inspec 1.51.6 → 1.51.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +2915 -2902
- data/Gemfile +53 -53
- data/LICENSE +14 -14
- data/MAINTAINERS.md +31 -31
- data/MAINTAINERS.toml +47 -47
- data/README.md +419 -419
- data/Rakefile +167 -167
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +40 -40
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +93 -93
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +107 -107
- data/docs/matchers.md +165 -165
- data/docs/migration.md +293 -293
- data/docs/plugin_kitchen_inspec.md +49 -49
- data/docs/profiles.md +370 -370
- data/docs/resources/aide_conf.md.erb +78 -78
- data/docs/resources/apache.md.erb +66 -66
- data/docs/resources/apache_conf.md.erb +67 -67
- data/docs/resources/apt.md.erb +70 -70
- data/docs/resources/audit_policy.md.erb +46 -46
- data/docs/resources/auditd.md.erb +78 -78
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/auditd_rules.md.erb +116 -116
- data/docs/resources/bash.md.erb +74 -74
- data/docs/resources/bond.md.erb +89 -89
- data/docs/resources/bridge.md.erb +54 -54
- data/docs/resources/bsd_service.md.erb +65 -65
- data/docs/resources/command.md.erb +137 -137
- data/docs/resources/cpan.md.erb +77 -77
- data/docs/resources/cran.md.erb +63 -63
- data/docs/resources/crontab.md.erb +87 -87
- data/docs/resources/csv.md.erb +53 -53
- data/docs/resources/dh_params.md.erb +216 -216
- data/docs/resources/directory.md.erb +28 -28
- data/docs/resources/docker.md.erb +163 -163
- data/docs/resources/docker_container.md.erb +99 -99
- data/docs/resources/docker_image.md.erb +93 -93
- data/docs/resources/docker_service.md.erb +113 -113
- data/docs/resources/elasticsearch.md.erb +230 -230
- data/docs/resources/etc_fstab.md.erb +124 -124
- data/docs/resources/etc_group.md.erb +74 -74
- data/docs/resources/etc_hosts.md.erb +75 -75
- data/docs/resources/etc_hosts_allow.md.erb +73 -73
- data/docs/resources/etc_hosts_deny.md.erb +73 -73
- data/docs/resources/file.md.erb +512 -512
- data/docs/resources/filesystem.md.erb +40 -40
- data/docs/resources/firewalld.md.erb +105 -105
- data/docs/resources/gem.md.erb +78 -78
- data/docs/resources/group.md.erb +60 -60
- data/docs/resources/grub_conf.md.erb +101 -100
- data/docs/resources/host.md.erb +77 -77
- data/docs/resources/http.md.erb +104 -98
- data/docs/resources/iis_app.md.erb +120 -116
- data/docs/resources/iis_site.md.erb +132 -128
- data/docs/resources/inetd_conf.md.erb +95 -84
- data/docs/resources/ini.md.erb +72 -69
- data/docs/resources/interface.md.erb +55 -46
- data/docs/resources/iptables.md.erb +63 -63
- data/docs/resources/json.md.erb +61 -61
- data/docs/resources/kernel_module.md.erb +106 -106
- data/docs/resources/kernel_parameter.md.erb +58 -58
- data/docs/resources/key_rsa.md.erb +73 -73
- data/docs/resources/launchd_service.md.erb +56 -56
- data/docs/resources/limits_conf.md.erb +66 -66
- data/docs/resources/login_def.md.erb +62 -62
- data/docs/resources/mount.md.erb +68 -68
- data/docs/resources/mssql_session.md.erb +59 -59
- data/docs/resources/mysql_conf.md.erb +98 -98
- data/docs/resources/mysql_session.md.erb +73 -73
- data/docs/resources/nginx.md.erb +78 -78
- data/docs/resources/nginx_conf.md.erb +127 -127
- data/docs/resources/npm.md.erb +59 -59
- data/docs/resources/ntp_conf.md.erb +59 -59
- data/docs/resources/oneget.md.erb +52 -52
- data/docs/resources/oracledb_session.md.erb +51 -51
- data/docs/resources/os.md.erb +140 -140
- data/docs/resources/os_env.md.erb +77 -77
- data/docs/resources/package.md.erb +119 -119
- data/docs/resources/packages.md.erb +66 -66
- data/docs/resources/parse_config.md.erb +102 -102
- data/docs/resources/parse_config_file.md.erb +137 -137
- data/docs/resources/passwd.md.erb +140 -140
- data/docs/resources/pip.md.erb +66 -66
- data/docs/resources/port.md.erb +136 -136
- data/docs/resources/postgres_conf.md.erb +78 -78
- data/docs/resources/postgres_hba_conf.md.erb +92 -92
- data/docs/resources/postgres_ident_conf.md.erb +75 -75
