inspec 1.51.6 → 1.51.15

Sign up to get free protection for your applications and to get access to all the features.
Files changed (404) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +101 -101
  3. data/CHANGELOG.md +2915 -2902
  4. data/Gemfile +53 -53
  5. data/LICENSE +14 -14
  6. data/MAINTAINERS.md +31 -31
  7. data/MAINTAINERS.toml +47 -47
  8. data/README.md +419 -419
  9. data/Rakefile +167 -167
  10. data/bin/inspec +12 -12
  11. data/docs/.gitignore +2 -2
  12. data/docs/README.md +40 -40
  13. data/docs/dsl_inspec.md +258 -258
  14. data/docs/dsl_resource.md +93 -93
  15. data/docs/glossary.md +99 -99
  16. data/docs/habitat.md +191 -191
  17. data/docs/inspec_and_friends.md +107 -107
  18. data/docs/matchers.md +165 -165
  19. data/docs/migration.md +293 -293
  20. data/docs/plugin_kitchen_inspec.md +49 -49
  21. data/docs/profiles.md +370 -370
  22. data/docs/resources/aide_conf.md.erb +78 -78
  23. data/docs/resources/apache.md.erb +66 -66
  24. data/docs/resources/apache_conf.md.erb +67 -67
  25. data/docs/resources/apt.md.erb +70 -70
  26. data/docs/resources/audit_policy.md.erb +46 -46
  27. data/docs/resources/auditd.md.erb +78 -78
  28. data/docs/resources/auditd_conf.md.erb +68 -68
  29. data/docs/resources/auditd_rules.md.erb +116 -116
  30. data/docs/resources/bash.md.erb +74 -74
  31. data/docs/resources/bond.md.erb +89 -89
  32. data/docs/resources/bridge.md.erb +54 -54
  33. data/docs/resources/bsd_service.md.erb +65 -65
  34. data/docs/resources/command.md.erb +137 -137
  35. data/docs/resources/cpan.md.erb +77 -77
  36. data/docs/resources/cran.md.erb +63 -63
  37. data/docs/resources/crontab.md.erb +87 -87
  38. data/docs/resources/csv.md.erb +53 -53
  39. data/docs/resources/dh_params.md.erb +216 -216
  40. data/docs/resources/directory.md.erb +28 -28
  41. data/docs/resources/docker.md.erb +163 -163
  42. data/docs/resources/docker_container.md.erb +99 -99
  43. data/docs/resources/docker_image.md.erb +93 -93
  44. data/docs/resources/docker_service.md.erb +113 -113
  45. data/docs/resources/elasticsearch.md.erb +230 -230
  46. data/docs/resources/etc_fstab.md.erb +124 -124
  47. data/docs/resources/etc_group.md.erb +74 -74
  48. data/docs/resources/etc_hosts.md.erb +75 -75
  49. data/docs/resources/etc_hosts_allow.md.erb +73 -73
  50. data/docs/resources/etc_hosts_deny.md.erb +73 -73
  51. data/docs/resources/file.md.erb +512 -512
  52. data/docs/resources/filesystem.md.erb +40 -40
  53. data/docs/resources/firewalld.md.erb +105 -105
  54. data/docs/resources/gem.md.erb +78 -78
  55. data/docs/resources/group.md.erb +60 -60
  56. data/docs/resources/grub_conf.md.erb +101 -100
  57. data/docs/resources/host.md.erb +77 -77
  58. data/docs/resources/http.md.erb +104 -98
  59. data/docs/resources/iis_app.md.erb +120 -116
  60. data/docs/resources/iis_site.md.erb +132 -128
  61. data/docs/resources/inetd_conf.md.erb +95 -84
  62. data/docs/resources/ini.md.erb +72 -69
  63. data/docs/resources/interface.md.erb +55 -46
  64. data/docs/resources/iptables.md.erb +63 -63
  65. data/docs/resources/json.md.erb +61 -61
  66. data/docs/resources/kernel_module.md.erb +106 -106
  67. data/docs/resources/kernel_parameter.md.erb +58 -58
  68. data/docs/resources/key_rsa.md.erb +73 -73
  69. data/docs/resources/launchd_service.md.erb +56 -56
  70. data/docs/resources/limits_conf.md.erb +66 -66
  71. data/docs/resources/login_def.md.erb +62 -62
  72. data/docs/resources/mount.md.erb +68 -68
  73. data/docs/resources/mssql_session.md.erb +59 -59
  74. data/docs/resources/mysql_conf.md.erb +98 -98
  75. data/docs/resources/mysql_session.md.erb +73 -73
  76. data/docs/resources/nginx.md.erb +78 -78
  77. data/docs/resources/nginx_conf.md.erb +127 -127
  78. data/docs/resources/npm.md.erb +59 -59
  79. data/docs/resources/ntp_conf.md.erb +59 -59
  80. data/docs/resources/oneget.md.erb +52 -52
  81. data/docs/resources/oracledb_session.md.erb +51 -51
  82. data/docs/resources/os.md.erb +140 -140
  83. data/docs/resources/os_env.md.erb +77 -77
  84. data/docs/resources/package.md.erb +119 -119
  85. data/docs/resources/packages.md.erb +66 -66
  86. data/docs/resources/parse_config.md.erb +102 -102
  87. data/docs/resources/parse_config_file.md.erb +137 -137
  88. data/docs/resources/passwd.md.erb +140 -140
