inspec 1.40.0 → 1.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (114) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +30 -9
  3. data/docs/matchers.md +18 -0
  4. data/docs/plugin_kitchen_inspec.md +18 -24
  5. data/docs/profiles.md +39 -2
  6. data/docs/resources/aide_conf.md.erb +18 -28
  7. data/docs/resources/apache_conf.md.erb +19 -33
  8. data/docs/resources/apt.md.erb +22 -36
  9. data/docs/resources/audit_policy.md.erb +9 -24
  10. data/docs/resources/auditd.md.erb +9 -24
  11. data/docs/resources/auditd_conf.md.erb +20 -34
  12. data/docs/resources/auditd_rules.md.erb +8 -24
  13. data/docs/resources/bash.md.erb +4 -26
  14. data/docs/resources/bond.md.erb +25 -40
  15. data/docs/resources/bridge.md.erb +5 -25
  16. data/docs/resources/bsd_service.md.erb +5 -25
  17. data/docs/resources/command.md.erb +35 -50
  18. data/docs/resources/crontab.md.erb +9 -23
  19. data/docs/resources/csv.md.erb +12 -27
  20. data/docs/resources/dh_params.md +1 -0
  21. data/docs/resources/directory.md.erb +5 -25
  22. data/docs/resources/docker.md.erb +60 -57
  23. data/docs/resources/docker_container.md.erb +23 -19
  24. data/docs/resources/docker_image.md.erb +20 -16
  25. data/docs/resources/etc_fstab.md.erb +5 -2
  26. data/docs/resources/etc_group.md.erb +29 -45
  27. data/docs/resources/etc_hosts.md.erb +6 -0
  28. data/docs/resources/etc_hosts_allow.md.erb +6 -2
  29. data/docs/resources/etc_hosts_deny.md.erb +6 -2
  30. data/docs/resources/file.md.erb +198 -212
  31. data/docs/resources/firewalld.md.erb +7 -1
  32. data/docs/resources/gem.md.erb +21 -35
  33. data/docs/resources/group.md.erb +16 -30
  34. data/docs/resources/grub_conf.md.erb +9 -24
  35. data/docs/resources/host.md.erb +32 -49
  36. data/docs/resources/http.md.erb +38 -44
  37. data/docs/resources/iis_app.md.erb +25 -35
  38. data/docs/resources/iis_site.md.erb +26 -40
  39. data/docs/resources/inetd_conf.md.erb +27 -42
  40. data/docs/resources/ini.md.erb +9 -23
  41. data/docs/resources/interface.md.erb +5 -25
  42. data/docs/resources/iptables.md.erb +15 -29
  43. data/docs/resources/json.md.erb +12 -27
  44. data/docs/resources/kernel_module.md.erb +47 -61
  45. data/docs/resources/kernel_parameter.md.erb +15 -29
  46. data/docs/resources/key_rsa.md.erb +3 -0
  47. data/docs/resources/launchd_service.md.erb +5 -25
  48. data/docs/resources/limits_conf.md.erb +15 -29
  49. data/docs/resources/login_def.md.erb +15 -30
  50. data/docs/resources/mount.md.erb +18 -33
  51. data/docs/resources/mssql_session.md.erb +9 -12
  52. data/docs/resources/mysql_conf.md.erb +17 -32
  53. data/docs/resources/mysql_session.md.erb +15 -29
  54. data/docs/resources/nginx.md.erb +6 -0
  55. data/docs/resources/nginx_conf.md.erb +25 -20
  56. data/docs/resources/npm.md.erb +19 -35
  57. data/docs/resources/ntp_conf.md.erb +20 -37