- data/docs/resources/postgres_session.md.erb +68 -68
- data/docs/resources/powershell.md.erb +101 -101
- data/docs/resources/processes.md.erb +107 -107
- data/docs/resources/rabbitmq_config.md.erb +40 -40
- data/docs/resources/registry_key.md.erb +157 -157
- data/docs/resources/runit_service.md.erb +56 -56
- data/docs/resources/security_policy.md.erb +46 -46
- data/docs/resources/service.md.erb +120 -120
- data/docs/resources/shadow.md.erb +143 -143
- data/docs/resources/ssh_config.md.erb +79 -79
- data/docs/resources/sshd_config.md.erb +82 -82
- data/docs/resources/ssl.md.erb +118 -118
- data/docs/resources/sys_info.md.erb +41 -41
- data/docs/resources/systemd_service.md.erb +56 -56
- data/docs/resources/sysv_service.md.erb +56 -56
- data/docs/resources/upstart_service.md.erb +56 -56
- data/docs/resources/user.md.erb +139 -139
- data/docs/resources/users.md.erb +126 -126
- data/docs/resources/vbscript.md.erb +54 -54
- data/docs/resources/virtualization.md.erb +56 -56
- data/docs/resources/windows_feature.md.erb +46 -46
- data/docs/resources/windows_hotfix.md.erb +52 -52
- data/docs/resources/windows_task.md.erb +89 -89
- data/docs/resources/wmi.md.erb +80 -80
- data/docs/resources/x509_certificate.md.erb +150 -150
- data/docs/resources/xinetd_conf.md.erb +155 -155
- data/docs/resources/xml.md.erb +84 -84
- data/docs/resources/yaml.md.erb +68 -68
- data/docs/resources/yum.md.erb +97 -97
- data/docs/resources/zfs_dataset.md.erb +52 -52
- data/docs/resources/zfs_pool.md.erb +46 -46
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +172 -172
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +22 -22
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +53 -53
- data/inspec.gemspec +47 -47
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +185 -185
- data/lib/bundles/inspec-compliance/api.rb +316 -316
- data/lib/bundles/inspec-compliance/api/login.rb +152 -152
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +277 -277
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +86 -86
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +98 -98
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +390 -390
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +65 -65
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +204 -204
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +92 -92
- data/lib/inspec/base_cli.rb +324 -322
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +298 -298
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +13 -13
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +208 -208
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +253 -253
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +65 -65
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +132 -132
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +510 -510
- data/lib/inspec/profile_context.rb +207 -207
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +50 -33
- data/lib/inspec/reporters/base.rb +24 -23
- data/lib/inspec/reporters/cli.rb +395 -395
- data/lib/inspec/reporters/json.rb +134 -132
- data/lib/inspec/reporters/json_min.rb +48 -44
- data/lib/inspec/reporters/junit.rb +77 -77
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +176 -176
- data/lib/inspec/rule.rb +266 -266
- data/lib/inspec/runner.rb +340 -337
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +163 -185
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +186 -186
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +223 -223
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +397 -397
- data/lib/resources/aide_conf.rb +160 -160
- data/lib/resources/apache.rb +49 -49
- data/lib/resources/apache_conf.rb +158 -158
- data/lib/resources/apt.rb +150 -150
- data/lib/resources/audit_policy.rb +64 -64
- data/lib/resources/auditd.rb +233 -233
- data/lib/resources/auditd_conf.rb +56 -56
- data/lib/resources/auditd_rules.rb +205 -205
- data/lib/resources/bash.rb +36 -36
- data/lib/resources/bond.rb +69 -69
- data/lib/resources/bridge.rb +123 -123