  89. data/docs/resources/pip.md.erb +66 -66
  90. data/docs/resources/port.md.erb +136 -136
  91. data/docs/resources/postgres_conf.md.erb +78 -78
  92. data/docs/resources/postgres_hba_conf.md.erb +92 -92
  93. data/docs/resources/postgres_ident_conf.md.erb +75 -75
  94. data/docs/resources/postgres_session.md.erb +68 -68
  95. data/docs/resources/powershell.md.erb +101 -101
  96. data/docs/resources/processes.md.erb +107 -107
  97. data/docs/resources/rabbitmq_config.md.erb +40 -40
  98. data/docs/resources/registry_key.md.erb +157 -157
  99. data/docs/resources/runit_service.md.erb +56 -56
  100. data/docs/resources/security_policy.md.erb +46 -46
  101. data/docs/resources/service.md.erb +120 -120
  102. data/docs/resources/shadow.md.erb +143 -143
  103. data/docs/resources/ssh_config.md.erb +79 -79
  104. data/docs/resources/sshd_config.md.erb +82 -82
  105. data/docs/resources/ssl.md.erb +118 -118
  106. data/docs/resources/sys_info.md.erb +41 -41
  107. data/docs/resources/systemd_service.md.erb +56 -56
  108. data/docs/resources/sysv_service.md.erb +56 -56
  109. data/docs/resources/upstart_service.md.erb +56 -56
  110. data/docs/resources/user.md.erb +139 -139
  111. data/docs/resources/users.md.erb +126 -126
  112. data/docs/resources/vbscript.md.erb +54 -54
  113. data/docs/resources/virtualization.md.erb +56 -56
  114. data/docs/resources/windows_feature.md.erb +46 -46
  115. data/docs/resources/windows_hotfix.md.erb +52 -52
  116. data/docs/resources/windows_task.md.erb +89 -89
  117. data/docs/resources/wmi.md.erb +80 -80
  118. data/docs/resources/x509_certificate.md.erb +150 -150
  119. data/docs/resources/xinetd_conf.md.erb +155 -155
  120. data/docs/resources/xml.md.erb +84 -84
  121. data/docs/resources/yaml.md.erb +68 -68
  122. data/docs/resources/yum.md.erb +97 -97
  123. data/docs/resources/zfs_dataset.md.erb +52 -52
  124. data/docs/resources/zfs_pool.md.erb +46 -46
  125. data/docs/ruby_usage.md +203 -203
  126. data/docs/shared/matcher_be.md.erb +1 -1
  127. data/docs/shared/matcher_cmp.md.erb +43 -43
  128. data/docs/shared/matcher_eq.md.erb +3 -3
  129. data/docs/shared/matcher_include.md.erb +1 -1
  130. data/docs/shared/matcher_match.md.erb +1 -1
  131. data/docs/shell.md +172 -172
  132. data/examples/README.md +8 -8
  133. data/examples/inheritance/README.md +65 -65
  134. data/examples/inheritance/controls/example.rb +14 -14
  135. data/examples/inheritance/inspec.yml +15 -15
  136. data/examples/kitchen-ansible/.kitchen.yml +25 -25
  137. data/examples/kitchen-ansible/Gemfile +19 -19
  138. data/examples/kitchen-ansible/README.md +53 -53
  139. data/examples/kitchen-ansible/files/nginx.repo +6 -6
  140. data/examples/kitchen-ansible/tasks/main.yml +16 -16
  141. data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
  142. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
  143. data/examples/kitchen-chef/.kitchen.yml +20 -20
  144. data/examples/kitchen-chef/Berksfile +3 -3
  145. data/examples/kitchen-chef/Gemfile +19 -19
  146. data/examples/kitchen-chef/README.md +27 -27
  147. data/examples/kitchen-chef/metadata.rb +7 -7
  148. data/examples/kitchen-chef/recipes/default.rb +6 -6
  149. data/examples/kitchen-chef/recipes/nginx.rb +30 -30
  150. data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
  151. data/examples/kitchen-puppet/.kitchen.yml +22 -22
  152. data/examples/kitchen-puppet/Gemfile +20 -20
  153. data/examples/kitchen-puppet/Puppetfile +25 -25
  154. data/examples/kitchen-puppet/README.md +53 -53
  155. data/examples/kitchen-puppet/manifests/site.pp +33 -33
  156. data/examples/kitchen-puppet/metadata.json +11 -11
  157. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
  158. data/examples/meta-profile/README.md +37 -37
  159. data/examples/meta-profile/controls/example.rb +13 -13
  160. data/examples/meta-profile/inspec.yml +13 -13
  161. data/examples/profile-attribute.yml +2 -2
  162. data/examples/profile-attribute/README.md +14 -14
  163. data/examples/profile-attribute/controls/example.rb +11 -11
  164. data/examples/profile-attribute/inspec.yml +8 -8
  165. data/examples/profile-sensitive/README.md +29 -29
  166. data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
  167. data/examples/profile-sensitive/controls/sensitive.rb +9 -9
  168. data/examples/profile-sensitive/inspec.yml +8 -8
