RubyGems - inspec - Versions diffs - 1.40.0 → 1.41.0 - Mend

inspec 1.40.0 → 1.41.0

Files changed (114) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +30 -9
data/docs/matchers.md +18 -0
data/docs/plugin_kitchen_inspec.md +18 -24
data/docs/profiles.md +39 -2
data/docs/resources/aide_conf.md.erb +18 -28
data/docs/resources/apache_conf.md.erb +19 -33
data/docs/resources/apt.md.erb +22 -36
data/docs/resources/audit_policy.md.erb +9 -24
data/docs/resources/auditd.md.erb +9 -24
data/docs/resources/auditd_conf.md.erb +20 -34
data/docs/resources/auditd_rules.md.erb +8 -24
data/docs/resources/bash.md.erb +4 -26
data/docs/resources/bond.md.erb +25 -40
data/docs/resources/bridge.md.erb +5 -25
data/docs/resources/bsd_service.md.erb +5 -25
data/docs/resources/command.md.erb +35 -50
data/docs/resources/crontab.md.erb +9 -23
data/docs/resources/csv.md.erb +12 -27
data/docs/resources/dh_params.md +1 -0
data/docs/resources/directory.md.erb +5 -25
data/docs/resources/docker.md.erb +60 -57
data/docs/resources/docker_container.md.erb +23 -19
data/docs/resources/docker_image.md.erb +20 -16
data/docs/resources/etc_fstab.md.erb +5 -2
data/docs/resources/etc_group.md.erb +29 -45
data/docs/resources/etc_hosts.md.erb +6 -0
data/docs/resources/etc_hosts_allow.md.erb +6 -2
data/docs/resources/etc_hosts_deny.md.erb +6 -2
data/docs/resources/file.md.erb +198 -212
data/docs/resources/firewalld.md.erb +7 -1
data/docs/resources/gem.md.erb +21 -35
data/docs/resources/group.md.erb +16 -30
data/docs/resources/grub_conf.md.erb +9 -24
data/docs/resources/host.md.erb +32 -49
data/docs/resources/http.md.erb +38 -44
data/docs/resources/iis_app.md.erb +25 -35
data/docs/resources/iis_site.md.erb +26 -40
data/docs/resources/inetd_conf.md.erb +27 -42
data/docs/resources/ini.md.erb +9 -23
data/docs/resources/interface.md.erb +5 -25
data/docs/resources/iptables.md.erb +15 -29
data/docs/resources/json.md.erb +12 -27
data/docs/resources/kernel_module.md.erb +47 -61
data/docs/resources/kernel_parameter.md.erb +15 -29
data/docs/resources/key_rsa.md.erb +3 -0
data/docs/resources/launchd_service.md.erb +5 -25
data/docs/resources/limits_conf.md.erb +15 -29
data/docs/resources/login_def.md.erb +15 -30
data/docs/resources/mount.md.erb +18 -33
data/docs/resources/mssql_session.md.erb +9 -12
data/docs/resources/mysql_conf.md.erb +17 -32
data/docs/resources/mysql_session.md.erb +15 -29
data/docs/resources/nginx.md.erb +6 -0
data/docs/resources/nginx_conf.md.erb +25 -20
data/docs/resources/npm.md.erb +19 -35
data/docs/resources/ntp_conf.md.erb +20 -37
data/docs/resources/oneget.md.erb +15 -30
data/docs/resources/oracledb_session.md.erb +9 -11
data/docs/resources/os.md.erb +29 -43
data/docs/resources/os_env.md.erb +29 -44
data/docs/resources/package.md.erb +33 -42
data/docs/resources/parse_config.md.erb +5 -25
data/docs/resources/parse_config_file.md.erb +31 -43
data/docs/resources/passwd.md.erb +24 -39
data/docs/resources/pip.md.erb +20 -35
data/docs/resources/port.md.erb +43 -57
data/docs/resources/postgres_conf.md.erb +17 -31
data/docs/resources/postgres_hba_conf.md.erb +26 -38
data/docs/resources/postgres_ident_conf.md.erb +25 -37
data/docs/resources/postgres_session.md.erb +15 -29
data/docs/resources/powershell.md.erb +27 -42
data/docs/resources/processes.md.erb +17 -33
data/docs/resources/rabbitmq_config.md.erb +9 -24
data/docs/resources/registry_key.md.erb +27 -42
data/docs/resources/runit_service.md.erb +5 -25
data/docs/resources/security_policy.md.erb +12 -27
data/docs/resources/service.md.erb +27 -42
data/docs/resources/shadow.md.erb +20 -35
data/docs/resources/ssh_config.md.erb +19 -34
data/docs/resources/sshd_config.md.erb +19 -34
data/docs/resources/ssl.md.erb +39 -54
data/docs/resources/sys_info.md.erb +12 -26
data/docs/resources/systemd_service.md.erb +5 -25
data/docs/resources/sysv_service.md.erb +5 -25
data/docs/resources/upstart_service.md.erb +5 -25
data/docs/resources/user.md.erb +29 -44
data/docs/resources/users.md.erb +12 -26
data/docs/resources/vbscript.md.erb +9 -24
data/docs/resources/virtualization.md.erb +8 -23
data/docs/resources/windows_feature.md.erb +15 -30
data/docs/resources/windows_hotfix.md.erb +15 -9
data/docs/resources/windows_task.md.erb +12 -26
data/docs/resources/wmi.md.erb +9 -24
data/docs/resources/x509_certificate.md.erb +4 -0
data/docs/resources/xinetd_conf.md.erb +65 -80
data/docs/resources/xml.md.erb +12 -26
data/docs/resources/yaml.md.erb +12 -27
data/docs/resources/yum.md.erb +37 -51
data/docs/resources/zfs_dataset.md.erb +15 -26
data/docs/resources/zfs_pool.md.erb +9 -20
data/lib/inspec/backend.rb +8 -0
data/lib/inspec/profile.rb +9 -1
data/lib/inspec/shell.rb +13 -13
data/lib/inspec/version.rb +1 -1
data/lib/matchers/matchers.rb +2 -0
data/lib/resources/etc_hosts.rb +1 -1
data/lib/resources/host.rb +4 -1
data/lib/resources/http.rb +173 -23
data/lib/resources/processes.rb +106 -20
data/lib/resources/ssh_conf.rb +1 -1
data/lib/resources/ssl.rb +4 -3
data/lib/utils/object_traversal.rb +35 -10
metadata +2 -2