- data/lib/resources/command.rb +69 -69
- data/lib/resources/cpan.rb +60 -60
- data/lib/resources/cran.rb +66 -66
- data/lib/resources/crontab.rb +169 -169
- data/lib/resources/csv.rb +58 -58
- data/lib/resources/dh_params.rb +83 -83
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +239 -239
- data/lib/resources/docker_container.rb +92 -92
- data/lib/resources/docker_image.rb +86 -86
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +94 -94
- data/lib/resources/elasticsearch.rb +168 -168
- data/lib/resources/etc_fstab.rb +102 -102
- data/lib/resources/etc_group.rb +157 -157
- data/lib/resources/etc_hosts.rb +81 -81
- data/lib/resources/etc_hosts_allow_deny.rb +122 -122
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +144 -144
- data/lib/resources/gem.rb +71 -71
- data/lib/resources/groups.rb +213 -213
- data/lib/resources/grub_conf.rb +237 -237
- data/lib/resources/host.rb +300 -300
- data/lib/resources/http.rb +252 -252
- data/lib/resources/iis_app.rb +103 -103
- data/lib/resources/iis_site.rb +147 -147
- data/lib/resources/inetd_conf.rb +63 -63
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +130 -130
- data/lib/resources/iptables.rb +70 -70
- data/lib/resources/json.rb +115 -115
- data/lib/resources/kernel_module.rb +110 -110
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +67 -67
- data/lib/resources/limits_conf.rb +56 -56
- data/lib/resources/login_def.rb +67 -67
- data/lib/resources/mount.rb +90 -90
- data/lib/resources/mssql_session.rb +103 -103
- data/lib/resources/mysql.rb +82 -82
- data/lib/resources/mysql_conf.rb +133 -133
- data/lib/resources/mysql_session.rb +72 -72
- data/lib/resources/nginx.rb +97 -97
- data/lib/resources/nginx_conf.rb +228 -228
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +59 -59
- data/lib/resources/oneget.rb +72 -72
- data/lib/resources/oracledb_session.rb +140 -140
- data/lib/resources/os.rb +46 -46
- data/lib/resources/os_env.rb +76 -76
- data/lib/resources/package.rb +357 -357
- data/lib/resources/packages.rb +112 -112
- data/lib/resources/parse_config.rb +116 -116
- data/lib/resources/passwd.rb +96 -96
- data/lib/resources/pip.rb +89 -89
- data/lib/resources/platform.rb +112 -112
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +132 -132
- data/lib/resources/postgres_conf.rb +122 -122
- data/lib/resources/postgres_hba_conf.rb +101 -101
- data/lib/resources/postgres_ident_conf.rb +79 -79
- data/lib/resources/postgres_session.rb +72 -72
- data/lib/resources/powershell.rb +58 -58
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +53 -53
- data/lib/resources/registry_key.rb +296 -296
- data/lib/resources/security_policy.rb +181 -181
- data/lib/resources/service.rb +784 -784
- data/lib/resources/shadow.rb +141 -141
- data/lib/resources/ssh_conf.rb +102 -102
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +26 -26
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +652 -652
- data/lib/resources/vbscript.rb +70 -70
- data/lib/resources/virtualization.rb +251 -251
- data/lib/resources/windows_feature.rb +85 -85
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +106 -106
- data/lib/resources/wmi.rb +114 -114
- data/lib/resources/x509_certificate.rb +143 -143
- data/lib/resources/xinetd.rb +112 -112
- data/lib/resources/xml.rb +45 -45
- data/lib/resources/yaml.rb +45 -45
- data/lib/resources/yum.rb +181 -181
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/filter.rb +272 -272
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +44 -44
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +85 -85
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +132 -132
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +2 -2
@@ -1,40 +1,40 @@
|
|
1
|
-
---
|
2
|
-
title: About the rabbitmq_config Resource
|
3
|
-
---
|
4
|
-
|
5
|
-
# rabbitmq_config
|
6
|
-
|
7
|
-
Use the `rabbitmq_config` InSpec audit resource to test configuration data for the RabbitMQ daemon located at `/etc/rabbitmq/rabbitmq.config` on Linux and Unix platforms.