  58. data/docs/resources/oneget.md.erb +15 -30
  59. data/docs/resources/oracledb_session.md.erb +9 -11
  60. data/docs/resources/os.md.erb +29 -43
  61. data/docs/resources/os_env.md.erb +29 -44
  62. data/docs/resources/package.md.erb +33 -42
  63. data/docs/resources/parse_config.md.erb +5 -25
  64. data/docs/resources/parse_config_file.md.erb +31 -43
  65. data/docs/resources/passwd.md.erb +24 -39
  66. data/docs/resources/pip.md.erb +20 -35
  67. data/docs/resources/port.md.erb +43 -57
  68. data/docs/resources/postgres_conf.md.erb +17 -31
  69. data/docs/resources/postgres_hba_conf.md.erb +26 -38
  70. data/docs/resources/postgres_ident_conf.md.erb +25 -37
  71. data/docs/resources/postgres_session.md.erb +15 -29
  72. data/docs/resources/powershell.md.erb +27 -42
  73. data/docs/resources/processes.md.erb +17 -33
  74. data/docs/resources/rabbitmq_config.md.erb +9 -24
  75. data/docs/resources/registry_key.md.erb +27 -42
  76. data/docs/resources/runit_service.md.erb +5 -25
  77. data/docs/resources/security_policy.md.erb +12 -27
  78. data/docs/resources/service.md.erb +27 -42
  79. data/docs/resources/shadow.md.erb +20 -35
  80. data/docs/resources/ssh_config.md.erb +19 -34
  81. data/docs/resources/sshd_config.md.erb +19 -34
  82. data/docs/resources/ssl.md.erb +39 -54
  83. data/docs/resources/sys_info.md.erb +12 -26
  84. data/docs/resources/systemd_service.md.erb +5 -25
  85. data/docs/resources/sysv_service.md.erb +5 -25
  86. data/docs/resources/upstart_service.md.erb +5 -25
  87. data/docs/resources/user.md.erb +29 -44
  88. data/docs/resources/users.md.erb +12 -26
  89. data/docs/resources/vbscript.md.erb +9 -24
  90. data/docs/resources/virtualization.md.erb +8 -23
  91. data/docs/resources/windows_feature.md.erb +15 -30
  92. data/docs/resources/windows_hotfix.md.erb +15 -9
  93. data/docs/resources/windows_task.md.erb +12 -26
  94. data/docs/resources/wmi.md.erb +9 -24
  95. data/docs/resources/x509_certificate.md.erb +4 -0
  96. data/docs/resources/xinetd_conf.md.erb +65 -80
  97. data/docs/resources/xml.md.erb +12 -26
  98. data/docs/resources/yaml.md.erb +12 -27
  99. data/docs/resources/yum.md.erb +37 -51
  100. data/docs/resources/zfs_dataset.md.erb +15 -26
  101. data/docs/resources/zfs_pool.md.erb +9 -20
  102. data/lib/inspec/backend.rb +8 -0
  103. data/lib/inspec/profile.rb +9 -1
  104. data/lib/inspec/shell.rb +13 -13
  105. data/lib/inspec/version.rb +1 -1
  106. data/lib/matchers/matchers.rb +2 -0
  107. data/lib/resources/etc_hosts.rb +1 -1
  108. data/lib/resources/host.rb +4 -1
  109. data/lib/resources/http.rb +173 -23
  110. data/lib/resources/processes.rb +106 -20
  111. data/lib/resources/ssh_conf.rb +1 -1
  112. data/lib/resources/ssl.rb +4 -3
  113. data/lib/utils/object_traversal.rb +35 -10
  114. metadata +2 -2
@@ -6,6 +6,8 @@ title: About the kernel_parameter Resource
6
6
 
