '0'] }
|
80
|
-
end
|
@@ -6,6 +6,8 @@ title: About the login_defs Resource
|
|
6
6
|
|
7
7
|
Use the `login_defs` InSpec audit resource to test configuration settings in the `/etc/login.defs` file. The `logins.defs` file defines site-specific configuration for the shadow password suite on Linux and Unix platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
A `login_defs` resource block declares the `login.defs` configuration data to be tested:
|
@@ -19,36 +21,7 @@ where
|
|
19
21
|
* `name` is a configuration setting in `login.defs`
|
20
22
|
* `{ should include('foo') }` tests the value of `name` as read from `login.defs` versus the value declared in the test
|
21
23
|
|
22
|
-
|
23
|
-
## Matchers
|
24
|
-
|
25
|
-
This InSpec audit resource has the following matchers:
|
26
|
-
|
27
|
-
### be
|
28
|
-
|
29
|
-
<%= partial "/shared/matcher_be" %>
|
30
|
-
|
31
|
-
### cmp
|
32
|
-
|
33
|
-
<%= partial "/shared/matcher_cmp" %>
|
34
|
-
|
35
|
-
### eq
|
36
|
-
|
37
|
-
<%= partial "/shared/matcher_eq" %>
|
38
|
-
|
39
|
-
### include
|
40
|
-
|
41
|
-
<%= partial "/shared/matcher_include" %>
|
42
|
-
|
43
|
-
### match
|
44
|
-
|
45
|
-
<%= partial "/shared/matcher_match" %>
|
46
|
-
|
47
|
-
### name
|
48
|
-
|
49
|
-
The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test:
|
50
|
-
|
51
|
-
its('name') { should eq 'foo' }
|
24
|
+
<br>
|
52
25
|
|
53
26
|
## Examples
|
54
27
|
|
@@ -75,3 +48,15 @@ The following examples show how to use this InSpec audit resource.
|
|
75
48
|
its('UMASK') { should eq '077' }
|
76
49
|
its('PASS_MAX_DAYS') { should eq '90' }
|
77
50
|
end
|
51
|
+
|
52
|
+
<br>
|
53
|
+
|
54
|
+
## Matchers
|
55
|
+
|
56
|
+
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
57
|
+
|
58
|
+
### name
|
59
|
+
|
60
|
+
The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test:
|
61
|
+
|
62
|
+
its('name') { should eq 'foo' }
|
data/docs/resources/mount.md.erb
CHANGED
@@ -6,6 +6,8 @@ title: About the mount Resource
|
|
6
6
|
|
7
7
|
Use the `mount` InSpec audit resource to test the mount points on FreeBSD and Linux systems.
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
An `mount` resource block declares the synchronization settings that should be tested:
|
@@ -20,14 +22,26 @@ where
|
|
20
22
|
* `MATCHER` is a valid matcher for this resource
|
21
23
|
* `'value'` is the value to be tested
|
22
24
|
|
25
|
+
<br>
|
23
26
|
|
24
|
-
##
|
27
|
+
## Examples
|
28
|
+
|
29
|
+
The following examples show how to use this InSpec audit resource.
