inspec 1.43.5 → 1.43.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +23 -16
- data/docs/resources/docker.md.erb +1 -1
- data/docs/resources/shadow.md.erb +1 -6
- data/lib/bundles/inspec-compliance/api/login.rb +2 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/service.rb +1 -1
- data/lib/utils/parser.rb +19 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2547e56cb83568acdb210c14ff571d28220d7f6f
|
|
4
|
+
data.tar.gz: 0ad635b3cb99c3728b0deb137df108f1608a9c50
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5eb0cb325ab1c2284da9d72b01f05429c6e09716e5b6bab351949481f592221e580f69fba6b63bd27ee304f0c619e85c910e0092fb60a252b89886d84cd56fac
|
|
7
|
+
data.tar.gz: 9b05c484bb430bbcbbf6711baddaf3e48c8ab02971b173284ee2420a43874306db503049ceac71b5a96e15a17c9ece5d19cc993072c61d88f695a9fb626b34e3
|
data/CHANGELOG.md
CHANGED
|
@@ -1,29 +1,37 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
|
3
|
-
<!-- latest_release 1.43.
|
|
4
|
-
## [v1.43.
|
|
3
|
+
<!-- latest_release 1.43.8 -->
|
|
4
|
+
## [v1.43.8](https://github.com/chef/inspec/tree/v1.43.8) (2017-11-02)
|
|
5
5
|
|
|
6
|
-
####
|
|
7
|
-
-
|
|
6
|
+
#### Bug Fixes
|
|
7
|
+
- service resource: properly search for SysV Init S files [#2274](https://github.com/chef/inspec/pull/2274) ([Wing924](https://github.com/Wing924))
|
|
8
8
|
<!-- latest_release -->
|
|
9
9
|
|
|
10
|
-
<!-- release_rollup since=1.
|
|
11
|
-
### Changes since 1.
|
|
12
|
-
|
|
13
|
-
#### Enhancements
|
|
14
|
-
- Add Chef Automate support to `inspec compliance login` [#2203](https://github.com/chef/inspec/pull/2203) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.43.5 -->
|
|
15
|
-
- Include ref when writing out inspec control objects [#2259](https://github.com/chef/inspec/pull/2259) ([arlimus](https://github.com/arlimus)) <!-- 1.43.2 -->
|
|
10
|
+
<!-- release_rollup since=1.43.5 -->
|
|
11
|
+
### Changes since 1.43.5 release
|
|
16
12
|
|
|
17
13
|
#### Bug Fixes
|
|
18
|
-
-
|
|
14
|
+
- service resource: properly search for SysV Init S files [#2274](https://github.com/chef/inspec/pull/2274) ([Wing924](https://github.com/Wing924)) <!-- 1.43.8 -->
|
|
15
|
+
- mount resource: fix for Device-/Sharenames and Mountpoints including … [#2257](https://github.com/chef/inspec/pull/2257) ([mgrobelin](https://github.com/mgrobelin)) <!-- 1.43.7 -->
|
|
16
|
+
- inspec compliance login: Ensure supplied server has a proper URI scheme [#2268](https://github.com/chef/inspec/pull/2268) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.43.6 -->
|
|
17
|
+
<!-- release_rollup -->
|
|
18
|
+
|
|
19
|
+
<!-- latest_stable_release -->
|
|
20
|
+
## [v1.43.5](https://github.com/chef/inspec/tree/v1.43.5) (2017-10-26)
|
|
19
21
|
|
|
20
22
|
#### New Resources
|
|
21
|
-
-
|
|
22
|
-
- cpan resource: check for Perl module installation [#2254](https://github.com/chef/inspec/pull/2254) ([mgrobelin](https://github.com/mgrobelin))
|
|
23
|
-
-
|
|
24
|
-
|
|
23
|
+
- new resource: elasticsearch resource, test cluster/node state [#2261](https://github.com/chef/inspec/pull/2261) ([adamleff](https://github.com/adamleff))
|
|
24
|
+
- cpan resource: check for Perl module installation [#2254](https://github.com/chef/inspec/pull/2254) ([mgrobelin](https://github.com/mgrobelin))
|
|
25
|
+
- cran resource: check for R module installation [#2255](https://github.com/chef/inspec/pull/2255) ([mgrobelin](https://github.com/mgrobelin))
|
|
26
|
+
|
|
27
|
+
#### Enhancements
|
|
28
|
+
- Include ref when writing out inspec control objects [#2259](https://github.com/chef/inspec/pull/2259) ([arlimus](https://github.com/arlimus))
|
|
29
|
+
- Add Chef Automate support to `inspec compliance login` [#2203](https://github.com/chef/inspec/pull/2203) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
25
30
|
|
|
31
|
+
#### Bug Fixes
|
|
32
|
+
- Fix regression when uploading compliance profiles [#2264](https://github.com/chef/inspec/pull/2264) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
26
33
|
<!-- latest_stable_release -->
|
|
34
|
+
|
|
27
35
|
## [v1.42.3](https://github.com/chef/inspec/tree/v1.42.3) (2017-10-19)
|
|
28
36
|
|
|
29
37
|
#### Enhancements
|
|
@@ -45,7 +53,6 @@
|
|
|
45
53
|
- Update the profile tempate [#2238](https://github.com/chef/inspec/pull/2238) ([nathenharvey](https://github.com/nathenharvey))
|
|
46
54
|
- Fix documentation of `split` matcher [#2240](https://github.com/chef/inspec/pull/2240) ([eramoto](https://github.com/eramoto))
|
|
47
55
|
- Squashed some unit test warnings [#2242](https://github.com/chef/inspec/pull/2242) ([username-is-already-taken2](https://github.com/username-is-already-taken2))
|
|
48
|
-
<!-- latest_stable_release -->
|
|
49
56
|
|
|
50
57
|
## [v1.41.0](https://github.com/chef/inspec/tree/v1.41.0) (2017-10-09)
|
|
51
58
|
|
|
@@ -18,7 +18,7 @@ A `docker` resource block declares allows you to write test for many containers:
|
|
|
18
18
|
|
|
19
19
|
or:
|
|
20
20
|
|
|
21
|
-
describe docker.containers.where {
|
|
21
|
+
describe docker.containers.where { names == 'flamboyant_colden' } do
|
|
22
22
|
it { should be_running }
|
|
23
23
|
end
|
|
24
24
|
|
|
@@ -124,15 +124,10 @@ The `min_days` matcher tests the minimum number of days a password must exist, b
|
|
|
124
124
|
|
|
125
125
|
### passwords
|
|
126
126
|
|
|
127
|
-
The `passwords` matcher
|
|
128
|
-
|
|
129
|
-
* Encrypted
|
|
130
|
-
* Have direct logins disabled, as indicated by an asterisk (`*`)
|
|
131
|
-
* In the `/etc/shadow` file, as indicated by the letter x (`x`)
|
|
127
|
+
The `passwords` matcher returns the encrypted password string from the shadow file. The returned string may not be an encrypted password, but rather a `*` or similar which indicates that direct logins are not allowed.
