inspec 1.51.0 → 1.51.6

data/docs/resources/etc_fstab.md.erb

@@ -4,7 +4,7 @@ title: About the etc_fstab Resource
 
 # etc_fstab
 
-Use the `etc_fstab` InSpec audit resource to test information about all partitions and storage devices on a system.
+Use the `etc_fstab` InSpec audit resource to test information about all partitions and storage devices on a Linux system.
 
 <br>
 
@@ -13,7 +13,7 @@ Use the `etc_fstab` InSpec audit resource to test information about all partitio
 An etc_fstab rule specifies a device name, its mount point, its mount type, the options its mounted with,
 its dump options, and the order the files system should be checked.
 
-Use the where clause to match a property to one or more rules in the fstab file.
+Use the where clause to match a property to one or more rules in the fstab file:
 
     describe etc_fstab.where { device_name == 'value' } do
       its('mount_point') { should cmp 'hostname' }
@@ -23,7 +23,7 @@ Use the where clause to match a property to one or more rules in the fstab file.
       its('file_system_options') { should cmp 'list' }
     end
 
-Use the optional constructor parameter to give an alternative path to fstab file
+Use the optional constructor parameter to give an alternative path to fstab file:
 
     describe etc_fstab(hosts_path).where { device_name == 'value' } do
       its('mount_point') { should cmp 'hostname' }
@@ -33,7 +33,9 @@ Use the optional constructor parameter to give an alternative path to fstab file
       its('file_system_options') { should cmp 'list ' }
     end
 
-where
+<br>
+
+## Supported Resource Properties
 
 * `device_name` is the name associated with the device.
 * `mount_point` is the directory at which the filesystem is configured to be mounted.
@@ -42,7 +44,9 @@ where
 * `dump_options` is a number used by dump to decide if a file system should be backed up.
 * `file_system_options` is a number that specifies the order the file system should be checked.
 
-## Property Examples and Return Types
+<br>
+
+## Property Examples
 
 ### device_name
 
@@ -60,7 +64,7 @@ where
       its('mount_point') { should cmp '/mnt/sr0' }
     end
 
-### file_system_type
+### file\_system_type
 
 `file_system_type` returns a String array of each partitions file system type.
 
@@ -92,13 +96,7 @@ where
       its('file_system_options') { should cmp 0 }
     end
 
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec resource.
-
-### Check all partitions that have type of 'nfs'.
+### Check all partitions that have type of 'nfs'
 
     nfs_systems = etc_fstab.nfs_file_systems.entries
     nfs_systems.each do |partition|
@@ -107,14 +105,20 @@ The following examples show how to use this InSpec resource.
       end
     end
 
-### Check the partition mounted at /home contains 'nosuid' in its mount_options.
+### Check the partition mounted at /home contains 'nosuid' in its mount_options
 
     describe etc_fstab do
       its('home_mount_options') { should include 'nosuid' }
     end
 
-### Check if a partition is mounted at a point.
+### Check if a partition is mounted at a point
 
     describe etc_fstab.where { mount_point == '/home' } do
       it { should be_configured }
     end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/etc_group.md.erb

@@ -4,7 +4,7 @@ title: About the etc_group Resource
 
 # etc_group
 
-Use the `etc_group` InSpec audit resource to test groups that are defined on Linux and Unix platforms. The `/etc/group` file stores details about each group---group name, password, group identifier, along with a comma-separate list of users that belong to the group.
+Use the `etc_group` InSpec audit resource to test groups that are defined on Linux and Unix platforms. The `/etc/group` file stores details about each group: group name, password, group identifier, along with a comma-separate list of users that belong to the group.
 
 <br>
 
@@ -13,7 +13,7 @@ Use the `etc_group` InSpec audit resource to test groups that are defined on Lin
 A `etc_group` resource block declares a collection of properties to be tested:
 
     describe etc_group('path') do
-      its('matcher') { should eq 'some_value' }
+      its('property') { should eq 'some_value' }
     end
 
 or:
@@ -27,11 +27,18 @@ or:
 where
 
 * `('path')` is the non-default path to the `inetd.conf` file
-* `.where()` may specify a specific item and value, to which the matchers are compared
-* `'gids'`, `'groups'`, and `'users'` are valid matchers for this resource
+* `.where()` filters for a specific item and value, to which the parameter are compared
+* `.where` filter may be one or more of:
+    * `name: 'name'`, `group_name: 'group_name'`, `password: 'password'`, `gid: 'gid'`, `group_id: 'gid'`, `users: 'user_name'`, `members: 'member_name'`
+<br>
+
+## Supported Resource parameters
 
+* `'gids'`, `'groups'`, and `'users'` are valid resource parameters for this resource.
 