data/docs/resources/kernel_parameter.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the kernel_parameter Resource
 Use the `kernel_parameter` InSpec audit resource to test kernel parameters on Linux platforms.
+<br>
 ## Syntax
 A `kernel_parameter` resource block declares a parameter and then a value to be tested:
@@ -19,35 +21,7 @@ where
 * `'kernel.parameter'` must specify a kernel parameter, such as `'net.ipv4.conf.all.forwarding'`
 * `{ should eq 0 }` states the value to be tested
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### value
-The `value` matcher tests the value assigned to the named IP address versus the value declared in the test:
-    its('value') { should eq 0 }
+<br>
 ## Examples
@@ -70,3 +44,15 @@ The following examples show how to use this InSpec audit resource.
     describe kernel_parameter('net.ipv6.conf.interface.accept_redirects') do
       its('value') { should eq 'true' }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### value
+The `value` matcher tests the value assigned to the named IP address versus the value declared in the test:
+    its('value') { should eq 0 }

data/docs/resources/key_rsa.md.erb CHANGED

@@ -8,6 +8,7 @@ Use the `key_rsa` InSpec audit resource to test RSA public/private keypairs.
 This resource is mainly useful when used in conjunction with the x509_certificate resource but it can also be used for checking SSH keys.
+<br>
 ## Syntax
@@ -26,6 +27,8 @@ You can use an optional passphrase with `key_rsa`
       it { should be_private }
     end
+<br>
 ## Supported Properties
 ### public?