|
8
|
-
|
9
|
-
<br>
|
10
|
-
|
11
|
-
## Syntax
|
12
|
-
|
13
|
-
A `rabbitmq_config` resource block declares the RabbitMQ configuration data to be tested:
|
14
|
-
|
15
|
-
describe rabbitmq_config.params('rabbit', 'ssl_listeners') do
|
16
|
-
it { should cmp 5671 }
|
17
|
-
end
|
18
|
-
|
19
|
-
where
|
20
|
-
|
21
|
-
* `params` is the list of parameters configured in the RabbitMQ config file
|
22
|
-
* `{ should cmp 5671 }` tests the value of `rabbit.ssl_listeners` as read from `rabbitmq.config` versus the value declared in the test
|
23
|
-
|
24
|
-
<br>
|
25
|
-
|
26
|
-
## Examples
|
27
|
-
|
28
|
-
The following examples show how to use this InSpec audit resource.
|
29
|
-
|
30
|
-
### Test the list of TCP listeners
|
31
|
-
|
32
|
-
describe rabbitmq_config.params('rabbit', 'tcp_listeners') do
|
33
|
-
it { should eq [5672] }
|
34
|
-
end
|
35
|
-
|
36
|
-
<br>
|
37
|
-
|
38
|
-
## Matchers
|
39
|
-
|
40
|
-
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
1
|
+
---
|
2
|
+
title: About the rabbitmq_config Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# rabbitmq_config
|
6
|
+
|
7
|
+
Use the `rabbitmq_config` InSpec audit resource to test configuration data for the RabbitMQ daemon located at `/etc/rabbitmq/rabbitmq.config` on Linux and Unix platforms.
|
8
|
+
|
9
|
+
<br>
|
10
|
+
|
11
|
+
## Syntax
|
12
|
+
|
13
|
+
A `rabbitmq_config` resource block declares the RabbitMQ configuration data to be tested:
|
14
|
+
|
15
|
+
describe rabbitmq_config.params('rabbit', 'ssl_listeners') do
|
16
|
+
it { should cmp 5671 }
|
17
|
+
end
|
18
|
+
|
19
|
+
where
|
20
|
+
|
21
|
+
* `params` is the list of parameters configured in the RabbitMQ config file
|
22
|
+
* `{ should cmp 5671 }` tests the value of `rabbit.ssl_listeners` as read from `rabbitmq.config` versus the value declared in the test
|
23
|
+
|
24
|
+
<br>
|
25
|
+
|
26
|
+
## Examples
|
27
|
+
|
28
|
+
The following examples show how to use this InSpec audit resource.
|
29
|
+
|
30
|
+
### Test the list of TCP listeners
|
31
|
+
|
32
|
+
describe rabbitmq_config.params('rabbit', 'tcp_listeners') do
|
33
|
+
it { should eq [5672] }
|
34
|
+
end
|
35
|
+
|
36
|
+
<br>
|
37
|
+
|
38
|
+
## Matchers
|
39
|
+
|
40
|
+
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
@@ -1,157 +1,157 @@
|
|
1
|
-
---
|
2
|
-
title: About the registry_key Resource
|
3
|
-
---
|
4
|
-
|
5
|
-
# registry_key
|
6
|
-
|
7
|
-
Use the `registry_key` InSpec audit resource to test key values in the Windows registry.
|
8
|
-
|
9
|
-
<br>
|
10
|
-
|
11
|
-
## Syntax
|
12
|
-
|
13
|
-
A `registry_key` resource block declares the item in the Windows registry, the path to a setting under that item, and then one (or more) name/value pairs to be tested.