-## Examples
+<br>
+
+## Resource Parameter Examples
 
 The following examples show how to use this InSpec audit resource.
 
@@ -63,38 +70,5 @@ The following examples show how to use this InSpec audit resource.
 
 ## Matchers
 
-This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### gids
-
-The `gids` matcher tests if the named group identifier is present or if it contains duplicates:
-
-    its('gids') { should_not contain_duplicates }
-
-### groups
-
-The `groups` matcher tests all groups for the named user:
-
-    its('groups') { should include 'my_group' }
-
-### users
-
-The `users` matcher tests all groups for the named user:
-
-    its('users') { should include 'my_user' }
-
-### where
-
-The `where` matcher allows the test to be focused to one (or more) specific items:
-
-    etc_group.where(item: 'value', item: 'value')
-
-where `item` may be one (or more) of:
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). 
 
-* `name: 'name'`
-* `group_name: 'group_name'`
-* `password: 'password'`
-* `gid: 'gid'`
-* `group_id: 'gid'`
-* `users: 'user_name'`
-* `members: 'member_name'`

data/docs/resources/etc_hosts.md.erb

@@ -5,6 +5,9 @@ title: About the etc_hosts Resource
 # etc_hosts
 
 Use the `etc_hosts` InSpec audit resource to test rules set to match IP addresses with hostnames.
+
+<br>
+
 ## Syntax
 
 An etc/hosts rule specifies an IP address and what its hostname is along with optional aliases it can have.
@@ -13,14 +16,14 @@ An etc/hosts rule specifies an IP address and what its hostname is along with op
 
 ## Syntax
 
-Use the where clause to match a property to one or more rules in the hosts file.
+Use the `.where` clause to match a property to one or more rules in the hosts file:
 
     describe etc_hosts.where { ip_address == 'value' } do
       its('primary_name') { should cmp 'hostname' }
       its('all_host_names') { should cmp 'list' }
     end
 
-Use the optional constructor parameter to give an alternative path to hosts file
+Use the optional resource parameter to give an alternative path to the hosts file:
 
     describe etc_hosts('path/to/hosts').where { ip_address == 'value' } do
       its('primary_name') { should cmp 'hostname' }
@@ -35,13 +38,13 @@ where
 
 <br>
 
-## Supported Properties
+## Supported Resource Properties
 
     'ip_address', 'primary_name', 'all_host_names'
 
 <br>
 
-## Property Examples and Return Types
+## Property Examples
 
 ### ip_address
 
@@ -59,10 +62,14 @@ where
       its('primary_name') { should cmp 'localhost' }
     end
 
-### all_host_names
+### all\_host_names
 
 `all_host_names` returns a two dimensional string array where each entry has the primary_name first followed by any aliases.
 
     describe etc_hosts.where { ip_address == '127.0.1.154' } do
       its('all_host_names') { should eq [['localhost', 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4'],  ['localhost', 'localhost.localdomain', 'localhost6', 'localhost6.localdomain6']] }
     end
+
+## Matchers
+
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). 

data/docs/resources/etc_hosts_allow.md.erb

@@ -4,14 +4,13 @@ title: About the etc_hosts_allow Resource
 
 # etc\_hosts\_allow
 
-Use the `etc_hosts_allow` InSpec audit resource to test rules set to accept daemon and client traffic set in /etc/hosts.allow file.
+Use the `etc_hosts_allow` InSpec audit resource to test rules defined for accepting daemon and client traffic in the `'/etc/hosts.allow'` file.
 
 <br>
 
 ## Syntax
 
-An etc/hosts.allow rule specifies one or more daemons mapped to one or more clients,
-with zero or more options to use to accept traffic when found.
+An etc/hosts.allow rule specifies one or more daemons mapped to one or more clients, with zero or more options to for accepting traffic when found.
 
 Use the where clause to match a property to one or more rules in the hosts.allow file.
 
