inspec 1.51.0 → 1.51.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (111) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +29 -15
  3. data/README.md +1 -1
  4. data/docs/glossary.md +99 -0
  5. data/docs/resources/aide_conf.md.erb +16 -9
  6. data/docs/resources/apache.md.erb +66 -0
  7. data/docs/resources/apache_conf.md.erb +11 -5
  8. data/docs/resources/apt.md.erb +1 -1
  9. data/docs/resources/audit_policy.md.erb +1 -1
  10. data/docs/resources/auditd_conf.md.erb +12 -9
  11. data/docs/resources/bash.md.erb +24 -12
  12. data/docs/resources/bond.md.erb +26 -24
  13. data/docs/resources/bridge.md.erb +18 -11
  14. data/docs/resources/bsd_service.md.erb +11 -2
  15. data/docs/resources/command.md.erb +30 -29
  16. data/docs/resources/cpan.md.erb +33 -17
  17. data/docs/resources/cran.md.erb +26 -17
  18. data/docs/resources/crontab.md.erb +18 -1
  19. data/docs/resources/csv.md.erb +13 -7
  20. data/docs/resources/{dh_params.md → dh_params.md.erb} +30 -6
  21. data/docs/resources/directory.md.erb +9 -4
  22. data/docs/resources/docker.md.erb +1 -1
  23. data/docs/resources/docker_container.md.erb +32 -26
  24. data/docs/resources/docker_image.md.erb +29 -26
  25. data/docs/resources/docker_service.md.erb +37 -31
  26. data/docs/resources/elasticsearch.md.erb +18 -32
  27. data/docs/resources/etc_fstab.md.erb +19 -15
  28. data/docs/resources/etc_group.md.erb +13 -39
  29. data/docs/resources/etc_hosts.md.erb +12 -5
  30. data/docs/resources/etc_hosts_allow.md.erb +9 -4
  31. data/docs/resources/etc_hosts_deny.md.erb +12 -7
  32. data/docs/resources/file.md.erb +139 -134
  33. data/docs/resources/filesystem.md.erb +5 -4
  34. data/docs/resources/firewalld.md.erb +1 -1
  35. data/docs/resources/gem.md.erb +2 -2
  36. data/docs/resources/group.md.erb +1 -1
  37. data/docs/resources/host.md.erb +1 -1
  38. data/docs/resources/iis_app.md.erb +1 -1
  39. data/docs/resources/iis_site.md.erb +1 -1
  40. data/docs/resources/interface.md.erb +1 -1
  41. data/docs/resources/iptables.md.erb +1 -1
  42. data/docs/resources/json.md.erb +1 -1
  43. data/docs/resources/kernel_module.md.erb +1 -1
  44. data/docs/resources/kernel_parameter.md.erb +1 -1
  45. data/docs/resources/launchd_service.md.erb +1 -1
  46. data/docs/resources/limits_conf.md.erb +1 -1
  47. data/docs/resources/login_def.md.erb +1 -1
  48. data/docs/resources/mount.md.erb +1 -1
  49. data/docs/resources/mysql_conf.md.erb +1 -1
  50. data/docs/resources/nginx_conf.md.erb +1 -1
  51. data/docs/resources/npm.md.erb +1 -1
  52. data/docs/resources/oneget.md.erb +1 -1
  53. data/docs/resources/os.md.erb +1 -1
  54. data/docs/resources/os_env.md.erb +2 -2
  55. data/docs/resources/package.md.erb +1 -1