|
14
|
-
|
15
|
-
Use a registry key name and path:
|
16
|
-
|
17
|
-
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do
|
18
|
-
its('Start') { should eq 2 }
|
19
|
-
end
|
20
|
-
|
21
|
-
Use only a registry key path:
|
22
|
-
|
23
|
-
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do
|
24
|
-
its('Start') { should eq 2 }
|
25
|
-
end
|
26
|
-
|
27
|
-
Or use a Ruby Hash:
|
28
|
-
|
29
|
-
describe registry_key({
|
30
|
-
name: 'Task Scheduler',
|
31
|
-
hive: 'HKEY_LOCAL_MACHINE',
|
32
|
-
key: '\SYSTEM\CurrentControlSet\services\Schedule'
|
33
|
-
}) do
|
34
|
-
its('Start') { should eq 2 }
|
35
|
-
end
|
36
|
-
|
37
|
-
|
38
|
-
### Registry Key Path Separators
|
39
|
-
|
40
|
-
A Windows registry key can be used as a string in Ruby code, such as when a registry key is used as the name of a recipe. In Ruby, when a registry key is enclosed in a double-quoted string (`" "`), the same backslash character (`\`) that is used to define the registry key path separator is also used in Ruby to define an escape character. Therefore, the registry key path separators must be escaped when they are enclosed in a double-quoted string. For example, the following registry key:
|
41
|
-
|
42
|
-
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Themes
|
43
|
-
|
44
|
-
may be encloused in a single-quoted string with a single backslash:
|
45
|
-
|
46
|
-
'HKCU\SOFTWARE\path\to\key\Themes'
|
47
|
-
|
48
|
-
or may be enclosed in a double-quoted string with an extra backslash as an escape character:
|
49
|
-
|
50
|
-
"HKCU\\SOFTWARE\\path\\to\\key\\Themes"
|
51
|
-
|
52
|
-
|
53
|
-
<p class="warning">
|
54
|
-
Please make sure that you use backslashes instead of forward slashes. Forward slashes will not work for registry keys.
|
55
|
-
</p>
|
56
|
-
|
57
|
-
# The following will not work:
|
58
|
-
# describe registry_key('HKLM/SOFTWARE/Microsoft/NET Framework Setup/NDP/v4/Full/1033') do
|
59
|
-
# its('Release') { should eq 378675 }
|
60
|
-
# end
|
61
|
-
# You should use:
|
62
|
-
describe registry_key('HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\1033') do
|
63
|
-
its('Release') { should eq 378675 }
|
64
|
-
end
|
65
|
-
|
66
|
-
<br>
|
67
|
-
|
68
|
-
## Examples
|
69
|
-
|
70
|
-
The following examples show how to use this InSpec audit resource.
|
71
|
-
|
72
|
-
### Test the start time for the Schedule service
|
73
|
-
|
74
|
-
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\...\Schedule') do
|
75
|
-
its('Start') { should eq 2 }
|
76
|
-
end
|
77
|
-
|
78
|
-
where `'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule'` is the full path to the setting.
|
79
|
-
|
80
|
-
### Use a regular expression in responses
|
81
|
-
|
82
|
-
describe registry_key({
|
83
|
-
hive: 'HKEY_LOCAL_MACHINE',
|
84
|
-
key: 'SOFTWARE\Microsoft\Windows NT\CurrentVersion'
|
85
|
-
}) do
|
86
|
-
its('ProductName') { should match /^[a-zA-Z0-9\(\)\s]*2012\s[rR]2[a-zA-Z0-9\(\)\s]*$/ }
|
87
|
-
end
|
88
|
-
|
89
|
-
<br>
|
90
|
-
|
91
|
-
## Matchers
|
92
|
-
|
93
|
-
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
94
|
-
|
95
|
-
### children
|
96
|
-
|
97
|
-
The `children` matcher return all of the child items of a registry key. A regular expression may be used to filter child items:
|
98
|
-
|
99
|
-
describe registry_key('Key Name', '\path\to\key').children(regex)
|
100
|
-
...