@@ -41,7 +40,7 @@ where
 
 <br>
 
-## Property Examples and Return Types
+## Property Examples
 
 ### daemon
 
@@ -66,3 +65,9 @@ where
     describe etc_hosts_allow.where { daemon == 'sshd' } do
       its('options') { should include ['deny', 'echo "REJECTED"'] }
     end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/etc_hosts_deny.md.erb

@@ -4,23 +4,22 @@ title: About the etc_hosts_deny Resource
 
 # etc\_hosts\_deny
 
-Use the `etc_hosts_deny` InSpec audit resource to test rules set to reject daemon and client traffic set in /etc/hosts.deny.
+Use the `etc_hosts_deny` InSpec audit resource to test rules for rejecting daemon and client traffic defined in /etc/hosts.deny.
 
 <br>
 
 ## Syntax
 
-An etc/hosts.deny rule specifies one or more daemons mapped to one or more clients,
-with zero or more options to use to reject traffic when found.
+An etc/hosts.deny rule specifies one or more daemons mapped to one or more clients, with zero or more options for rejecting traffic when found.
 
-Use the where clause to match a property to one or more rules in the hosts.deny file.
+Use the where clause to match a property to one or more rules in the hosts.deny file:
 
     describe etc_hosts_deny.where { daemon == 'value' } do
       its ('client_list') { should include ['values'] }
       its ('options') { should include ['values'] }
     end
 
-Use the optional constructor parameter to give an alternative path to hosts.deny
+Use the optional constructor parameter to give an alternative path to hosts.deny:
 
     describe etc_hosts_deny(hosts_path).where { daemon == 'value' } do
       its ('client_list') { should include ['values'] }
@@ -35,13 +34,13 @@ where
 
 <br>
 
-## Supported Properties
+## Supported Resource Properties
 
     'daemon', 'client_list', 'options'
 
 <br>
 
-## Property Examples and Return Types
+## Parameter Examples and Return Types
 
 ### daemon
 
@@ -66,3 +65,9 @@ where
     describe etc_hosts_deny.where { daemon == 'sshd' } do
       its('options') { should include ['deny', 'echo "REJECTED"'] }
     end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/file.md.erb

@@ -10,24 +10,156 @@ Use the `file` InSpec audit resource to test all system file types, including fi
 
 ## Syntax
 
-A `file` resource block declares the location of the file type to be tested, what type that file should be (if required), and then one (or more) matchers:
+A `file` resource block declares the location of the file type to be tested, the expected file type  (if required), and one (or more) resource properties.
 
     describe file('path') do
-      it { should MATCHER 'value' }
+      it { should PROPERTY 'value' }
     end
 
 where
 
-* `('path')` is the name of the file and/or the path to the file
-* `MATCHER` is a valid matcher for this resource
-* `'value'` is the value to be tested
+* `('path')` is the name of the file and/or the path to the file.
+* `PROPERTY` is a valid resource property for this resource'
+* `'value'` is the value to be tested.
 
 <br>
 
-## Examples
+## Supported Resource Properties
+
+### General Resource Properties
+
+content, size, basename, path, owner, group, type 
+
+### Unix/Linux Resource Properties 
+
+symlink, mode, link_path, mtime, size, selinux\_label, md5sum, sha256sum, path, source, source\_path, uid, gid
+
+### Windows Resource Properties
+
+file\_version, product\_version
+
+## Resource Property Examples
+
+### content
+
+The `content` property tests if contents in the file match the value specified in a regular expression. The values of the `content` property are arbitrary and depend on the file type being tested and also the type of information that is expected to be in that file:
+
+    its('content') { should match REGEX }
+
+The following complete example tests the `pg_hba.conf` file in PostgreSQL for MD5 requirements.  The tests look at all `host` and `local` settings in that file, and then compare the MD5 checksums against the values in the test:
+
+    describe file(hba_config_file) do
+      its('content') { should match(%r{local\s.*?all\s.*?all\s.*?md5}) }
+      its('content') { should match(%r{host\s.*?all\s.*?all\s.*?127.0.0.1\/32\s.*?md5}) }
+      its('content') { should match(%r{host\s.*?all\s.*?all\s.*?::1\/128\s.*?md5})
+    end
+
+### file_version
+
+The `file_version` property tests if a Windows file's version matches the specified value. The difference between a file's "file version" and "product version" is that the file version is the version number of the file itself, whereas the product version is the version number associated with the application from which that file originates:
+
+    its('file_version') { should eq '1.2.3' }
+
+### group
+
+The `group` property tests if the group to which a file belongs matches the specified value.
+
+    its('group') { should eq 'admins' }
 
 The following examples show how to use this InSpec audit resource.
 