data/docs/resources/launchd_service.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the launchd_service Resource
 Use the ``launchd_service`` InSpec audit resource to test a service using Launchd.
+<br>
 ## Syntax
 A ``launchd_service`` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
@@ -29,13 +31,11 @@ The path to the service manager's control may be specified for situations where
       it { should be_running }
     end
-## Matchers
-This InSpec audit resource has the following matchers:
+<br>
-### be
+## Matchers
-<%= partial "/shared/matcher_be" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### be_enabled
@@ -54,23 +54,3 @@ The `be_installed` matcher tests if the named service is installed:
 The `be_running` matcher tests if the named service is running:
     it { should be_running }
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-## Examples
-None.

data/docs/resources/limits_conf.md.erb CHANGED

@@ -17,6 +17,8 @@ Entries in the `limits.conf` file are similar to:
     ^^^^^^^^^   ^^^^   ^^^^^^   ^^^^^
     domain      type    item    value
+<br>
 ## Syntax
 A `limits_conf` resource block declares a domain to be tested, along with associated type, item, and value:
@@ -34,17 +36,24 @@ where
 * `'item'` is the item for which limits are defined, such as `core`, `nofile`, `stack`, `nproc`, `priority`, or `maxlogins`
 * `'value'` is the value associated with the `item`
-## Matchers
+<br>
-This InSpec audit resource has the following matchers:
+## Examples
-### be
+The following examples show how to use this InSpec audit resource.
-<%= partial "/shared/matcher_be" %>
+### Test limits
-### cmp
+    describe limits_conf('path') do
+      its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
+      its('ftp') { should eq ['hard', 'nproc', '0'] }
+    end
+<br>
+## Matchers
-<%= partial "/shared/matcher_cmp" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### domain
@@ -55,26 +64,3 @@ The `domain` matcher tests the domain in the `limits.conf` file, along with asso
 For example:
     its('grantmc') { should include ['hard', 'nofile', '63536'] }
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Test limits
-    describe limits_conf('path') do
-      its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
-      its('ftp') { should eq ['hard', 'nproc', '0'] }
-    end

data/docs/resources/login_def.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the login_defs Resource
 Use the `login_defs` InSpec audit resource to test configuration settings in the `/etc/login.defs` file. The `logins.defs` file defines site-specific configuration for the shadow password suite on Linux and Unix platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.
+<br>
 ## Syntax
 A `login_defs` resource block declares the `login.defs` configuration data to be tested:
@@ -19,36 +21,7 @@ where
 * `name` is a configuration setting in `login.defs`
 * `{ should include('foo') }` tests the value of `name` as read from `login.defs` versus the value declared in the test
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### name
-The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test:
-    its('name') { should eq 'foo' }
+<br>
 ## Examples
@@ -75,3 +48,15 @@ The following examples show how to use this InSpec audit resource.
       its('UMASK') { should eq '077' }
       its('PASS_MAX_DAYS') { should eq '90' }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### name
+The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test:
+    its('name') { should eq 'foo' }

data/docs/resources/mount.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the mount Resource
 Use the `mount` InSpec audit resource to test the mount points on FreeBSD and Linux systems.
+<br>
 ## Syntax
 An `mount` resource block declares the synchronization settings that should be tested:
@@ -20,14 +22,26 @@ where
 * `MATCHER` is a valid matcher for this resource
 * `'value'` is the value to be tested
+<br>
-## Matchers
+## Examples
+The following examples show how to use this InSpec audit resource.
+### Test a the mount point on '/'
+    describe mount('/') do
+      it { should be_mounted }
+      its('device') { should eq  '/dev/mapper/VolGroup-lv_root' }
+      its('type') { should eq  'ext4' }
+      its('options') { should eq ['rw', 'mode=620'] }
+    end
-This InSpec audit resource has the following matchers:
+<br>
-### be
+## Matchers
-<%= partial "/shared/matcher_be" %>
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 ### be_mounted
@@ -35,28 +49,12 @@ The `be_mounted` matcher tests if the file is accessible from the file system:
     it { should be_mounted }
-### cmp
-<%= partial "/shared/matcher_cmp" %>
 ### device
 The `device` matcher tests the device from the `fstab` table:
     its('device') { should eq  '/dev/mapper/VolGroup-lv_root' }
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
 ### options
 The `options` matcher tests the mount options for the file system from the `fstab` table:
@@ -68,16 +66,3 @@ The `options` matcher tests the mount options for the file system from the `fsta
 The `type` matcher tests the file system type:
     its('type') { should eq  'ext4' }
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Test a the mount point on '/'
-    describe mount('/') do
-      it { should be_mounted }
-      its('device') { should eq  '/dev/mapper/VolGroup-lv_root' }
-      its('type') { should eq  'ext4' }
-      its('options') { should eq ['rw', 'mode=620'] }
-    end