7
7
  Use the `kernel_parameter` InSpec audit resource to test kernel parameters on Linux platforms.
8
8
 
9
+ <br>
10
+
9
11
  ## Syntax
10
12
 
11
13
  A `kernel_parameter` resource block declares a parameter and then a value to be tested:
@@ -19,35 +21,7 @@ where
19
21
  * `'kernel.parameter'` must specify a kernel parameter, such as `'net.ipv4.conf.all.forwarding'`
20
22
  * `{ should eq 0 }` states the value to be tested
21
23
 
22
- ## Matchers
23
-
24
- This InSpec audit resource has the following matchers:
25
-
26
- ### be
27
-
28
- <%= partial "/shared/matcher_be" %>
29
-
30
- ### cmp
31
-
32
- <%= partial "/shared/matcher_cmp" %>
33
-
34
- ### eq
35
-
36
- <%= partial "/shared/matcher_eq" %>
37
-
38
- ### include
39
-
40
- <%= partial "/shared/matcher_include" %>
41
-
42
- ### match
43
-
44
- <%= partial "/shared/matcher_match" %>
45
-
46
- ### value
47
-
48
- The `value` matcher tests the value assigned to the named IP address versus the value declared in the test:
49
-
50
- its('value') { should eq 0 }
24
+ <br>
51
25
 
52
26
  ## Examples
53
27
 
@@ -70,3 +44,15 @@ The following examples show how to use this InSpec audit resource.
70
44
  describe kernel_parameter('net.ipv6.conf.interface.accept_redirects') do
71
45
  its('value') { should eq 'true' }
72
46
  end
47
+
48
+ <br>
49
+
50
+ ## Matchers
51
+
52
+ This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
53
+
54
+ ### value
55
+
56
+ The `value` matcher tests the value assigned to the named IP address versus the value declared in the test:
57
+
58
+ its('value') { should eq 0 }
@@ -8,6 +8,7 @@ Use the `key_rsa` InSpec audit resource to test RSA public/private keypairs.
8
8
 
9
9
  This resource is mainly useful when used in conjunction with the x509_certificate resource but it can also be used for checking SSH keys.
10
10
 
11
+ <br>
11
12
 
12
13
  ## Syntax
13
14
 
@@ -26,6 +27,8 @@ You can use an optional passphrase with `key_rsa`
26
27
  it { should be_private }
27
28
  end
28
29
 
30
+ <br>
31
+
29
32
  ## Supported Properties
30
33
 
31
34
  ### public?
@@ -6,6 +6,8 @@ title: About the launchd_service Resource
6
6
 
7
7
  Use the ``launchd_service`` InSpec audit resource to test a service using Launchd.
8
8
 
9
+ <br>
10
+
9
11
  ## Syntax
10
12
 
11
13
  A ``launchd_service`` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
@@ -29,13 +31,11 @@ The path to the service manager's control may be specified for situations where
29
31
  it { should be_running }
30
32
  end
31
33
 
32
- ## Matchers
33
-
34
- This InSpec audit resource has the following matchers:
34
+ <br>
35
35
 
36
- ### be
36
+ ## Matchers
37
37
 
38
- <%= partial "/shared/matcher_be" %>
38
+ This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
39
39
 
40
40
  ### be_enabled
41
41
 
@@ -54,23 +54,3 @@ The `be_installed` matcher tests if the named service is installed:
54
54
  The `be_running` matcher tests if the named service is running:
55
55
 
56
56
  it { should be_running }
57
-
58
- ### cmp
59
-
60
- <%= partial "/shared/matcher_cmp" %>
61
-
62
- ### eq
63
-
64
- <%= partial "/shared/matcher_eq" %>
65
-
66
- ### include
67
-
68
- <%= partial "/shared/matcher_include" %>
69
-
70
- ### match
71
-
72
- <%= partial "/shared/matcher_match" %>
73
-
74
- ## Examples
75
-
76
- None.
@@ -17,6 +17,8 @@ Entries in the `limits.conf` file are similar to:
17
17
  ^^^^^^^^^ ^^^^ ^^^^^^ ^^^^^
18
18
  domain type item value
19
19
 
20
+ <br>
21
+
20
22
  ## Syntax
21
23
 
22
24
  A `limits_conf` resource block declares a domain to be tested, along with associated type, item, and value:
@@ -34,17 +36,24 @@ where
34
36
  * `'item'` is the item for which limits are defined, such as `core`, `nofile`, `stack`, `nproc`, `priority`, or `maxlogins`
35
37
  * `'value'` is the value associated with the `item`
36
38
 