+### link_path
+
+The `link_path` property tests if the file exists at the specified path. If the file is a symlink,
+InSpec will resolve the symlink and return the ultimate linked file.
+
+    its('link_path') { should eq '/some/path/to/file' }
+
+### md5sum
+
+The `md5sum` property tests if the MD5 checksum for a file matches the specified value.
+
+    its('md5sum') { should eq '3329x3hf9130gjs9jlasf2305mx91s4j' }
+
+### mode
+
+The `mode` property tests if the mode assigned to the file matches the specified value.
+
+    its('mode') { should cmp '0644' }
+
+### mtime
+
+The `mtime` property tests if the file modification time for the file matches the specified value. The mtime, where supported, is returned as the number of seconds since the epoch.
+
+    describe file('/') do
+      its('mtime') { should <= Time.now.to_i }
+      its('mtime') { should >= Time.now.to_i - 1000 }
+    end
+
+### owner
+
+The `owner` property tests if the owner of the file matches the specified value.
+
+    its('owner') { should eq 'root' }
+
+### product_version
+
+The `product_version` property tests if a Windows file's product version matches the specified value. The difference between a file's "file version" and "product version" is that the file version is the version number of the file itself, whereas the product version is the version number associated with the application from which that file originates.
+
+    its('product_version') { should eq 2.3.4 }
+
+### selinux_label
+
+The `selinux_label` property tests if the SELinux label for a file matches the specified value.
+
+    its('selinux_label') { should eq 'system_u:system_r:httpd_t:s0' }
+
+### sha256sum
+
+The `sha256sum` property tests if the SHA-256 checksum for a file matches the specified value.
+
+    its('sha256sum') { should eq 'b837ch38lh19bb8eaopl8jvxwd2e4g58jn9lkho1w3ed9jbkeicalplaad9k0pjn' }
+
+### size
+
+The `size` property tests if a file's size matches, is greater than, or is less than the specified value. For example, equal:
+
+    its('size') { should eq 32375 }
+
+Greater than:
+
+    its('size') { should > 64 }
+
+Less than:
+
+    its('size') { should < 10240 }
+
+### type
+
+The `type` property tests for the file type. The available types are:
+
+* `file`: the object is a file
+* `directory`: the object is a directory
+* `link`: the object is a symbolic link
+* `pipe`: the object is a named pipe
+* `socket`: the object is a socket
+* `character_device`: the object is a character device
+* `block_device`: the object is a block device
+* `door`: the object is a door device
+
+The `type` method usually returns the type as a Ruby "symbol". We recommend using the `cmp` matcher to match
+either by symbol or string.
+
+For example:
+
+    its('type') { should eq :file }
+    its('type') { should cmp 'file' }
+
+or:
+
+    its('type') { should eq :socket }
+    its('type') { should cmp 'socket' }
+
 ### Test the contents of a file for MD5 requirements
 
     describe file(hba_config_file) do
@@ -128,11 +260,6 @@ The following examples show how to use this InSpec audit resource.
       its('size') { should be 0 }
     end
 
-### Test that a file is not mounted
-
-    describe file('/proc/cpuinfo') do
-      it { should_not be_mounted }
-    end
 
 ### Test an MD5 checksum
 
@@ -198,7 +325,7 @@ For example, for the following symlink:
 
 ## Matchers
 
-This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). 
 
