inspec 1.51.6 → 1.51.15

data/docs/resources/audit_policy.md.erb

@@ -1,46 +1,46 @@
----
-title: About the audit_policy Resource
----
-
-# audit_policy
-
-Use the `audit_policy` Inspec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
-
-<br>
-
-## Syntax
-
-An `audit_policy` resource block declares a parameter that belongs to an audit policy category or subcategory:
-
-    describe audit_policy do
-      its('parameter') { should eq 'value' }
-    end
-
-where
-
-* `'parameter'` must specify a parameter
-* `'value'` must be one of `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test that a parameter is not set to "No Auditing"
-
-    describe audit_policy do
-      its('Other Account Logon Events') { should_not eq 'No Auditing' }
-    end
-
-### Test that a parameter is set to "Success"
-
-    describe audit_policy do
-      its('User Account Management') { should eq 'Success' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+---
+title: About the audit_policy Resource
+---
+
+# audit_policy
+
+Use the `audit_policy` Inspec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
+
+<br>
+
+## Syntax
+
+An `audit_policy` resource block declares a parameter that belongs to an audit policy category or subcategory:
+
+    describe audit_policy do
+      its('parameter') { should eq 'value' }
+    end
+
+where
+
+* `'parameter'` must specify a parameter
+* `'value'` must be one of `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that a parameter is not set to "No Auditing"
+
+    describe audit_policy do
+      its('Other Account Logon Events') { should_not eq 'No Auditing' }
+    end
+
+### Test that a parameter is set to "Success"
+
+    describe audit_policy do
+      its('User Account Management') { should eq 'Success' }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/auditd.md.erb

@@ -1,78 +1,78 @@
----
-title: About the auditd Resource
----
-
-# auditd
-
-Use the `auditd` InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command. This resource supports versions of `audit` >= 2.3.
-
-<br>
-
-## Syntax
-
-An `auditd` resource block declares one (or more) rules to be tested, and then what that rule should do:
-
-    describe auditd do
-      its('lines') { should include %r(-w /etc/ssh/sshd_config) }
-    end
-
-or test that multiple individual rules are defined:
-
-    describe auditd do
-      its('lines') { should include %r(-a always,exit -F arch=.* -S init_module,delete_module -F key=modules) }
-      its('lines') { should include %r(-a always,exit -F arch=.* -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=-1 -F key=.+) }
-    end
-
-where each test must declare one (or more) rules to be tested.
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test if a rule contains a matching element that is identified by a regular expression
-
-For `audit` >= 2.3:
-
-    describe auditd do
-      its('lines') { should include %r(-a always,exit -F arch=.* -S chown.* -F auid>=1000 -F auid!=-1 -F key=perm_mod) }
-    end
-
-### Query the audit daemon status
-
-    describe auditd.status('backlog') do
-      it { should cmp 0 }
-    end
-
-### Query properties of rules targeting specific syscalls or files - uniq is used to handle multiple rules for the same syscall with redundant field values
-
-    describe auditd.syscall('open') do
-      its('action.uniq') { should eq ['always'] }
-      its('list.uniq') { should eq ['exit'] }
-    end
-
-    describe auditd.file('/etc/sudoers') do
-      its('permissions') { should include ['x'] }
-    end
-
-The where accessor can be used to filter on fields. For example:
-
-    describe auditd.syscall('chown').where { arch == "b32" } do
-      its('action') { should eq ['always'] }
-      its('list') { should eq ['exit'] }
-      its('exit') { should include ['-EACCES'] }
-      its('exit') { should include ['-EPERM'] }
-    end
-
-The key filter may be useful in evaluating rules with particular key values:
-
-  describe auditd.where { key == "privileged" } do
-    its('permissions') { should include ['x'] }
-  end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+---
+title: About the auditd Resource
+---
+
+# auditd
+
+Use the `auditd` InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command. This resource supports versions of `audit` >= 2.3.
+
+<br>
+
+## Syntax
+
+An `auditd` resource block declares one (or more) rules to be tested, and then what that rule should do:
+
+    describe auditd do
+      its('lines') { should include %r(-w /etc/ssh/sshd_config) }
+    end
+
+or test that multiple individual rules are defined:
+
+    describe auditd do
+      its('lines') { should include %r(-a always,exit -F arch=.* -S init_module,delete_module -F key=modules) }
+      its('lines') { should include %r(-a always,exit -F arch=.* -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=-1 -F key=.+) }
+    end
+
+where each test must declare one (or more) rules to be tested.
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if a rule contains a matching element that is identified by a regular expression
+
+For `audit` >= 2.3:
+
+    describe auditd do
+      its('lines') { should include %r(-a always,exit -F arch=.* -S chown.* -F auid>=1000 -F auid!=-1 -F key=perm_mod) }
+    end
+
+### Query the audit daemon status
+
+    describe auditd.status('backlog') do
+      it { should cmp 0 }
+    end
+
+### Query properties of rules targeting specific syscalls or files - uniq is used to handle multiple rules for the same syscall with redundant field values
+
+    describe auditd.syscall('open') do
+      its('action.uniq') { should eq ['always'] }
+      its('list.uniq') { should eq ['exit'] }
+    end
+
+    describe auditd.file('/etc/sudoers') do
+      its('permissions') { should include ['x'] }
+    end
+
+The where accessor can be used to filter on fields. For example:
+
+    describe auditd.syscall('chown').where { arch == "b32" } do
+      its('action') { should eq ['always'] }
+      its('list') { should eq ['exit'] }
+      its('exit') { should include ['-EACCES'] }
+      its('exit') { should include ['-EPERM'] }
+    end
+
+The key filter may be useful in evaluating rules with particular key values:
+
+  describe auditd.where { key == "privileged" } do
+    its('permissions') { should include ['x'] }
+  end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/auditd_conf.md.erb