|
101
|
-
end
|
102
|
-
|
103
|
-
For example, to get all child items for a registry key:
|
104
|
-
|
105
|
-
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet').children do
|
106
|
-
it { should_not eq [] }
|
107
|
-
end
|
108
|
-
|
109
|
-
The following example shows how find a property that may exist against multiple registry keys, and then test that property for every registry key in which that property is located:
|
110
|
-
|
111
|
-
describe registry_key({
|
112
|
-
hive: 'HKEY_USERS'
|
113
|
-
}).children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}\\Software\\Policies\\Microsoft\\Windows\\Installer/).each { |key|
|
114
|
-
describe registry_key(key) do
|
115
|
-
its('AlwaysInstallElevated') { should eq 'value' }
|
116
|
-
end
|
117
|
-
}
|
118
|
-
|
119
|
-
### exist
|
120
|
-
|
121
|
-
The `exist` matcher tests if the registry key is present:
|
122
|
-
|
123
|
-
it { should exist }
|
124
|
-
|
125
|
-
### have_property
|
126
|
-
|
127
|
-
The `have_property` matcher tests if a property exists for a registry key:
|
128
|
-
|
129
|
-
it { should have_property 'value' }
|
130
|
-
|
131
|
-
### have\_property\_value
|
132
|
-
|
133
|
-
The `have_property_value` matcher tests if a property value exists for a registry key:
|
134
|
-
|
135
|
-
it { should have_property_value 'value' }
|
136
|
-
|
137
|
-
### have_value
|
138
|
-
|
139
|
-
The `have_value` matcher tests if a value exists for a registry key:
|
140
|
-
|
141
|
-
it { should have_value 'value' }
|
142
|
-
|
143
|
-
### name
|
144
|
-
|
145
|
-
The `name` matcher tests the value for the specified registry setting:
|
146
|
-
|
147
|
-
its('name') { should eq 'value' }
|
148
|
-
|
149
|
-
|
150
|
-
<p class="warning">
|
151
|
-
Any name with a dot will not work as expected: <code>its('explorer.exe') { should eq 'test' }</code>. This issue is tracked in <a href="https://github.com/chef/inspec/issues/1281">https://github.com/chef/inspec/issues/1281</a>
|
152
|
-
</p>
|
153
|
-
|
154
|
-
# instead of:
|
155
|
-
# its('explorer.exe') { should eq 'test' }
|
156
|
-
# use the following solution:
|
157
|
-
it { should have_property_value('explorer.exe', :string, 'test') }
|
1
|
+
---
|
2
|
+
title: About the registry_key Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# registry_key
|
6
|
+
|
7
|
+
Use the `registry_key` InSpec audit resource to test key values in the Windows registry.
|
8
|
+
|
9
|
+
<br>
|
10
|
+
|
11
|
+
## Syntax
|
12
|
+
|
13
|
+
A `registry_key` resource block declares the item in the Windows registry, the path to a setting under that item, and then one (or more) name/value pairs to be tested.
|
14
|
+
|
15
|
+
Use a registry key name and path:
|
16
|
+
|
17
|
+
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do
|
18
|
+
its('Start') { should eq 2 }
|
19
|
+
end
|
20
|
+
|
21
|
+
Use only a registry key path:
|
22
|
+
|
23
|
+
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do
|
24
|
+
its('Start') { should eq 2 }
|
25
|
+
end
|
26
|
+
|
27
|
+
Or use a Ruby Hash:
|
28
|
+
|
29
|
+
describe registry_key({
|
30
|
+
name: 'Task Scheduler',
|
31
|
+
hive: 'HKEY_LOCAL_MACHINE',
|
32
|
+
key: '\SYSTEM\CurrentControlSet\services\Schedule'
|
33
|
+
}) do
|
34
|
+
its('Start') { should eq 2 }
|
35
|
+
end
|
36
|
+
|
37
|
+
|
38
|
+
### Registry Key Path Separators
|
39
|
+
|
40
|
+
A Windows registry key can be used as a string in Ruby code, such as when a registry key is used as the name of a recipe. In Ruby, when a registry key is enclosed in a double-quoted string (`" "`), the same backslash character (`\`) that is used to define the registry key path separator is also used in Ruby to define an escape character. Therefore, the registry key path separators must be escaped when they are enclosed in a double-quoted string. For example, the following registry key:
|
41
|
+
|
42
|
+
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Themes
|
43
|
+
|
44
|
+
may be encloused in a single-quoted string with a single backslash:
|
45
|
+
|
46
|
+
'HKCU\SOFTWARE\path\to\key\Themes'
|
47
|
+
|
48
|
+
or may be enclosed in a double-quoted string with an extra backslash as an escape character:
|
49
|
+
|
50
|
+
"HKCU\\SOFTWARE\\path\\to\\key\\Themes"
|
51
|
+
|
52
|
+
|
53
|
+
<p class="warning">
|
54
|
+
Please make sure that you use backslashes instead of forward slashes. Forward slashes will not work for registry keys.