  169. data/examples/profile/README.md +48 -48
  170. data/examples/profile/controls/example.rb +23 -23
  171. data/examples/profile/controls/gordon.rb +36 -36
  172. data/examples/profile/controls/meta.rb +34 -34
  173. data/examples/profile/inspec.yml +10 -10
  174. data/examples/profile/libraries/gordon_config.rb +53 -53
  175. data/inspec.gemspec +47 -47
  176. data/lib/bundles/README.md +3 -3
  177. data/lib/bundles/inspec-artifact.rb +7 -7
  178. data/lib/bundles/inspec-artifact/README.md +1 -1
  179. data/lib/bundles/inspec-artifact/cli.rb +277 -277
  180. data/lib/bundles/inspec-compliance.rb +16 -16
  181. data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
  182. data/lib/bundles/inspec-compliance/README.md +185 -185
  183. data/lib/bundles/inspec-compliance/api.rb +316 -316
  184. data/lib/bundles/inspec-compliance/api/login.rb +152 -152
  185. data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
  186. data/lib/bundles/inspec-compliance/cli.rb +277 -277
  187. data/lib/bundles/inspec-compliance/configuration.rb +103 -103
  188. data/lib/bundles/inspec-compliance/http.rb +86 -86
  189. data/lib/bundles/inspec-compliance/support.rb +36 -36
  190. data/lib/bundles/inspec-compliance/target.rb +98 -98
  191. data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
  192. data/lib/bundles/inspec-habitat.rb +12 -12
  193. data/lib/bundles/inspec-habitat/cli.rb +36 -36
  194. data/lib/bundles/inspec-habitat/log.rb +10 -10
  195. data/lib/bundles/inspec-habitat/profile.rb +390 -390
  196. data/lib/bundles/inspec-init.rb +8 -8
  197. data/lib/bundles/inspec-init/README.md +31 -31
  198. data/lib/bundles/inspec-init/cli.rb +97 -97
  199. data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
  200. data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
  201. data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
  202. data/lib/bundles/inspec-supermarket.rb +13 -13
  203. data/lib/bundles/inspec-supermarket/README.md +45 -45
  204. data/lib/bundles/inspec-supermarket/api.rb +84 -84
  205. data/lib/bundles/inspec-supermarket/cli.rb +65 -65
  206. data/lib/bundles/inspec-supermarket/target.rb +34 -34
  207. data/lib/fetchers/git.rb +163 -163
  208. data/lib/fetchers/local.rb +74 -74
  209. data/lib/fetchers/mock.rb +35 -35
  210. data/lib/fetchers/url.rb +204 -204
  211. data/lib/inspec.rb +24 -24
  212. data/lib/inspec/archive/tar.rb +29 -29
  213. data/lib/inspec/archive/zip.rb +19 -19
  214. data/lib/inspec/backend.rb +92 -92
  215. data/lib/inspec/base_cli.rb +324 -322
  216. data/lib/inspec/cached_fetcher.rb +66 -66
  217. data/lib/inspec/cli.rb +298 -298
  218. data/lib/inspec/completions/bash.sh.erb +45 -45
  219. data/lib/inspec/completions/fish.sh.erb +34 -34
  220. data/lib/inspec/completions/zsh.sh.erb +61 -61
  221. data/lib/inspec/control_eval_context.rb +179 -179
  222. data/lib/inspec/dependencies/cache.rb +72 -72
  223. data/lib/inspec/dependencies/dependency_set.rb +92 -92
  224. data/lib/inspec/dependencies/lockfile.rb +115 -115
  225. data/lib/inspec/dependencies/requirement.rb +123 -123
  226. data/lib/inspec/dependencies/resolver.rb +86 -86
  227. data/lib/inspec/describe.rb +27 -27
  228. data/lib/inspec/dsl.rb +66 -66
  229. data/lib/inspec/dsl_shared.rb +33 -33
  230. data/lib/inspec/env_printer.rb +157 -157
  231. data/lib/inspec/errors.rb +13 -13
  232. data/lib/inspec/exceptions.rb +12 -12
  233. data/lib/inspec/expect.rb +45 -45
  234. data/lib/inspec/fetcher.rb +45 -45
  235. data/lib/inspec/file_provider.rb +275 -275
  236. data/lib/inspec/formatters.rb +3 -3
  237. data/lib/inspec/formatters/base.rb +208 -208
  238. data/lib/inspec/formatters/json_rspec.rb +20 -20
  239. data/lib/inspec/formatters/show_progress.rb +12 -12
  240. data/lib/inspec/library_eval_context.rb +58 -58
  241. data/lib/inspec/log.rb +11 -11
  242. data/lib/inspec/metadata.rb +253 -253
  243. data/lib/inspec/method_source.rb +24 -24
  244. data/lib/inspec/objects.rb +14 -14
  245. data/lib/inspec/objects/attribute.rb +65 -65
  246. data/lib/inspec/objects/control.rb +61 -61
  247. data/lib/inspec/objects/describe.rb +92 -92
  248. data/lib/inspec/objects/each_loop.rb +36 -36
  249. data/lib/inspec/objects/list.rb +15 -15
  250. data/lib/inspec/objects/or_test.rb +40 -40
  251. data/lib/inspec/objects/ruby_helper.rb +15 -15