|
30
|
+
|
31
|
+
### Test a the mount point on '/'
|
32
|
+
|
33
|
+
describe mount('/') do
|
34
|
+
it { should be_mounted }
|
35
|
+
its('device') { should eq '/dev/mapper/VolGroup-lv_root' }
|
36
|
+
its('type') { should eq 'ext4' }
|
37
|
+
its('options') { should eq ['rw', 'mode=620'] }
|
38
|
+
end
|
25
39
|
|
26
|
-
|
40
|
+
<br>
|
27
41
|
|
28
|
-
|
42
|
+
## Matchers
|
29
43
|
|
30
|
-
|
44
|
+
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
31
45
|
|
32
46
|
### be_mounted
|
33
47
|
|
@@ -35,28 +49,12 @@ The `be_mounted` matcher tests if the file is accessible from the file system:
|
|
35
49
|
|
36
50
|
it { should be_mounted }
|
37
51
|
|
38
|
-
### cmp
|
39
|
-
|
40
|
-
<%= partial "/shared/matcher_cmp" %>
|
41
|
-
|
42
52
|
### device
|
43
53
|
|
44
54
|
The `device` matcher tests the device from the `fstab` table:
|
45
55
|
|
46
56
|
its('device') { should eq '/dev/mapper/VolGroup-lv_root' }
|
47
57
|
|
48
|
-
### eq
|
49
|
-
|
50
|
-
<%= partial "/shared/matcher_eq" %>
|
51
|
-
|
52
|
-
### include
|
53
|
-
|
54
|
-
<%= partial "/shared/matcher_include" %>
|
55
|
-
|
56
|
-
### match
|
57
|
-
|
58
|
-
<%= partial "/shared/matcher_match" %>
|
59
|
-
|
60
58
|
### options
|
61
59
|
|
62
60
|
The `options` matcher tests the mount options for the file system from the `fstab` table:
|
@@ -68,16 +66,3 @@ The `options` matcher tests the mount options for the file system from the `fsta
|
|
68
66
|
The `type` matcher tests the file system type:
|
69
67
|
|
70
68
|
its('type') { should eq 'ext4' }
|
71
|
-
|
72
|
-
## Examples
|
73
|
-
|
74
|
-
The following examples show how to use this InSpec audit resource.
|
75
|
-
|
76
|
-
### Test a the mount point on '/'
|
77
|
-
|
78
|
-
describe mount('/') do
|
79
|
-
it { should be_mounted }
|
80
|
-
its('device') { should eq '/dev/mapper/VolGroup-lv_root' }
|
81
|
-
its('type') { should eq 'ext4' }
|
82
|
-
its('options') { should eq ['rw', 'mode=620'] }
|
83
|
-
end
|
@@ -6,6 +6,8 @@ title: About the mssql_session Resource
|
|
6
6
|
|
7
7
|
Use the `mssql_session` InSpec audit resource to test SQL commands run against a Microsoft SQL database.
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
A `mssql_session` resource block declares the username and password to use for the session, and then the command to be run:
|
@@ -20,18 +22,7 @@ where
|
|
20
22
|
* `query('QUERY')` contains the query to be run
|
21
23
|
* `its('value') { should eq('') }` compares the results of the query against the expected result in the test
|
22
24
|
|
23
|
-
|
24
|
-
|
25
|
-
This InSpec audit resource has the following matchers:
|
26
|
-
|
27
|
-
### cmp
|
28
|
-
|
29
|
-
<%= partial "/shared/matcher_cmp" %>
|
30
|
-
|
31
|
-
### eq
|
32
|
-
|
33
|
-
<%= partial "/shared/matcher_eq" %>
|
34
|
-
|
25
|
+
<br>
|
35
26
|
|
36
27
|
## Examples
|
37
28
|
|
@@ -60,3 +51,9 @@ The following examples show how to use this InSpec audit resource.
|
|
60
51
|
describe sql.query("SELECT SERVERPROPERTY('ProductVersion') as result").row(0).column('result') do
|
61
52
|
its("value") { should cmp > '12.00.4457' }
|
62
53
|
end
|
54
|
+
|
55
|
+
<br>
|
56
|
+
|
57
|
+
## Matchers
|
58
|
+
|
59
|
+
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
@@ -6,6 +6,8 @@ title: About the mysql_conf Resource
|
|
6
6
|
|
7
7
|
Use the `mysql_conf` InSpec audit resource to test the contents of the configuration file for MySQL, typically located at `/etc/mysql/my.cnf` or `/etc/my.cnf`.