 ### be\_allowed
 
@@ -278,11 +405,6 @@ The `be_linked_to` matcher tests if the file is linked to the named target:
 
     it { should be_linked_to '/etc/target-file' }
 
-### be_mounted
-
-The `be_mounted` matcher tests if the file is accessible from the file system:
-
-    it { should be_mounted }
 
 ### be\_owned\_by
 
@@ -376,132 +498,15 @@ a user:
 
     it { should be_writable.by_user('user') }
 
-### content
-
-The `content` matcher tests if contents in the file match the value specified in a regular expression. The values of the `content` matcher are arbitrary and depend on the file type being tested and also the type of information that is expected to be in that file:
-
-    its('content') { should match REGEX }
-
-The following complete example tests the `pg_hba.conf` file in PostgreSQL for MD5 requirements.  The tests look at all `host` and `local` settings in that file, and then compare the MD5 checksums against the values in the test:
-
-    describe file(hba_config_file) do
-      its('content') { should match(%r{local\s.*?all\s.*?all\s.*?md5}) }
-      its('content') { should match(%r{host\s.*?all\s.*?all\s.*?127.0.0.1\/32\s.*?md5}) }
-      its('content') { should match(%r{host\s.*?all\s.*?all\s.*?::1\/128\s.*?md5})
-    end
-
 ### exist
 
 The `exist` matcher tests if the named file exists:
 
     it { should exist }
 
-### file_version
-
-The `file_version` matcher tests if the file's version matches the specified value. The difference between a file's "file version" and "product version" is that the file version is the version number of the file itself, whereas the product version is the version number associated with the application from which that file originates:
-
-    its('file_version') { should eq '1.2.3' }
-
-### group
-
-The `group` matcher tests if the group to which a file belongs matches the specified value:
-
-    its('group') { should eq 'admins' }
-
 ### have_mode
 
 The `have_mode` matcher tests if a file has a mode assigned to it:
 
     it { should have_mode }
 
-### link_path
-
-The `link_path` matcher tests if the file exists at the specified path. If the file is a symlink,
-InSpec will resolve the symlink and return the ultimate linked file:
-
-    its('link_path') { should eq '/some/path/to/file' }
-
-### md5sum
-
-The `md5sum` matcher tests if the MD5 checksum for a file matches the specified value:
-
-    its('md5sum') { should eq '3329x3hf9130gjs9jlasf2305mx91s4j' }
-
-### mode
-
-The `mode` matcher tests if the mode assigned to the file matches the specified value:
-
-    its('mode') { should cmp '0644' }
-
-### mtime
-
-The `mtime` matcher tests if the file modification time for the file matches the specified value. The mtime, where supported, is returned as the number of seconds since the epoch.
-
-    describe file('/') do
-      its('mtime') { should <= Time.now.to_i }
-      its('mtime') { should >= Time.now.to_i - 1000 }
-    end
-
-### owner
-
-The `owner` matcher tests if the owner of the file matches the specified value:
-
-    its('owner') { should eq 'root' }
-
-### product_version
-
-The `product_version` matcher tests if the file's product version matches the specified value. The difference between a file's "file version" and "product version" is that the file version is the version number of the file itself, whereas the product version is the version number associated with the application from which that file originates:
-
-    its('product_version') { should eq 2.3.4 }
-
-### selinux_label
-
-The `selinux_label` matcher tests if the SELinux label for a file matches the specified value:
-
-    its('selinux_label') { should eq 'system_u:system_r:httpd_t:s0' }
-
-### sha256sum
-
-The `sha256sum` matcher tests if the SHA-256 checksum for a file matches the specified value:
-
-    its('sha256sum') { should eq 'b837ch38lh19bb8eaopl8jvxwd2e4g58jn9lkho1w3ed9jbkeicalplaad9k0pjn' }
-
-### size
-
-The `size` matcher tests if a file's size matches, is greater than, or is less than the specified value. For example, equal:
-
-    its('size') { should eq 32375 }
-
-Greater than:
-
-    its('size') { should > 64 }
-
-Less than:
-
-    its('size') { should < 10240 }
-
-### type
-
-The `type` matcher tests for the file type. The available types are:
-
-* `file`: the object is a file
-* `directory`: the object is a directory
-* `link`: the object is a symbolic link
-* `pipe`: the object is a named pipe
-* `socket`: the object is a socket
-* `character_device`: the object is a character device
-* `block_device`: the object is a block device
-* `door`: the object is a door device
-
-The `type` method usually returns the type as a Ruby "symbol". We recommend using the `cmp` matcher to match
-either by symbol or string.
-
-For example:
-
-    its('type') { should eq :file }
-    its('type') { should cmp 'file' }
-
-or:
-
-    its('type') { should eq :socket }
-    its('type') { should cmp 'socket' }