  252. data/lib/inspec/objects/tag.rb +27 -27
  253. data/lib/inspec/objects/test.rb +87 -87
  254. data/lib/inspec/objects/value.rb +27 -27
  255. data/lib/inspec/plugins.rb +60 -60
  256. data/lib/inspec/plugins/cli.rb +24 -24
  257. data/lib/inspec/plugins/fetcher.rb +86 -86
  258. data/lib/inspec/plugins/resource.rb +132 -132
  259. data/lib/inspec/plugins/secret.rb +15 -15
  260. data/lib/inspec/plugins/source_reader.rb +40 -40
  261. data/lib/inspec/polyfill.rb +12 -12
  262. data/lib/inspec/profile.rb +510 -510
  263. data/lib/inspec/profile_context.rb +207 -207
  264. data/lib/inspec/profile_vendor.rb +66 -66
  265. data/lib/inspec/reporters.rb +50 -33
  266. data/lib/inspec/reporters/base.rb +24 -23
  267. data/lib/inspec/reporters/cli.rb +395 -395
  268. data/lib/inspec/reporters/json.rb +134 -132
  269. data/lib/inspec/reporters/json_min.rb +48 -44
  270. data/lib/inspec/reporters/junit.rb +77 -77
  271. data/lib/inspec/require_loader.rb +33 -33
  272. data/lib/inspec/resource.rb +176 -176
  273. data/lib/inspec/rule.rb +266 -266
  274. data/lib/inspec/runner.rb +340 -337
  275. data/lib/inspec/runner_mock.rb +41 -41
  276. data/lib/inspec/runner_rspec.rb +163 -185
  277. data/lib/inspec/runtime_profile.rb +26 -26
  278. data/lib/inspec/schema.rb +186 -186
  279. data/lib/inspec/secrets.rb +19 -19
  280. data/lib/inspec/secrets/yaml.rb +30 -30
  281. data/lib/inspec/shell.rb +223 -223
  282. data/lib/inspec/shell_detector.rb +90 -90
  283. data/lib/inspec/source_reader.rb +29 -29
  284. data/lib/inspec/version.rb +8 -8
  285. data/lib/matchers/matchers.rb +397 -397
  286. data/lib/resources/aide_conf.rb +160 -160
  287. data/lib/resources/apache.rb +49 -49
  288. data/lib/resources/apache_conf.rb +158 -158
  289. data/lib/resources/apt.rb +150 -150
  290. data/lib/resources/audit_policy.rb +64 -64
  291. data/lib/resources/auditd.rb +233 -233
  292. data/lib/resources/auditd_conf.rb +56 -56
  293. data/lib/resources/auditd_rules.rb +205 -205
  294. data/lib/resources/bash.rb +36 -36
  295. data/lib/resources/bond.rb +69 -69
  296. data/lib/resources/bridge.rb +123 -123
  297. data/lib/resources/command.rb +69 -69
  298. data/lib/resources/cpan.rb +60 -60
  299. data/lib/resources/cran.rb +66 -66
  300. data/lib/resources/crontab.rb +169 -169
  301. data/lib/resources/csv.rb +58 -58
  302. data/lib/resources/dh_params.rb +83 -83
  303. data/lib/resources/directory.rb +25 -25
  304. data/lib/resources/docker.rb +239 -239
  305. data/lib/resources/docker_container.rb +92 -92
  306. data/lib/resources/docker_image.rb +86 -86
  307. data/lib/resources/docker_object.rb +57 -57
  308. data/lib/resources/docker_service.rb +94 -94
  309. data/lib/resources/elasticsearch.rb +168 -168
  310. data/lib/resources/etc_fstab.rb +102 -102
  311. data/lib/resources/etc_group.rb +157 -157
  312. data/lib/resources/etc_hosts.rb +81 -81
  313. data/lib/resources/etc_hosts_allow_deny.rb +122 -122
  314. data/lib/resources/file.rb +298 -298
  315. data/lib/resources/filesystem.rb +31 -31
  316. data/lib/resources/firewalld.rb +144 -144
  317. data/lib/resources/gem.rb +71 -71
  318. data/lib/resources/groups.rb +213 -213
  319. data/lib/resources/grub_conf.rb +237 -237
  320. data/lib/resources/host.rb +300 -300
  321. data/lib/resources/http.rb +252 -252
  322. data/lib/resources/iis_app.rb +103 -103
  323. data/lib/resources/iis_site.rb +147 -147
  324. data/lib/resources/inetd_conf.rb +63 -63
  325. data/lib/resources/ini.rb +29 -29
  326. data/lib/resources/interface.rb +130 -130
  327. data/lib/resources/iptables.rb +70 -70
  328. data/lib/resources/json.rb +115 -115
  329. data/lib/resources/kernel_module.rb +110 -110
  330. data/lib/resources/kernel_parameter.rb +58 -58
  331. data/lib/resources/key_rsa.rb +67 -67
  332. data/lib/resources/limits_conf.rb +56 -56
  333. data/lib/resources/login_def.rb +67 -67
  334. data/lib/resources/mount.rb +90 -90
  335. data/lib/resources/mssql_session.rb +103 -103
  336. data/lib/resources/mysql.rb +82 -82
  337. data/lib/resources/mysql_conf.rb +133 -133
  338. data/lib/resources/mysql_session.rb +72 -72
  339. data/lib/resources/nginx.rb +97 -97
  340. data/lib/resources/nginx_conf.rb +228 -228
  341. data/lib/resources/npm.rb +48 -48
  342. data/lib/resources/ntp_conf.rb +59 -59