  56. data/docs/resources/packages.md.erb +66 -0
  57. data/docs/resources/parse_config.md.erb +1 -1
  58. data/docs/resources/parse_config_file.md.erb +1 -1
  59. data/docs/resources/passwd.md.erb +1 -1
  60. data/docs/resources/pip.md.erb +1 -1
  61. data/docs/resources/port.md.erb +1 -1
  62. data/docs/resources/postgres_conf.md.erb +1 -1
  63. data/docs/resources/postgres_session.md.erb +1 -1
  64. data/docs/resources/powershell.md.erb +2 -2
  65. data/docs/resources/processes.md.erb +1 -1
  66. data/docs/resources/registry_key.md.erb +1 -1
  67. data/docs/resources/runit_service.md.erb +1 -1
  68. data/docs/resources/security_policy.md.erb +1 -1
  69. data/docs/resources/service.md.erb +1 -1
  70. data/docs/resources/shadow.md.erb +1 -1
  71. data/docs/resources/ssh_config.md.erb +1 -1
  72. data/docs/resources/sshd_config.md.erb +1 -1
  73. data/docs/resources/ssl.md.erb +1 -1
  74. data/docs/resources/sys_info.md.erb +1 -1
  75. data/docs/resources/systemd_service.md.erb +1 -1
  76. data/docs/resources/sysv_service.md.erb +1 -1
  77. data/docs/resources/upstart_service.md.erb +1 -1
  78. data/docs/resources/user.md.erb +1 -1
  79. data/docs/resources/users.md.erb +1 -1
  80. data/docs/resources/windows_feature.md.erb +1 -1
  81. data/docs/resources/windows_hotfix.md.erb +1 -1
  82. data/docs/resources/xinetd_conf.md.erb +1 -1
  83. data/docs/resources/xml.md.erb +1 -1
  84. data/docs/resources/yaml.md.erb +1 -1
  85. data/docs/resources/yum.md.erb +1 -1
  86. data/lib/inspec.rb +2 -1
  87. data/lib/inspec/base_cli.rb +98 -18
  88. data/lib/inspec/cli.rb +33 -21
  89. data/lib/inspec/formatters.rb +3 -0
  90. data/lib/inspec/formatters/base.rb +208 -0
  91. data/lib/inspec/formatters/json_rspec.rb +20 -0
  92. data/lib/inspec/formatters/show_progress.rb +12 -0
  93. data/lib/inspec/objects.rb +1 -0
  94. data/lib/inspec/objects/describe.rb +92 -0
  95. data/lib/inspec/reporters.rb +33 -0
  96. data/lib/inspec/reporters/base.rb +23 -0
  97. data/lib/inspec/reporters/cli.rb +395 -0
  98. data/lib/inspec/reporters/json.rb +132 -0
  99. data/lib/inspec/reporters/json_min.rb +44 -0
  100. data/lib/inspec/reporters/junit.rb +77 -0
  101. data/lib/inspec/runner.rb +14 -1
  102. data/lib/inspec/runner_rspec.rb +34 -14
  103. data/lib/inspec/schema.rb +1 -0
  104. data/lib/inspec/shell.rb +0 -1
  105. data/lib/inspec/version.rb +1 -1
  106. data/lib/resources/apache.rb +20 -0
  107. data/lib/resources/apache_conf.rb +33 -8
  108. data/lib/resources/audit_policy.rb +1 -1
  109. data/lib/resources/packages.rb +4 -3
  110. metadata +17 -4
  111. data/lib/inspec/rspec_json_formatter.rb +0 -940
@@ -23,10 +23,34 @@ where
23
23
 