@@ -1,68 +1,68 @@
----
-title: About the auditd_conf Resource
----
-
-# auditd_conf
-
-Use the `auditd_conf` InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under `/etc/audit/auditd.conf'` on Unix and Linux platforms.
-
-<br>
-
-## Syntax
-
-A `auditd_conf` resource block declares configuration settings that should be tested:
-
-    describe auditd_conf('path') do
-      its('keyword') { should cmp 'value' }
-    end
-
-where
-
-* `'keyword'` is a configuration setting defined in the `auditd.conf` configuration file
-* `('path')` is the non-default path to the `auditd.conf` configuration file
-* `{ should cmp 'value' }` is the value that is expected
-
-<br>
-
-## Supported Properties
-
-This matcher will match any property listed in the `auditd.conf` configuration file. Property names and expected values are case-insensitive:
-
-* `admin_space_left`, `admin_space_left_action`, `action_mail_acct`, `disk_error_action`, `disk_full_action`, `flush`, `freq`, `log_file`, `log_format`, `max_log_file`, `max_log_file_action`, `num_logs`, `space_left`, `space_left_action`
-
-## Property Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test the auditd.conf file
-
-    describe auditd_conf do
-      its('log_file') { should cmp '/full/path/to/file' }
-      its('log_format') { should cmp 'raw' }
-      its('flush') { should cmp 'none' }
-      its('freq') { should cmp 1 }
-      its('num_logs') { should cmp 0 }
-      its('max_log_file') { should cmp 6 }
-      its('max_log_file_action') { should cmp 'email' }
-      its('space_left') { should cmp 2 }
-      its('action_mail_acct') { should cmp 'root' }
-      its('space_left_action') { should cmp 'email' }
-      its('admin_space_left') { should cmp 1 }
-      its('admin_space_left_action') { should cmp 'halt' }
-      its('disk_full_action') { should cmp 'halt' }
-      its('disk_error_action') { should cmp 'halt' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). 
-
-### `cmp`
-
-The `cmp` matcher compares values across types. 
-
-    its('freq') { should cmp 1 }
-
- For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+---
+title: About the auditd_conf Resource
+---
+
+# auditd_conf
+
+Use the `auditd_conf` InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under `/etc/audit/auditd.conf'` on Unix and Linux platforms.
+
+<br>
+
+## Syntax
+
+A `auditd_conf` resource block declares configuration settings that should be tested:
+
+    describe auditd_conf('path') do
+      its('keyword') { should cmp 'value' }
+    end
+
+where
+
+* `'keyword'` is a configuration setting defined in the `auditd.conf` configuration file
+* `('path')` is the non-default path to the `auditd.conf` configuration file
+* `{ should cmp 'value' }` is the value that is expected
+
+<br>
+
+## Supported Properties
+
+This matcher will match any property listed in the `auditd.conf` configuration file. Property names and expected values are case-insensitive:
+
+* `admin_space_left`, `admin_space_left_action`, `action_mail_acct`, `disk_error_action`, `disk_full_action`, `flush`, `freq`, `log_file`, `log_format`, `max_log_file`, `max_log_file_action`, `num_logs`, `space_left`, `space_left_action`
+
+## Property Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test the auditd.conf file
+
+    describe auditd_conf do
+      its('log_file') { should cmp '/full/path/to/file' }
+      its('log_format') { should cmp 'raw' }
+      its('flush') { should cmp 'none' }
+      its('freq') { should cmp 1 }
+      its('num_logs') { should cmp 0 }
+      its('max_log_file') { should cmp 6 }
+      its('max_log_file_action') { should cmp 'email' }
+      its('space_left') { should cmp 2 }
+      its('action_mail_acct') { should cmp 'root' }
+      its('space_left_action') { should cmp 'email' }
+      its('admin_space_left') { should cmp 1 }
+      its('admin_space_left_action') { should cmp 'halt' }
+      its('disk_full_action') { should cmp 'halt' }
+      its('disk_error_action') { should cmp 'halt' }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). 
+
+### `cmp`
+
+The `cmp` matcher compares values across types. 
+
+    its('freq') { should cmp 1 }
+
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/auditd_rules.md.erb