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
A `mysql_conf` resource block declares one (or more) settings in the `my.cnf` file, and then compares the setting in the configuration file to the value stated in the test:
|
@@ -31,38 +33,7 @@ where
|
|
31
33
|
* `('path')` is the non-default path to the `my.cnf` file
|
32
34
|
* `should eq 'value'` is the value that is expected
|
33
35
|
|
34
|
-
|
35
|
-
## Matchers
|
36
|
-
|
37
|
-
This InSpec audit resource has the following matchers:
|
38
|
-
|
39
|
-
### be
|
40
|
-
|
41
|
-
<%= partial "/shared/matcher_be" %>
|
42
|
-
|
43
|
-
### cmp
|
44
|
-
|
45
|
-
<%= partial "/shared/matcher_cmp" %>
|
46
|
-
|
47
|
-
### eq
|
48
|
-
|
49
|
-
<%= partial "/shared/matcher_eq" %>
|
50
|
-
|
51
|
-
### include
|
52
|
-
|
53
|
-
<%= partial "/shared/matcher_include" %>
|
54
|
-
|
55
|
-
### match
|
56
|
-
|
57
|
-
<%= partial "/shared/matcher_match" %>
|
58
|
-
|
59
|
-
### setting
|
60
|
-
|
61
|
-
The `setting` matcher tests specific, named settings in the `my.cnf` file:
|
62
|
-
|
63
|
-
its('setting') { should eq 'value' }
|
64
|
-
|
65
|
-
Use a `setting` matcher for each setting to be tested.
|
36
|
+
<br>
|
66
37
|
|
67
38
|
## Examples
|
68
39
|
|
@@ -111,3 +82,17 @@ The following examples show how to use this InSpec audit resource.
|
|
111
82
|
describe mysql_conf.params('mysqld') do
|
112
83
|
its('safe-user-create') { should eq('1') }
|
113
84
|
end
|
85
|
+
|
86
|
+
<br>
|
87
|
+
|
88
|
+
## Matchers
|
89
|
+
|
90
|
+
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
91
|
+
|
92
|
+
### setting
|
93
|
+
|
94
|
+
The `setting` matcher tests specific, named settings in the `my.cnf` file:
|
95
|
+
|
96
|
+
its('setting') { should eq 'value' }
|
97
|
+
|
98
|
+
Use a `setting` matcher for each setting to be tested.
|
@@ -6,6 +6,8 @@ title: About the mysql_session Resource
|
|
6
6
|
|
7
7
|
Use the `mysql_session` InSpec audit resource to test SQL commands run against a MySQL database.
|
8
8
|
|
9
|
+
<br>
|
10
|
+
|
9
11
|
## Syntax
|
10
12
|
|
11
13
|
A `mysql_session` resource block declares the username and password to use for the session, and then the command to be run:
|
@@ -20,35 +22,7 @@ where
|
|
20
22
|
* `query('QUERY')` contains the query to be run
|
21
23
|
* `its('output') { should eq('') }` compares the results of the query against the expected result in the test
|
22
24
|
|
23
|
-
|
24
|
-
|
25
|
-
This InSpec audit resource has the following matchers:
|
26
|
-
|
27
|
-
### be
|
28
|
-
|
29
|
-
<%= partial "/shared/matcher_be" %>
|
30
|
-
|
31
|
-
### cmp
|
32
|
-
|
33
|
-
<%= partial "/shared/matcher_cmp" %>
|
34
|
-
|
35
|
-
### eq
|
36
|
-
|
37
|
-
<%= partial "/shared/matcher_eq" %>
|
38
|
-
|
39
|
-
### include
|
40
|
-
|
41
|
-
<%= partial "/shared/matcher_include" %>
|
42
|
-
|
43
|
-
### match
|
44
|
-
|
45
|
-
<%= partial "/shared/matcher_match" %>
|
46
|
-
|
47
|
-
### output
|
48
|
-
|
49
|
-
The `output` matcher tests the results of the query:
|
50
|
-
|
51
|
-
its('output') { should eq(/^0/) }
|
25
|
+
<br>
|
52
26
|
|
53
27
|
## Examples
|
54
28
|
|
@@ -73,3 +47,15 @@ The following examples show how to use this InSpec audit resource.
|
|
73
47
|
### Alternate Connection: Using a socket
|
74
48
|
|
75
49
|
sql = mysql_session('my_user','password', nil, nil, '/var/lib/mysql-default/mysqld.sock')
|
50
|
+
|
51
|
+
<br>
|
52
|
+
|
53
|
+
## Matchers
|
54
|
+
|
55
|
+
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
56
|
+
|
57
|
+
### output
|
58
|
+
|
59
|
+
The `output` matcher tests the results of the query:
|
60
|
+
|
61
|
+
its('output') { should eq(/^0/) }
|