24
24
  <br>
25
25
 
26
- ## Examples
26
+ ## Property Examples
27
27
 
28
28
  The following examples show how to use this InSpec audit resource.
29
29
 
30
+ ### content
31
+
32
+ The `content` matcher tests if contents in the file that defines the bonded network interface match the value specified in the test. The values of the `content` matcher are arbitrary.
33
+
34
+ its('content') { should match('value') }
35
+
36
+ ### interfaces
37
+
38
+ The `interfaces` matcher tests if the named secondary interfaces are available.
39
+
40
+ its('interfaces') { should eq ['eth0', 'eth1', ...] }
41
+
42
+ ### mode
43
+
44
+ The `mode` matcher tests the Bonding Mode.
45
+
46
+ its('mode') { should eq 'IEEE 802.3ad Dynamic link aggregation' }
47
+
48
+ ### params
49
+
50
+ The `params` matcher tests arbitrary parameters for the bonded network interface.
51
+
52
+ its('params') { should eq 'value' }
53
+
30
54
  ### Test if eth0 is a secondary interface for bond0
31
55
 
32
56
  describe bond('bond0') do
@@ -49,13 +73,7 @@ The following examples show how to use this InSpec audit resource.
49
73
 
50
74
  ## Matchers
51
75
 
52
- This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
53
-
54
- ### content
55
-
56
- The `content` matcher tests if contents in the file that defines the bonded network interface match the value specified in the test. The values of the `content` matcher are arbitrary:
57
-
58
- its('content') { should match('value') }
76
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
59
77
 
60
78
  ### exist
61
79
 
@@ -69,19 +87,3 @@ The `have_interface` matcher tests if the bonded network interface has one (or m
69
87
 
70
88
  it { should have_interface }
71
89
 
72
- ### interfaces
73
-
74
- The `interfaces` matcher tests if the named secondary interfaces are available:
75
-
76
- its('interfaces') { should eq ['eth0', 'eth1', ...] }
77
-
78
- ### mode
79
- The `mode` matcher tests the Bonding Mode:
80
-
81
- its('mode') { should eq 'IEEE 802.3ad Dynamic link aggregation' }
82
-
83
- ### params
84
-
85
- The `params` matcher tests arbitrary parameters for the bonded network interface:
86
-
87
- its('params') { should eq 'value' }
@@ -6,9 +6,6 @@ title: About the bridge Resource
6
6
 
7
7
  Use the `bridge` InSpec audit resource to test basic network bridge properties, such as name, if an interface is defined, and the associations for any defined interface.
8
8
 
9
- * On Linux platforms, any value in the `/sys/class/net/{interface}/bridge` directory may be tested
10
- * On the Windows platform, the `Get-NetAdapter` cmdlet is associated with the `Get-NetAdapterBinding` cmdlet and returns the `ComponentID ms_bridge` value as a JSON object
11
-
12
9
  <br>
13
10
 
14
11
  ## Syntax
@@ -22,9 +19,26 @@ A `bridge` resource block declares the bridge to be tested and what interface it
22
19
 
23
20
  <br>
24
21
 
22
+ ## Supported Properties
23
+
24
+ * On Linux platforms, any value in the `/sys/class/net/{interface}/bridge` directory may be tested
25
+ * On the Windows platform, the `Get-NetAdapter` cmdlet is associated with the `Get-NetAdapterBinding` cmdlet and returns the `ComponentID ms_bridge` value as a JSON object
26
+
27
+ <br>
28
+
29
+ ## Property Examples
30
+
31
+ ### interfaces
32
+
33
+ The `interfaces` property tests if the named interface is present:
34
+
35
+ its('interfaces') { should eq 'foo' }
36
+ its('interfaces') { should eq 'bar' }
37
+ its('interfaces') { should include('foo') }
38
+
25
39
  ## Matchers
26
40
 
27
- This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
41
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
28
42
 
29
43
  ### exist
30
44
 
@@ -38,10 +52,3 @@ The `have_interface` matcher tests if the named interface is defined for the net
38
52
 
39
53
  it { should have_interface 'eth0' }
40
54
 
41
- ### interfaces
42
-
43
- The `interfaces` matcher tests if the named interface is present:
44
-
45
- its('interfaces') { should eq 'foo' }
46
- its('interfaces') { should eq 'bar' }
47
- its('interfaces') { should include('foo') }
@@ -21,7 +21,11 @@ A `bsd_service` resource block declares the name of a service and then one (or m
21
21
  where
22
22
 
23
23
  * `('service_name')` must specify a service name
24
- * `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
24
+ * `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource.
25
+
26
+ ### Using `bsd_service` resource parameters
27
+
28
+ #### Path
25
29
 