|
55
|
+
</p>
|
56
|
+
|
57
|
+
# The following will not work:
|
58
|
+
# describe registry_key('HKLM/SOFTWARE/Microsoft/NET Framework Setup/NDP/v4/Full/1033') do
|
59
|
+
# its('Release') { should eq 378675 }
|
60
|
+
# end
|
61
|
+
# You should use:
|
62
|
+
describe registry_key('HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\1033') do
|
63
|
+
its('Release') { should eq 378675 }
|
64
|
+
end
|
65
|
+
|
66
|
+
<br>
|
67
|
+
|
68
|
+
## Examples
|
69
|
+
|
70
|
+
The following examples show how to use this InSpec audit resource.
|
71
|
+
|
72
|
+
### Test the start time for the Schedule service
|
73
|
+
|
74
|
+
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\...\Schedule') do
|
75
|
+
its('Start') { should eq 2 }
|
76
|
+
end
|
77
|
+
|
78
|
+
where `'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule'` is the full path to the setting.
|
79
|
+
|
80
|
+
### Use a regular expression in responses
|
81
|
+
|
82
|
+
describe registry_key({
|
83
|
+
hive: 'HKEY_LOCAL_MACHINE',
|
84
|
+
key: 'SOFTWARE\Microsoft\Windows NT\CurrentVersion'
|
85
|
+
}) do
|
86
|
+
its('ProductName') { should match /^[a-zA-Z0-9\(\)\s]*2012\s[rR]2[a-zA-Z0-9\(\)\s]*$/ }
|
87
|
+
end
|
88
|
+
|
89
|
+
<br>
|
90
|
+
|
91
|
+
## Matchers
|
92
|
+
|
93
|
+
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
94
|
+
|
95
|
+
### children
|
96
|
+
|
97
|
+
The `children` matcher return all of the child items of a registry key. A regular expression may be used to filter child items:
|
98
|
+
|
99
|
+
describe registry_key('Key Name', '\path\to\key').children(regex)
|
100
|
+
...
|
101
|
+
end
|
102
|
+
|
103
|
+
For example, to get all child items for a registry key:
|
104
|
+
|
105
|
+
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet').children do
|
106
|
+
it { should_not eq [] }
|
107
|
+
end
|
108
|
+
|
109
|
+
The following example shows how find a property that may exist against multiple registry keys, and then test that property for every registry key in which that property is located:
|
110
|
+
|
111
|
+
describe registry_key({
|
112
|
+
hive: 'HKEY_USERS'
|
113
|
+
}).children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}\\Software\\Policies\\Microsoft\\Windows\\Installer/).each { |key|
|
114
|
+
describe registry_key(key) do
|
115
|
+
its('AlwaysInstallElevated') { should eq 'value' }
|
116
|
+
end
|
117
|
+
}
|
118
|
+
|
119
|
+
### exist
|
120
|
+
|
121
|
+
The `exist` matcher tests if the registry key is present:
|
122
|
+
|
123
|
+
it { should exist }
|
124
|
+
|
125
|
+
### have_property
|
126
|
+
|
127
|
+
The `have_property` matcher tests if a property exists for a registry key:
|
128
|
+
|
129
|
+
it { should have_property 'value' }
|
130
|
+
|
131
|
+
### have\_property\_value
|
132
|
+
|
133
|
+
The `have_property_value` matcher tests if a property value exists for a registry key:
|
134
|
+
|
135
|
+
it { should have_property_value 'value' }
|
136
|
+
|
137
|
+
### have_value
|
138
|
+
|
139
|
+
The `have_value` matcher tests if a value exists for a registry key:
|
140
|
+
|
141
|
+
it { should have_value 'value' }
|
142
|
+
|
143
|
+
### name
|
144
|
+
|
145
|
+
The `name` matcher tests the value for the specified registry setting:
|
146
|
+
|
147
|
+
its('name') { should eq 'value' }
|
148
|
+
|
149
|
+
|
150
|
+
<p class="warning">
|
151
|
+
Any name with a dot will not work as expected: <code>its('explorer.exe') { should eq 'test' }</code>. This issue is tracked in <a href="https://github.com/chef/inspec/issues/1281">https://github.com/chef/inspec/issues/1281</a>
|
152
|
+
</p>
|
153
|
+
|
154
|
+
# instead of:
|
155
|
+
# its('explorer.exe') { should eq 'test' }
|
156
|
+
# use the following solution:
|
157
|
+
it { should have_property_value('explorer.exe', :string, 'test') }
|
@@ -1,56 +1,56 @@
|
|
1
|
-
---
|
2
|
-
title: About the runit_service Resource
|
3
|
-
---
|
4
|
-
|
5
|
-
# runit_service
|
6
|
-
|
7
|
-
Use the `runit_service` InSpec audit resource to test a service using runit.