  343. data/lib/resources/oneget.rb +72 -72
  344. data/lib/resources/oracledb_session.rb +140 -140
  345. data/lib/resources/os.rb +46 -46
  346. data/lib/resources/os_env.rb +76 -76
  347. data/lib/resources/package.rb +357 -357
  348. data/lib/resources/packages.rb +112 -112
  349. data/lib/resources/parse_config.rb +116 -116
  350. data/lib/resources/passwd.rb +96 -96
  351. data/lib/resources/pip.rb +89 -89
  352. data/lib/resources/platform.rb +112 -112
  353. data/lib/resources/port.rb +771 -771
  354. data/lib/resources/postgres.rb +132 -132
  355. data/lib/resources/postgres_conf.rb +122 -122
  356. data/lib/resources/postgres_hba_conf.rb +101 -101
  357. data/lib/resources/postgres_ident_conf.rb +79 -79
  358. data/lib/resources/postgres_session.rb +72 -72
  359. data/lib/resources/powershell.rb +58 -58
  360. data/lib/resources/processes.rb +204 -204
  361. data/lib/resources/rabbitmq_conf.rb +53 -53
  362. data/lib/resources/registry_key.rb +296 -296
  363. data/lib/resources/security_policy.rb +181 -181
  364. data/lib/resources/service.rb +784 -784
  365. data/lib/resources/shadow.rb +141 -141
  366. data/lib/resources/ssh_conf.rb +102 -102
  367. data/lib/resources/ssl.rb +99 -99
  368. data/lib/resources/sys_info.rb +26 -26
  369. data/lib/resources/toml.rb +32 -32
  370. data/lib/resources/users.rb +652 -652
  371. data/lib/resources/vbscript.rb +70 -70
  372. data/lib/resources/virtualization.rb +251 -251
  373. data/lib/resources/windows_feature.rb +85 -85
  374. data/lib/resources/windows_hotfix.rb +35 -35
  375. data/lib/resources/windows_task.rb +106 -106
  376. data/lib/resources/wmi.rb +114 -114
  377. data/lib/resources/x509_certificate.rb +143 -143
  378. data/lib/resources/xinetd.rb +112 -112
  379. data/lib/resources/xml.rb +45 -45
  380. data/lib/resources/yaml.rb +45 -45
  381. data/lib/resources/yum.rb +181 -181
  382. data/lib/resources/zfs_dataset.rb +60 -60
  383. data/lib/resources/zfs_pool.rb +49 -49
  384. data/lib/source_readers/flat.rb +39 -39
  385. data/lib/source_readers/inspec.rb +75 -75
  386. data/lib/utils/command_wrapper.rb +27 -27
  387. data/lib/utils/convert.rb +12 -12
  388. data/lib/utils/database_helpers.rb +77 -77
  389. data/lib/utils/erlang_parser.rb +192 -192
  390. data/lib/utils/filter.rb +272 -272
  391. data/lib/utils/filter_array.rb +27 -27
  392. data/lib/utils/find_files.rb +44 -44
  393. data/lib/utils/hash.rb +41 -41
  394. data/lib/utils/json_log.rb +18 -18
  395. data/lib/utils/latest_version.rb +22 -22
  396. data/lib/utils/modulator.rb +12 -12
  397. data/lib/utils/nginx_parser.rb +85 -85
  398. data/lib/utils/object_traversal.rb +49 -49
  399. data/lib/utils/parser.rb +274 -274
  400. data/lib/utils/plugin_registry.rb +93 -93
  401. data/lib/utils/simpleconfig.rb +132 -132
  402. data/lib/utils/spdx.rb +13 -13
  403. data/lib/utils/spdx.txt +343 -343
  404. metadata +2 -2
@@ -1,46 +1,46 @@
1
- ---
2
- title: About the windows_feature Resource
3
- ---
4
-
5
- # windows_feature
6
-
7
- Use the `windows_feature` InSpec audit resource to test features on Windows via the `Get-WindowsFeature` cmdlet.
8
-
9
- <br>
10
-
11
- ## Syntax
12
-
13
- A `windows_feature` resource block declares the name of the Windows feature, tests if that feature is installed, and then returns information about that feature:
14
-
15
- describe windows_feature('feature_name') do
16
- it { should be_installed }
17
- end
18
-
19
- where
20
-
21
- * `('feature_name')` must specify a Windows feature name, such as `DHCP Server` or `IIS-Webserver`
22
- * `be_installed` is a valid matcher for this resource
23
-
24
- <br>
25
-
26
- ## Examples
27
-
28
- The following examples show how to use this InSpec audit resource.
29
-
30
- ### Test the DHCP Server feature
31
-
32
- describe windows_feature('DHCP Server') do
33
- it{ should be_installed }
34
- end
35
-
36
- <br>
37
-
38
- ## Matchers
39
-
40
- For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
41
-
42
- ### be_installed
43
-
44
- The `be_installed` matcher tests if the named Windows feature is installed:
45
-
46
- it { should be_installed }
1
+ ---
2
+ title: About the windows_feature Resource
3
+ ---
4
+
5
+ # windows_feature
6
+
7
+ Use the `windows_feature` InSpec audit resource to test features on Windows via the `Get-WindowsFeature` cmdlet.