26
30
  The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example:
27
31
 
@@ -33,9 +37,14 @@ The path to the service manager's control may be specified for situations where
33
37
 
34
38
  <br>
35
39
 
40
+ ## Supported Properties
41
+
42
+ All properties available to the `service` resource may be used.
43
+ <br>
44
+
36
45
  ## Matchers
37
46
 
38
- This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
47
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
39
48
 
40
49
  ### be_enabled
41
50
 
@@ -10,31 +10,43 @@ Use the `command` InSpec audit resource to test an arbitrary command that is run
10
10
 
11
11
  ## Syntax
12
12
 
13
- A `command` resource block declares a command to be run, one (or more) expected outputs, and the location to which that output is sent:
13
+ A `command` resource block declares a command to be run, one (or more) expected values, and the location to which that output is sent:
14
14
 
15
15
  describe command('command') do
16
16
  it { should exist }
17
- its('matcher') { should eq 'output' }
17
+ its('property') { should eq 'value' }
18
18
  end
19
19
 
20
20
  where
21
21
 
22
22
  * `'command'` must specify a command to be run
23
- * `'matcher'` is one of `exit_status`, `stderr`, or `stdout`
23
+ * `'property'` is one of `exit_status`, `stderr`, or `stdout`
24
24
  * `'output'` tests the output of the command run on the system versus the output value stated in the test
25
25
 
26
26
  <br>
27
27
 
28
- ## Examples
28
+ ## Property Examples
29
29
 
30
30
  The following examples show how to use this InSpec audit resource.
31
31
 
32
- ### Test for PostgreSQL database running a RC, development, or beta release
32
+ ### exit_status
33
33
 
34
- describe command('psql -V') do
35
- its('stdout') { should eq '/RC/' }
36
- its('stdout') { should_not eq '/DEVEL/' }
37
- its('stdout') { should_not eq '/BETA/' }
34
+ The `exit_status` property tests the exit status for the command:
35
+
36
+ its('exit_status') { should eq 123 }
37
+
38
+ ### stderr
39
+
40
+ The `stderr` property tests results of the command as returned in standard error (stderr):
41
+
42
+ its('stderr') { should eq 'error' }
43
+
44
+ ### stdout
45
+
46
+ The `stdout` property tests results of the command as returned in standard output (stdout). The following example shows matching output using a regular expression:
47
+
48
+ describe command('echo 1') do
49
+ its('stdout') { should match (/[0-9]/) }
38
50
  end
39
51
 
40
52
  ### Test standard output (stdout)
@@ -73,6 +85,14 @@ The following examples show how to use this InSpec audit resource.
73
85
  it { should eq false }
74
86
  end
75
87
 
88
+ ### Test for PostgreSQL database running a RC, development, or beta release
89
+
90
+ describe command('psql -V') do
91
+ its('stdout') { should eq '/RC/' }
92
+ its('stdout') { should_not eq '/DEVEL/' }
93
+ its('stdout') { should_not eq '/BETA/' }
94
+ end
95
+
76
96
  ### Verify NTP
77
97
 
78
98
  The following example shows how to use the `file` audit resource to verify if the `ntp.conf` and `leap-seconds` files are present, and then the `command` resource to verify if NTP is installed and running:
@@ -107,7 +127,7 @@ Wix includes serveral tools -- such as `candle` (preprocesses and compiles sourc
107
127
 
108
128
  ## Matchers
109
129
 
110
- This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
130
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
111
131
 
112
132
  ### exist
113
133
 
@@ -115,22 +135,3 @@ The `exist` matcher tests if a command may be run on the system:
115
135
 