|
8
|
-
|
9
|
-
<br>
|
10
|
-
|
11
|
-
## Syntax
|
12
|
-
|
13
|
-
A `runit_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
|
14
|
-
|
15
|
-
describe runit_service('service_name') do
|
16
|
-
it { should be_installed }
|
17
|
-
it { should be_enabled }
|
18
|
-
it { should be_running }
|
19
|
-
end
|
20
|
-
|
21
|
-
where
|
22
|
-
|
23
|
-
* `('service_name')` must specify a service name
|
24
|
-
* `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
|
25
|
-
|
26
|
-
The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example:
|
27
|
-
|
28
|
-
describe runit_service('service_name', '/path/to/control') do
|
29
|
-
it { should be_enabled }
|
30
|
-
it { should be_installed }
|
31
|
-
it { should be_running }
|
32
|
-
end
|
33
|
-
|
34
|
-
<br>
|
35
|
-
|
36
|
-
## Matchers
|
37
|
-
|
38
|
-
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
39
|
-
|
40
|
-
### be_enabled
|
41
|
-
|
42
|
-
The `be_enabled` matcher tests if the named service is enabled:
|
43
|
-
|
44
|
-
it { should be_enabled }
|
45
|
-
|
46
|
-
### be_installed
|
47
|
-
|
48
|
-
The `be_installed` matcher tests if the named service is installed:
|
49
|
-
|
50
|
-
it { should be_installed }
|
51
|
-
|
52
|
-
### be_running
|
53
|
-
|
54
|
-
The `be_running` matcher tests if the named service is running:
|
55
|
-
|
56
|
-
it { should be_running }
|
1
|
+
---
|
2
|
+
title: About the runit_service Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# runit_service
|
6
|
+
|
7
|
+
Use the `runit_service` InSpec audit resource to test a service using runit.
|
8
|
+
|
9
|
+
<br>
|
10
|
+
|
11
|
+
## Syntax
|
12
|
+
|
13
|
+
A `runit_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
|
14
|
+
|
15
|
+
describe runit_service('service_name') do
|
16
|
+
it { should be_installed }
|
17
|
+
it { should be_enabled }
|
18
|
+
it { should be_running }
|
19
|
+
end
|
20
|
+
|
21
|
+
where
|
22
|
+
|
23
|
+
* `('service_name')` must specify a service name
|
24
|
+
* `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
|
25
|
+
|
26
|
+
The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example:
|
27
|
+
|
28
|
+
describe runit_service('service_name', '/path/to/control') do
|
29
|
+
it { should be_enabled }
|
30
|
+
it { should be_installed }
|
31
|
+
it { should be_running }
|
32
|
+
end
|
33
|
+
|
34
|
+
<br>
|
35
|
+
|
36
|
+
## Matchers
|
37
|
+
|
38
|
+
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
39
|
+
|
40
|
+
### be_enabled
|
41
|
+
|
42
|
+
The `be_enabled` matcher tests if the named service is enabled:
|
43
|
+
|
44
|
+
it { should be_enabled }
|
45
|
+
|
46
|
+
### be_installed
|
47
|
+
|
48
|
+
The `be_installed` matcher tests if the named service is installed:
|
49
|
+
|
50
|
+
it { should be_installed }
|
51
|
+
|
52
|
+
### be_running
|
53
|
+
|
54
|
+
The `be_running` matcher tests if the named service is running:
|
55
|
+
|
56
|
+
it { should be_running }
|