data/docs/resources/mssql_session.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the mssql_session Resource
 Use the `mssql_session` InSpec audit resource to test SQL commands run against a Microsoft SQL database.
+<br>
 ## Syntax
 A `mssql_session` resource block declares the username and password to use for the session, and then the command to be run:
@@ -20,18 +22,7 @@ where
 * `query('QUERY')` contains the query to be run
 * `its('value') { should eq('') }` compares the results of the query against the expected result in the test
-## Matchers
-This InSpec audit resource has the following matchers:
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
+<br>
 ## Examples
@@ -60,3 +51,9 @@ The following examples show how to use this InSpec audit resource.
     describe sql.query("SELECT SERVERPROPERTY('ProductVersion') as result").row(0).column('result') do
       its("value") { should cmp > '12.00.4457' }
     end
+<br>
+## Matchers
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/mysql_conf.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the mysql_conf Resource
 Use the `mysql_conf` InSpec audit resource to test the contents of the configuration file for MySQL, typically located at `/etc/mysql/my.cnf` or `/etc/my.cnf`.
+<br>
 ## Syntax
 A `mysql_conf` resource block declares one (or more) settings in the `my.cnf` file, and then compares the setting in the configuration file to the value stated in the test:
@@ -31,38 +33,7 @@ where
 * `('path')` is the non-default path to the `my.cnf` file
 * `should eq 'value'` is the value that is expected
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### setting
-The `setting` matcher tests specific, named settings in the `my.cnf` file:
-    its('setting') { should eq 'value' }
-Use a `setting` matcher for each setting to be tested.
+<br>
 ## Examples
@@ -111,3 +82,17 @@ The following examples show how to use this InSpec audit resource.
     describe mysql_conf.params('mysqld') do
       its('safe-user-create') { should eq('1') }
     end
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### setting
+The `setting` matcher tests specific, named settings in the `my.cnf` file:
+    its('setting') { should eq 'value' }
+Use a `setting` matcher for each setting to be tested.

data/docs/resources/mysql_session.md.erb CHANGED

@@ -6,6 +6,8 @@ title: About the mysql_session Resource
 Use the `mysql_session` InSpec audit resource to test SQL commands run against a MySQL database.
+<br>
 ## Syntax
 A `mysql_session` resource block declares the username and password to use for the session, and then the command to be run:
@@ -20,35 +22,7 @@ where
 * `query('QUERY')` contains the query to be run
 * `its('output') { should eq('') }` compares the results of the query against the expected result in the test
-## Matchers
-This InSpec audit resource has the following matchers:
-### be
-<%= partial "/shared/matcher_be" %>
-### cmp
-<%= partial "/shared/matcher_cmp" %>
-### eq
-<%= partial "/shared/matcher_eq" %>
-### include
-<%= partial "/shared/matcher_include" %>
-### match
-<%= partial "/shared/matcher_match" %>
-### output
-The `output` matcher tests the results of the query:
-    its('output') { should eq(/^0/) }
+<br>
 ## Examples
@@ -73,3 +47,15 @@ The following examples show how to use this InSpec audit resource.
 ### Alternate Connection: Using a socket
   sql = mysql_session('my_user','password', nil, nil, '/var/lib/mysql-default/mysqld.sock')
+<br>
+## Matchers
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### output
+The `output` matcher tests the results of the query:
+    its('output') { should eq(/^0/) }