37
- ## Matchers
39
+ <br>
38
40
 
39
- This InSpec audit resource has the following matchers:
41
+ ## Examples
40
42
 
41
- ### be
43
+ The following examples show how to use this InSpec audit resource.
42
44
 
43
- <%= partial "/shared/matcher_be" %>
45
+ ### Test limits
44
46
 
45
- ### cmp
47
+ describe limits_conf('path') do
48
+ its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
49
+ its('ftp') { should eq ['hard', 'nproc', '0'] }
50
+ end
51
+
52
+ <br>
53
+
54
+ ## Matchers
46
55
 
47
- <%= partial "/shared/matcher_cmp" %>
56
+ This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
48
57
 
49
58
  ### domain
50
59
 
@@ -55,26 +64,3 @@ The `domain` matcher tests the domain in the `limits.conf` file, along with asso
55
64
  For example:
56
65
 
57
66
  its('grantmc') { should include ['hard', 'nofile', '63536'] }
58
-
59
- ### eq
60
-
61
- <%= partial "/shared/matcher_eq" %>
62
-
63
- ### include
64
-
65
- <%= partial "/shared/matcher_include" %>
66
-
67
- ### match
68
-
69
- <%= partial "/shared/matcher_match" %>
70
-
71
- ## Examples
72
-
73
- The following examples show how to use this InSpec audit resource.
74
-
75
- ### Test limits
76
-
77
- describe limits_conf('path') do
78
- its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
79
- its('ftp') { should eq ['hard', 'nproc', '0'] }
80
- end
@@ -6,6 +6,8 @@ title: About the login_defs Resource
6
6
 
7
7
  Use the `login_defs` InSpec audit resource to test configuration settings in the `/etc/login.defs` file. The `logins.defs` file defines site-specific configuration for the shadow password suite on Linux and Unix platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.
8
8
 
9
+ <br>
10
+
9
11
  ## Syntax
10
12
 
11
13
  A `login_defs` resource block declares the `login.defs` configuration data to be tested:
@@ -19,36 +21,7 @@ where
19
21
  * `name` is a configuration setting in `login.defs`
20
22
  * `{ should include('foo') }` tests the value of `name` as read from `login.defs` versus the value declared in the test
21
23
 
22
-
23
- ## Matchers
24
-
25
- This InSpec audit resource has the following matchers:
26
-
27
- ### be
28
-
29
- <%= partial "/shared/matcher_be" %>
30
-
31
- ### cmp
32
-
33
- <%= partial "/shared/matcher_cmp" %>
34
-
35
- ### eq
36
-
37
- <%= partial "/shared/matcher_eq" %>
38
-
39
- ### include
40
-
41
- <%= partial "/shared/matcher_include" %>
42
-
43
- ### match
44
-
45
- <%= partial "/shared/matcher_match" %>
46
-
47
- ### name
48
-
49
- The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test:
50
-
51
- its('name') { should eq 'foo' }
24
+ <br>
52
25
 
53
26
  ## Examples
54
27
 
@@ -75,3 +48,15 @@ The following examples show how to use this InSpec audit resource.
75
48
  its('UMASK') { should eq '077' }
76
49
  its('PASS_MAX_DAYS') { should eq '90' }
77
50
  end
51
+
52
+ <br>
53
+
54
+ ## Matchers
55
+
56
+ This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
57
+
58
+ ### name
59
+
60
+ The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test:
61
+
62
+ its('name') { should eq 'foo' }
@@ -6,6 +6,8 @@ title: About the mount Resource
6
6
 
7
7
  Use the `mount` InSpec audit resource to test the mount points on FreeBSD and Linux systems.
8
8
 
9
+ <br>
10
+
9
11
  ## Syntax
10
12
 
11
13
  An `mount` resource block declares the synchronization settings that should be tested:
@@ -20,14 +22,26 @@ where
20
22
  * `MATCHER` is a valid matcher for this resource
21
23
  * `'value'` is the value to be tested
22
24
 