8
+
9
+ <br>
10
+
11
+ ## Syntax
12
+
13
+ A `windows_feature` resource block declares the name of the Windows feature, tests if that feature is installed, and then returns information about that feature:
14
+
15
+ describe windows_feature('feature_name') do
16
+ it { should be_installed }
17
+ end
18
+
19
+ where
20
+
21
+ * `('feature_name')` must specify a Windows feature name, such as `DHCP Server` or `IIS-Webserver`
22
+ * `be_installed` is a valid matcher for this resource
23
+
24
+ <br>
25
+
26
+ ## Examples
27
+
28
+ The following examples show how to use this InSpec audit resource.
29
+
30
+ ### Test the DHCP Server feature
31
+
32
+ describe windows_feature('DHCP Server') do
33
+ it{ should be_installed }
34
+ end
35
+
36
+ <br>
37
+
38
+ ## Matchers
39
+
40
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
41
+
42
+ ### be_installed
43
+
44
+ The `be_installed` matcher tests if the named Windows feature is installed:
45
+
46
+ it { should be_installed }
@@ -1,52 +1,52 @@
1
- ---
2
- title: About the windows_hotfix Resource
3
- ---
4
-
5
- # windows_hotfix
6
-
7
- Use the `windows_hotfix` InSpec audit resource to test if the hotfix has been installed on a Windows system.
8
-
9
- <br>
10
-
11
- ## Syntax
12
-
13
- A `windows_hotfix` resource block declares a hotfix to validate:
14
-
15
- describe windows_hotfix('name') do
16
- it { should be_installed }
17
- end
18
-
19
- where
20
-
21
- * `('name')` must specify the name of a hotfix, such as `'KB4012213'`
22
- * `be_installed` is a valid matcher for this resource
23
-
24
- <br>
25
-
26
- ## Examples
27
-
28
- The following examples show how to use this InSpec audit resource.
29
-
30
- ### Test if KB4012213 is installed
31
-
32
- describe windows_hotfix('KB4012213') do
33
- it { should be_installed }
34
- end
35
-
36
- ### Test that a hotfix is not installed
37
-
38
- describe windows_hotfix('KB9999999') do
39
- it { should_not be_installed }
40
- end
41
-
42
- <br>
43
-
44
- ## Matchers
45
-
46
- For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
47
-
48
- ### be_installed
49
-
50
- The `be_installed` matcher tests if the named hotfix is installed on the system:
51
-
52
- it { should be_installed }
1
+ ---
2
+ title: About the windows_hotfix Resource
3
+ ---
4
+
5
+ # windows_hotfix
6
+
7
+ Use the `windows_hotfix` InSpec audit resource to test if the hotfix has been installed on a Windows system.
8
+
9
+ <br>
10
+
11
+ ## Syntax
12
+
13
+ A `windows_hotfix` resource block declares a hotfix to validate:
14
+
15
+ describe windows_hotfix('name') do
16
+ it { should be_installed }
17
+ end
18
+
19
+ where
20
+
21
+ * `('name')` must specify the name of a hotfix, such as `'KB4012213'`
22
+ * `be_installed` is a valid matcher for this resource
23
+
24
+ <br>
25
+
26
+ ## Examples
27
+
28
+ The following examples show how to use this InSpec audit resource.
29
+
30
+ ### Test if KB4012213 is installed
31
+
32
+ describe windows_hotfix('KB4012213') do
33
+ it { should be_installed }
34
+ end
35
+
36
+ ### Test that a hotfix is not installed
37
+
38
+ describe windows_hotfix('KB9999999') do
39
+ it { should_not be_installed }
40
+ end
41
+
42
+ <br>
43
+
44
+ ## Matchers
45
+
46
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
47
+
48
+ ### be_installed
49
+
50
+ The `be_installed` matcher tests if the named hotfix is installed on the system:
51
+
52
+ it { should be_installed }
@@ -1,89 +1,89 @@
1
- ---
2
- title: About the windows_task Resource
3
- ---
4
-
5
- # windows_task
6
-
7
- Use the `windows_task` Inspec audit resource to test a scheduled tasks configuration on a Windows platform.
8
- Microsoft and application vendors use scheduled tasks to perform a variety of system maintaince tasks but system administrators can schedule their own.
9
-
10
- <br>
11
-
12
- ## Syntax
13
-
14
- A `windows_task` resource block declares the name of the task (as its full path) and tests its configuration:
15
-
16
- describe windows_task('task name uri') do
17
- its('parameter') { should eq 'value' }
18
- it { should be_enabled }
19
- end
20
-
21
- where
22
-
23
- * `'parameter'` must be a valid parameter defined within this resource ie `logon_mode`, `last_result`, `task_to_run`, `run_as_user`
24
- * `'value'` will be used to compare the value gather from your chosen parameter
25
- * `'be_enabled'` is an example of a valid matcher that checks the state of a task, other examples are `exist` or `be_disabled`
26
-
27
- <br>
28
-
29
- ## Examples
30
-
31
- The following examples show how to use this InSpec resource.