116
136
  it { should exist }
117
137
 
118
- ### exit_status
119
-
120
- The `exit_status` matcher tests the exit status for the command:
121
-
122
- its('exit_status') { should eq 123 }
123
-
124
- ### stderr
125
-
126
- The `stderr` matcher tests results of the command as returned in standard error (stderr):
127
-
128
- its('stderr') { should eq 'error' }
129
-
130
- ### stdout
131
-
132
- The `stdout` matcher tests results of the command as returned in standard output (stdout). The following example shows matching output using a regular expression:
133
-
134
- describe command('echo 1') do
135
- its('stdout') { should match (/[0-9]/) }
136
- end
@@ -6,6 +6,8 @@ title: About the cpan Resource
6
6
 
7
7
  Use the `cpan` InSpec audit resource to test Perl modules that are installed by system packages or the CPAN installer.
8
8
 
9
+ <br>
10
+
9
11
  ## Syntax
10
12
 
11
13
  A `cpan` resource block declares a package and (optionally) a package version:
@@ -19,26 +21,15 @@ where
19
21
  * `'package_name'` is the name of the package, such as `'DBD::Pg'`
20
22
  * `be_installed` tests to see if the package described above is installed
21
23
 
24
+ <br>
22
25
 
23
- ## Matchers
24
-
25
- This InSpec audit resource has the following matchers:
26
-
27
- ### be_installed
28
-
29
- The `be_installed` matcher tests if the named package is installed on the system:
30
-
31
- it { should be_installed }
32
-
33
- ### version
34
-
35
- The `version` matcher tests if the named package version is on the system:
26
+ ## Supported Resource Parameters
36
27
 
37
- its('version') { should eq '1.2.3' }
28
+ This resource uses package names and perl library paths as resource parameters.
38
29
 
39
- ## Examples
30
+ <br>
40
31
 
41
- The following examples show how to use this InSpec audit resource.
32
+ ## Resource Parameter Examples
42
33
 
43
34
  ### Test if DBD::Pg is installed on the system
44
35
 
@@ -55,8 +46,33 @@ The following examples show how to use this InSpec audit resource.
55
46
 
56
47
  ### Test if DBD::Pg is installed within a custom PERL5LIB path on the system
57
48
 
58
- Hint: You can pass multiple path's separated by colon `/path/to/perl5/lib:/usr/share/perl5/vendor_perl/lib/perl5`
49
+ Hint: You can pass multiple paths separated with a colon
50
+ `/path/to/perl5/lib:/usr/share/perl5/vendor_perl/lib/perl5`
59
51
 
60
52
  describe cpan('DBD::Pg', '/home/jdoe/perl5/lib/perl5') do
61
53
  it { should be_installed }
62
54
  end
55
+
56
+ <br>
57
+
58
+ ## Property Examples
59
+
60
+ The following examples show how to use this InSpec audit resource.
61
+
62
+ ### version
63
+
64
+ The `version` property tests if the named package version is on the system:
65
+
66
+ its('version') { should eq '1.2.3' }
67
+
68
+ <br>
69
+
70
+ ## Matchers
71
+
72
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
73
+
74
+ ### be_installed
75
+
76
+ The `be_installed` matcher tests if the named package is installed on the system:
77
+
78
+ it { should be_installed }
@@ -6,6 +6,8 @@ title: About the cran Resource
6
6
 
7
7
  Use the `cran` InSpec audit resource to test R modules that are installed from CRAN package repository.
8
8
 
9
+ <br>
10
+
9
11
  ## Syntax
10
12
 
11
13
  A `cran` resource block declares a package and (optionally) a package version:
@@ -19,36 +21,43 @@ where
19
21
  * `'package_name'` is the name of the package, such as `'DBI'`
20
22
  * `be_installed` tests to see if the package described above is installed
21
23
 
24
+ <br>
22
25
 
23
- ## Matchers
26
+ ## Resource Parameter Examples
24
27
 
25
- This InSpec audit resource has the following matchers:
28
+ The following examples show how to use this InSpec audit resource.
26
29
 