25
+ <br>
23
26
 
24
- ## Matchers
27
+ ## Examples
28
+
29
+ The following examples show how to use this InSpec audit resource.
30
+
31
+ ### Test a the mount point on '/'
32
+
33
+ describe mount('/') do
34
+ it { should be_mounted }
35
+ its('device') { should eq '/dev/mapper/VolGroup-lv_root' }
36
+ its('type') { should eq 'ext4' }
37
+ its('options') { should eq ['rw', 'mode=620'] }
38
+ end
25
39
 
26
- This InSpec audit resource has the following matchers:
40
+ <br>
27
41
 
28
- ### be
42
+ ## Matchers
29
43
 
30
- <%= partial "/shared/matcher_be" %>
44
+ This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
31
45
 
32
46
  ### be_mounted
33
47
 
@@ -35,28 +49,12 @@ The `be_mounted` matcher tests if the file is accessible from the file system:
35
49
 
36
50
  it { should be_mounted }
37
51
 
38
- ### cmp
39
-
40
- <%= partial "/shared/matcher_cmp" %>
41
-
42
52
  ### device
43
53
 
44
54
  The `device` matcher tests the device from the `fstab` table:
45
55
 
46
56
  its('device') { should eq '/dev/mapper/VolGroup-lv_root' }
47
57
 
48
- ### eq
49
-
50
- <%= partial "/shared/matcher_eq" %>
51
-
52
- ### include
53
-
54
- <%= partial "/shared/matcher_include" %>
55
-
56
- ### match
57
-
58
- <%= partial "/shared/matcher_match" %>
59
-
60
58
  ### options
61
59
 
62
60
  The `options` matcher tests the mount options for the file system from the `fstab` table:
@@ -68,16 +66,3 @@ The `options` matcher tests the mount options for the file system from the `fsta
68
66
  The `type` matcher tests the file system type:
69
67
 
70
68
  its('type') { should eq 'ext4' }
71
-
72
- ## Examples
73
-
74
- The following examples show how to use this InSpec audit resource.
75
-
76
- ### Test a the mount point on '/'
77
-
78
- describe mount('/') do
79
- it { should be_mounted }
80
- its('device') { should eq '/dev/mapper/VolGroup-lv_root' }
81
- its('type') { should eq 'ext4' }
82
- its('options') { should eq ['rw', 'mode=620'] }
83
- end
@@ -6,6 +6,8 @@ title: About the mssql_session Resource
6
6
 
7
7
  Use the `mssql_session` InSpec audit resource to test SQL commands run against a Microsoft SQL database.
8
8
 
9
+ <br>
10
+
9
11
  ## Syntax
10
12
 
11
13
  A `mssql_session` resource block declares the username and password to use for the session, and then the command to be run:
@@ -20,18 +22,7 @@ where
20
22
  * `query('QUERY')` contains the query to be run
21
23
  * `its('value') { should eq('') }` compares the results of the query against the expected result in the test
22
24
 
23
- ## Matchers
24
-
25
- This InSpec audit resource has the following matchers:
26
-
27
- ### cmp
28
-
29
- <%= partial "/shared/matcher_cmp" %>
30
-
31
- ### eq
32
-
33
- <%= partial "/shared/matcher_eq" %>
34
-
25
+ <br>
35
26
 
36
27
  ## Examples
37
28
 
@@ -60,3 +51,9 @@ The following examples show how to use this InSpec audit resource.
60
51
  describe sql.query("SELECT SERVERPROPERTY('ProductVersion') as result").row(0).column('result') do
61
52
  its("value") { should cmp > '12.00.4457' }
62
53
  end
54
+
55
+ <br>
56
+
57
+ ## Matchers
58
+
59
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -6,6 +6,8 @@ title: About the mysql_conf Resource
6
6
 