32
-
33
- ### Test's that a task is enabled
34
- ```
35
- describe windows_task('\Microsoft\Windows\Time Synchronization\SynchronizeTime') do
36
- it { should be_enabled }
37
- end
38
- ```
39
-
40
- ### Test's that a task is disabled
41
- ```
42
- describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
43
- it { should be_disabled }
44
- end
45
- ```
46
-
47
- ### Test's the configuration parameters of a task
48
- ```
49
- describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
50
- its('logon_mode') { should eq 'Interactive/Background' }
51
- its('last_result') { should eq '1' }
52
- its('task_to_run') { should cmp '%Windir%\system32\appidpolicyconverter.exe' }
53
- its('run_as_user') { should eq 'LOCAL SERVICE' }
54
- end
55
- ```
56
-
57
- ### Test's that a task is defined
58
- ```
59
- describe windows_task('\Microsoft\Windows\Defrag\ScheduledDefrag') do
60
- it { should exist }
61
- end
62
- ```
63
-
64
- ## Gathering Tasknames
65
- Rather then use the GUI you can use the `schtasks.exe` to output a full list of tasks available on the system
66
-
67
- `schtasks /query /FO list`
68
-
69
- rather than use the `list` output you can use `CSV` if it is easier.
70
-
71
- Please make sure you use the full TaskName (include the prefix `\`) within your control
72
-
73
- ```
74
- C:\>schtasks /query /FO list
75
- ...
76
- Folder: \Microsoft\Windows\Diagnosis
77
- HostName: XPS15
78
- TaskName: \Microsoft\Windows\Diagnosis\Scheduled
79
- Next Run Time: N/A
80
- Status: Ready
81
- Logon Mode: Interactive/Background
82
- ...
83
- ```
84
-
85
- <br>
86
-
87
- ## Matchers
88
-
89
- For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
1
+ ---
2
+ title: About the windows_task Resource
3
+ ---
4
+
5
+ # windows_task
6
+
7
+ Use the `windows_task` Inspec audit resource to test a scheduled tasks configuration on a Windows platform.
8
+ Microsoft and application vendors use scheduled tasks to perform a variety of system maintaince tasks but system administrators can schedule their own.
9
+
10
+ <br>
11
+
12
+ ## Syntax
13
+
14
+ A `windows_task` resource block declares the name of the task (as its full path) and tests its configuration:
15
+
16
+ describe windows_task('task name uri') do
17
+ its('parameter') { should eq 'value' }
18
+ it { should be_enabled }
19
+ end
20
+
21
+ where
22
+
23
+ * `'parameter'` must be a valid parameter defined within this resource ie `logon_mode`, `last_result`, `task_to_run`, `run_as_user`
24
+ * `'value'` will be used to compare the value gather from your chosen parameter
25
+ * `'be_enabled'` is an example of a valid matcher that checks the state of a task, other examples are `exist` or `be_disabled`
26
+
27
+ <br>
28
+
29
+ ## Examples
30
+
31
+ The following examples show how to use this InSpec resource.
32
+
33
+ ### Test's that a task is enabled
34
+ ```
35
+ describe windows_task('\Microsoft\Windows\Time Synchronization\SynchronizeTime') do
36
+ it { should be_enabled }
37
+ end
38
+ ```
39
+
40
+ ### Test's that a task is disabled
41
+ ```
42
+ describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
43
+ it { should be_disabled }
44
+ end
45
+ ```
46
+
47
+ ### Test's the configuration parameters of a task
48
+ ```
49
+ describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
50
+ its('logon_mode') { should eq 'Interactive/Background' }
51
+ its('last_result') { should eq '1' }
52
+ its('task_to_run') { should cmp '%Windir%\system32\appidpolicyconverter.exe' }
53
+ its('run_as_user') { should eq 'LOCAL SERVICE' }
54
+ end
55
+ ```
56
+
57
+ ### Test's that a task is defined
58
+ ```
59
+ describe windows_task('\Microsoft\Windows\Defrag\ScheduledDefrag') do
60
+ it { should exist }
61
+ end
62
+ ```
63
+
64
+ ## Gathering Tasknames
65
+ Rather then use the GUI you can use the `schtasks.exe` to output a full list of tasks available on the system
66
+
67
+ `schtasks /query /FO list`
68
+
69
+ rather than use the `list` output you can use `CSV` if it is easier.
70
+
71
+ Please make sure you use the full TaskName (include the prefix `\`) within your control
72
+
73
+ ```
74
+ C:\>schtasks /query /FO list
75
+ ...
76
+ Folder: \Microsoft\Windows\Diagnosis
77
+ HostName: XPS15
78
+ TaskName: \Microsoft\Windows\Diagnosis\Scheduled
79
+ Next Run Time: N/A
80
+ Status: Ready
81
+ Logon Mode: Interactive/Background
82
+ ...
83
+ ```
84
+
85
+ <br>
86
+
87
+ ## Matchers
88
+
89
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,80 +1,80 @@
1
- ---
2
- title: About the wmi Resource
3
- ---
4
-
5
- # wmi
6
-
7
- Use the `wmi` InSpec audit resource to test WMI settings on the Windows platform.