|
|
132
128
|
|
|
133
129
|
For example:
|
|
134
130
|
|
|
135
|
-
its('passwords') { should eq ['x'] }
|
|
136
131
|
its('passwords') { should cmp '*' }
|
|
137
132
|
|
|
138
133
|
### users
|
|
@@ -11,6 +11,8 @@ module Compliance
|
|
|
11
11
|
def login(options)
|
|
12
12
|
raise ArgumentError, 'Please specify a server using `inspec compliance login https://SERVER`' unless options['server']
|
|
13
13
|
|
|
14
|
+
options['server'] = URI("https://#{options['server']}").to_s if URI(options['server']).scheme.nil?
|
|
15
|
+
|
|
14
16
|
options['server_type'] = Compliance::API.determine_server_type(options['server'], options['insecure'])
|
|
15
17
|
|
|
16
18
|
case options['server_type']
|
data/lib/inspec/version.rb
CHANGED
data/lib/resources/service.rb
CHANGED
|
@@ -397,7 +397,7 @@ module Inspec::Resources
|
|
|
397
397
|
# read all enabled services from runlevel
|
|
398
398
|
# on rhel via: 'chkconfig --list', is not installed by default
|
|
399
399
|
# bash: for i in `find /etc/rc*.d -name S*`; do basename $i | sed -r 's/^S[0-9]+//'; done | sort | uniq
|
|
400
|
-
enabled_services_cmd = inspec.command('find /etc/rc*.d /etc/init.d/rc*.d -name S*').stdout
|
|
400
|
+
enabled_services_cmd = inspec.command('find /etc/rc*.d /etc/init.d/rc*.d -name "S*"').stdout
|
|
401
401
|
service_line = %r{rc(?<runlevel>[0-6])\.d/S[^/]*?#{Regexp.escape service_name}$}
|
|
402
402
|
all_services = enabled_services_cmd.split("\n").map { |line|
|
|
403
403
|
service_line.match(line)
|
data/lib/utils/parser.rb
CHANGED
|
@@ -67,7 +67,19 @@ module LinuxMountParser
|
|
|
67
67
|
# this parses the output of mount command (only tested on linux)
|
|
68
68
|
# this method expects only one line of the mount output
|
|
69
69
|
def parse_mount_options(mount_line, compatibility = false)
|
|
70
|
-
|
|
70
|
+
if includes_whitespaces?(mount_line)
|
|
71
|
+
# Device-/Sharenames and Mountpoints including whitespaces require special treatment:
|
|
72
|
+
# We use the keyword ' type ' to split up and rebuild the desired array of fields
|
|
73
|
+
type_split = mount_line.split(' type ')
|
|
74
|
+
fs_path = type_split[0]
|
|
75
|
+
other_opts = type_split[1]
|
|
76
|
+
fs, path = fs_path.match(%r{^(.+?)\son\s(/.+?)$}).captures
|
|
77
|
+
mount = [fs, 'on', path, 'type']
|
|
78
|
+
mount.concat(other_opts.scan(/\S+/))
|
|
79
|
+
else
|
|
80
|
+
# ... otherwise we just split the fields by whitespaces
|
|
81
|
+
mount = mount_line.scan(/\S+/)
|
|
82
|
+
end
|
|
71
83
|
|
|
72
84
|
# parse device and type
|
|
73
85
|
mount_options = { device: mount[0], type: mount[4] }
|
|
@@ -92,6 +104,12 @@ module LinuxMountParser
|
|
|
92
104
|
|
|
93
105
|
mount_options
|
|
94
106
|
end
|
|
107
|
+
|
|
108
|
+
# Device-/Sharename or Mountpoint includes whitespaces?
|
|
109
|
+
def includes_whitespaces?(mount_line)
|
|
110
|
+
ws = mount_line.match(/^(.+)\son\s(.+)\stype\s.*$/)
|
|
111
|
+
ws.captures[0].include?(' ') or ws.captures[1].include?(' ')
|
|
112
|
+
end
|
|
95
113
|
end
|
|
96
114
|
|
|
97
115
|
module BsdMountParser
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.43.
|
|
4
|
+
version: 1.43.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dominik Richter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-11-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: train
|