7
7
  Use the `mysql_conf` InSpec audit resource to test the contents of the configuration file for MySQL, typically located at `/etc/mysql/my.cnf` or `/etc/my.cnf`.
8
8
 
9
+ <br>
10
+
9
11
  ## Syntax
10
12
 
11
13
  A `mysql_conf` resource block declares one (or more) settings in the `my.cnf` file, and then compares the setting in the configuration file to the value stated in the test:
@@ -31,38 +33,7 @@ where
31
33
  * `('path')` is the non-default path to the `my.cnf` file
32
34
  * `should eq 'value'` is the value that is expected
33
35
 
34
-
35
- ## Matchers
36
-
37
- This InSpec audit resource has the following matchers:
38
-
39
- ### be
40
-
41
- <%= partial "/shared/matcher_be" %>
42
-
43
- ### cmp
44
-
45
- <%= partial "/shared/matcher_cmp" %>
46
-
47
- ### eq
48
-
49
- <%= partial "/shared/matcher_eq" %>
50
-
51
- ### include
52
-
53
- <%= partial "/shared/matcher_include" %>
54
-
55
- ### match
56
-
57
- <%= partial "/shared/matcher_match" %>
58
-
59
- ### setting
60
-
61
- The `setting` matcher tests specific, named settings in the `my.cnf` file:
62
-
63
- its('setting') { should eq 'value' }
64
-
65
- Use a `setting` matcher for each setting to be tested.
36
+ <br>
66
37
 
67
38
  ## Examples
68
39
 
@@ -111,3 +82,17 @@ The following examples show how to use this InSpec audit resource.
111
82
  describe mysql_conf.params('mysqld') do
112
83
  its('safe-user-create') { should eq('1') }
113
84
  end
85
+
86
+ <br>
87
+
88
+ ## Matchers
89
+
90
+ This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
91
+
92
+ ### setting
93
+
94
+ The `setting` matcher tests specific, named settings in the `my.cnf` file:
95
+
96
+ its('setting') { should eq 'value' }
97
+
98
+ Use a `setting` matcher for each setting to be tested.
@@ -6,6 +6,8 @@ title: About the mysql_session Resource
6
6
 
7
7
  Use the `mysql_session` InSpec audit resource to test SQL commands run against a MySQL database.
8
8
 
9
+ <br>
10
+
9
11
  ## Syntax
10
12
 
11
13
  A `mysql_session` resource block declares the username and password to use for the session, and then the command to be run:
@@ -20,35 +22,7 @@ where
20
22
  * `query('QUERY')` contains the query to be run
21
23
  * `its('output') { should eq('') }` compares the results of the query against the expected result in the test
22
24
 
23
- ## Matchers
24
-
25
- This InSpec audit resource has the following matchers:
26
-
27
- ### be
28
-
29
- <%= partial "/shared/matcher_be" %>
30
-
31
- ### cmp
32
-
33
- <%= partial "/shared/matcher_cmp" %>
34
-
35
- ### eq
36
-
37
- <%= partial "/shared/matcher_eq" %>
38
-
39
- ### include
40
-
41
- <%= partial "/shared/matcher_include" %>
42
-
43
- ### match
44
-
45
- <%= partial "/shared/matcher_match" %>
46
-
47
- ### output
48
-
49
- The `output` matcher tests the results of the query:
50
-
51
- its('output') { should eq(/^0/) }
25
+ <br>
52
26
 
53
27
  ## Examples
54
28
 
@@ -73,3 +47,15 @@ The following examples show how to use this InSpec audit resource.
73
47
  ### Alternate Connection: Using a socket
74
48
 
75
49
  sql = mysql_session('my_user','password', nil, nil, '/var/lib/mysql-default/mysqld.sock')
50
+
51
+ <br>
52
+
53
+ ## Matchers
54
+
55
+ This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
56
+
57
+ ### output
58
+
59
+ The `output` matcher tests the results of the query:
60
+
61
+ its('output') { should eq(/^0/) }