8
-
9
- <br>
10
-
11
- ## Syntax
12
-
13
- A `wmi` resource block tests WMI settings on the Windows platform:
14
-
15
- describe wmi({
16
- class: 'class_name'
17
- namespace: 'path\\to\\setting'
18
- filter: 'filter'
19
- query: 'query'
20
- }) do
21
- its('setting_name') { should eq '' }
22
- end
23
-
24
- where
25
-
26
- * `class`, `namespace`, `filter`, and `query` comprise a Ruby Hash of the WMI object
27
- * `('class')` is the WMI class to which the setting belongs, such as `win32_service`
28
- * `('namespace')` is path to that object, such as `root\\cimv2`
29
- * Use `('filter')` fine-tune the information defined by the WMI class, such as to find a specific service (`filter: "name like '%winrm%'")`, to find a specific setting (`filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'`), and so on
30
- * Use `('query')` to run a query that returns data to be tested, such as `"SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"`
31
- * `('setting_name')` is a setting in the WMI object to be tested, and then `should eq ''` is the expected value for that setting
32
-
33
- For example, both of the following tests will verify if WinRM is present on the target node. The first tests if WinRM belongs to the list of services running under the `win32_service` class:
34
-
35
- describe wmi({class: 'win32_service'}) do
36
- its('DisplayName') { should include 'Windows Remote Management (WS-Management)'}
37
- end
38
-
39
- and the second uses a filter in the Ruby Hash to first identify WinRM, and then perform additional tests:
40
-
41
- describe wmi({
42
- class: 'win32_service',
43
- filter: "name like '%winrm%'"
44
- }) do
45
- its('Status') { should cmp 'ok' }
46
- its('State') { should cmp 'Running' }
47
- its('ExitCode') { should cmp 0 }
48
- its('DisplayName') { should eq 'Windows Remote Management (WS-Management)'}
49
- end
50
-
51
- <br>
52
-
53
- ## Examples
54
-
55
- The following examples show how to use this InSpec audit resource.
56
-
57
- ### Test a password expiration policy
58
-
59
- describe wmi({
60
- class: 'RSOP_SecuritySettingNumeric',
61
- namespace: 'root\\rsop\\computer',
62
- filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
63
- }) do
64
- its('Setting') { should eq 1 }
65
- end
66
-
67
- ### Test if an anonymous user can query the Local Security Authority (LSA)
68
-
69
- describe wmi({
70
- namespace: 'root\rsop\computer',
71
- query: "SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"
72
- }) do
73
- its('Setting') { should eq false }
74
- end
75
-
76
- <br>
77
-
78
- ## Matchers
79
-
80
- For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
1
+ ---
2
+ title: About the wmi Resource
3
+ ---
4
+
5
+ # wmi
6
+
7
+ Use the `wmi` InSpec audit resource to test WMI settings on the Windows platform.
8
+
9
+ <br>
10
+
11
+ ## Syntax
12
+
13
+ A `wmi` resource block tests WMI settings on the Windows platform:
14
+
15
+ describe wmi({
16
+ class: 'class_name'
17
+ namespace: 'path\\to\\setting'
18
+ filter: 'filter'
19
+ query: 'query'
20
+ }) do
21
+ its('setting_name') { should eq '' }
22
+ end
23
+
24
+ where
25
+
26
+ * `class`, `namespace`, `filter`, and `query` comprise a Ruby Hash of the WMI object
27
+ * `('class')` is the WMI class to which the setting belongs, such as `win32_service`
28
+ * `('namespace')` is path to that object, such as `root\\cimv2`
29
+ * Use `('filter')` fine-tune the information defined by the WMI class, such as to find a specific service (`filter: "name like '%winrm%'")`, to find a specific setting (`filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'`), and so on
30
+ * Use `('query')` to run a query that returns data to be tested, such as `"SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"`
31
+ * `('setting_name')` is a setting in the WMI object to be tested, and then `should eq ''` is the expected value for that setting
32
+
33
+ For example, both of the following tests will verify if WinRM is present on the target node. The first tests if WinRM belongs to the list of services running under the `win32_service` class:
34
+
35
+ describe wmi({class: 'win32_service'}) do
36
+ its('DisplayName') { should include 'Windows Remote Management (WS-Management)'}
37
+ end
38
+
39
+ and the second uses a filter in the Ruby Hash to first identify WinRM, and then perform additional tests:
40
+
41
+ describe wmi({
42
+ class: 'win32_service',
43
+ filter: "name like '%winrm%'"
44
+ }) do
45
+ its('Status') { should cmp 'ok' }
46
+ its('State') { should cmp 'Running' }
47
+ its('ExitCode') { should cmp 0 }
48
+ its('DisplayName') { should eq 'Windows Remote Management (WS-Management)'}
49
+ end
50
+
51
+ <br>
52
+
53
+ ## Examples
54
+
55
+ The following examples show how to use this InSpec audit resource.
56
+
57
+ ### Test a password expiration policy
58
+
59
+ describe wmi({
60
+ class: 'RSOP_SecuritySettingNumeric',
61
+ namespace: 'root\\rsop\\computer',
62
+ filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
63
+ }) do
64
+ its('Setting') { should eq 1 }
65
+ end
66
+
67
+ ### Test if an anonymous user can query the Local Security Authority (LSA)
68
+
69
+ describe wmi({
70
+ namespace: 'root\rsop\computer',
71
+ query: "SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"
72
+ }) do
73
+ its('Setting') { should eq false }
74
+ end
75
+
76
+ <br>
77
+
78
+ ## Matchers
79
+
80
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).