27
- ### be_installed
30
+ ### Test if DBI is installed on the system
28
31
 
29
- The `be_installed` matcher tests if the named package is installed on the system:
32
+ describe cran('DBI') do
33
+ it { should be_installed }
34
+ end
30
35
 
31
- it { should be_installed }
36
+ ### Test if DBI 0.5.1 is installed on the system
37
+
38
+ describe cran('DBI') do
39
+ it { should be_installed }
40
+ its('version') { should eq '0.5.1' }
41
+ end
42
+
43
+ <br>
44
+
45
+ ## Property Examples
32
46
 
33
47
  ### version
34
48
 
35
- The `version` matcher tests if the named package version is on the system:
49
+ The `version` property tests if the named package version is on the system:
36
50
 
37
51
  its('version') { should eq '1.2.3' }
38
52
 
39
- ## Examples
53
+ <br>
40
54
 
41
- The following examples show how to use this InSpec audit resource.
55
+ ## Matchers
42
56
 
43
- ### Test if DBI is installed on the system
57
+ This InSpec audit resource has the following matchers:
44
58
 
45
- describe cran('DBI') do
46
- it { should be_installed }
47
- end
59
+ ### be_installed
48
60
 
49
- ### Test if DBI 0.5.1 is installed on the system
61
+ The `be_installed` matcher tests if the named package is installed on the system:
50
62
 
51
- describe cran('DBI') do
52
- it { should be_installed }
53
- its('version') { should eq '0.5.1' }
54
- end
63
+ it { should be_installed }
@@ -18,7 +18,7 @@ A `crontab` resource block declares a user (which defaults to the current user,
18
18
 
19
19
  <br>
20
20
 
21
- ## Examples
21
+ ## Resource Parameter Examples
22
22
 
23
23
  The following examples show how to use this InSpec audit resource.
24
24
 
@@ -65,6 +65,23 @@ The following examples show how to use this InSpec audit resource.
65
65
 
66
66
  <br>
67
67
 
68
+ ## Property Examples
69
+
70
+ ### Test a special time string
71
+
72
+ describe crontab do
73
+ its('minutes') { should cmp '0' }
74
+ its('hours') { should cmp '0' }
75
+ its('days') { should cmp '1' }
76
+ its('weekdays') { should cmp '1' }
77
+ its('user') { should include 'username'}
78
+ its('commands') { should include '/some/scheduled/task.sh' }
79
+ end
80
+
81
+ InSpec will automatically interpret crontab-supported special time strings. For example, a crontab entry set to run `@yearly` can be tested as if the entry was manually configured to run on January 1, 12 AM.
82
+
83
+ <br>
84
+
68
85
  ## Matchers
69
86
 
70
87
  For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -13,7 +13,7 @@ Use the `csv` InSpec audit resource to test configuration data in a CSV file.
13
13
  A `csv` resource block declares the configuration data to be tested:
14
14
 
15
15
  describe csv('file') do
16
- its('name') { should eq 'foo' }
16
+ its('name') { should cmp 'foo' }
17
17
  end
18
18
 
19
19
  where
@@ -24,7 +24,7 @@ where
24
24
 
25
25
  <br>
26
26
 
27
- ## Examples
27
+ ## Resource Parameter Examples
28
28
 
29
29
  The following examples show how to use this InSpec audit resource.
30
30
 
@@ -36,12 +36,18 @@ The following examples show how to use this InSpec audit resource.
36
36
 
37
37
  <br>
38
38
 
39
- ## Matchers
40
-
41
- This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
39
+ ## Property Examples
42
40
 
43
41
  ### name
44
42
 
45
- The `name` matcher tests the value of `name` as read from a CSV file versus the value declared in the test:
43
+ The `name` property tests the value of `name` as read from a CSV file compared to the value declared in the test.
44
+
45
+ its('name') { should cmp 'foo' }
46
+
47
+ <br>
48
+
49
+ ## Matchers
50
+
51
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
52
+
46
53
 
47
- its('name') { should eq 'foo' }