@@ -1,116 +1,116 @@
----
-title: About the auditd_rules Resource
----
-
-# auditd_rules
-
-Use the `auditd_rules` InSpec audit resource to test the rules for logging that exist on the system. The `audit.rules` file is typically located under `/etc/audit/` and contains the list of rules that define what is captured in log files. This resource uses `auditctl` to query the run-time `auditd` rules setup, which may be different from `audit.rules`.
-
-<br>
-
-## Syntax
-
-An `auditd_rules` resource block declares one (or more) rules to be tested, and then what that rule should do. The syntax depends on the version of `audit`:
-
-For `audit` >= 2.3:
-
-    describe auditd_rules do
-      its('lines') { should contain_match(rule) }
-    end
-
-For `audit` < 2.3:
-
-    describe audit_daemon_rules do
-      its("LIST_RULES") {
-        rule
-      }
-    end
-
-For example:
-
-    describe auditd_rules do
-      its('LIST_RULES') { should eq [
-        'exit,always syscall=rmdir,unlink',
-        'exit,always auid=1001 (0x3e9) syscall=open',
-        'exit,always watch=/etc/group perm=wa',
-        'exit,always watch=/etc/passwd perm=wa',
-        'exit,always watch=/etc/shadow perm=wa',
-        'exit,always watch=/etc/sudoers perm=wa',
-        'exit,always watch=/etc/secret_directory perm=r',
-      ] }
-    end
-
-or test that individual rules are defined:
-
-    describe auditd_rules do
-      its('LIST_RULES') {
-        should contain_match(/^exit,always watch=\/etc\/group perm=wa key=identity/)
-      }
-      its('LIST_RULES') {
-        should contain_match(/^exit,always watch=\/etc\/passwd perm=wa key=identity/)
-      }
-      its('LIST_RULES') {
-        should contain_match(/^exit,always watch=\/etc\/gshadow perm=wa key=identity/)
-      }
-      its('LIST_RULES') {
-        should contain_match(/^exit,always watch=\/etc\/shadow perm=wa key=identity/)
-      }
-      its('LIST_RULES') {
-        should contain_match(/^exit,always watch=\/etc\/security\/opasswd perm=wa key=identity/)
-      }
-    end
-
-where each test must declare one (or more) rules to be tested.
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test if a rule contains a matching element that is identified by a regular expression
-
-For `audit` >= 2.3:
-
-    describe auditd_rules do
-      its('lines') { should contain_match(%r{-w /etc/ssh/sshd_config/}) }
-    end
-
-For `audit` < 2.3:
-
-    describe audit_daemon_rules do
-      its("LIST_RULES") {
-        should contain_match(/^exit,always arch=.*\
-        key=time-change\
-        syscall=adjtimex,settimeofday/)
-      }
-    end
-
-
-### Query the audit daemon status
-
-    describe auditd_rules.status('backlog') do
-      it { should cmp 0 }
-    end
-
-### Query properties of rules targeting specific syscalls or files
-
-    describe auditd_rules.syscall('open').action do
-      it { should eq(['always']) }
-    end
-
-    describe auditd_rules.key('sshd_config') do
-      its('permissions') { should contain_match(/x/) }
-    end
-
-Filters may be chained. For example:
-
-    describe auditd_rules.syscall('open').action('always').list do
-      it { should eq(['exit']) }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+---
+title: About the auditd_rules Resource
+---
+
+# auditd_rules
+
+Use the `auditd_rules` InSpec audit resource to test the rules for logging that exist on the system. The `audit.rules` file is typically located under `/etc/audit/` and contains the list of rules that define what is captured in log files. This resource uses `auditctl` to query the run-time `auditd` rules setup, which may be different from `audit.rules`.
+
+<br>
+
+## Syntax
+
+An `auditd_rules` resource block declares one (or more) rules to be tested, and then what that rule should do. The syntax depends on the version of `audit`:
+
+For `audit` >= 2.3:
+
+    describe auditd_rules do
+      its('lines') { should contain_match(rule) }
+    end
+
+For `audit` < 2.3:
+
+    describe audit_daemon_rules do
+      its("LIST_RULES") {
+        rule
+      }
+    end
+
+For example:
+
+    describe auditd_rules do
+      its('LIST_RULES') { should eq [
+        'exit,always syscall=rmdir,unlink',
+        'exit,always auid=1001 (0x3e9) syscall=open',
+        'exit,always watch=/etc/group perm=wa',
+        'exit,always watch=/etc/passwd perm=wa',
+        'exit,always watch=/etc/shadow perm=wa',
+        'exit,always watch=/etc/sudoers perm=wa',
+        'exit,always watch=/etc/secret_directory perm=r',
+      ] }
+    end
+
+or test that individual rules are defined:
+
+    describe auditd_rules do
+      its('LIST_RULES') {
+        should contain_match(/^exit,always watch=\/etc\/group perm=wa key=identity/)
+      }
+      its('LIST_RULES') {
+        should contain_match(/^exit,always watch=\/etc\/passwd perm=wa key=identity/)
+      }
+      its('LIST_RULES') {
+        should contain_match(/^exit,always watch=\/etc\/gshadow perm=wa key=identity/)
+      }
+      its('LIST_RULES') {
+        should contain_match(/^exit,always watch=\/etc\/shadow perm=wa key=identity/)
+      }
+      its('LIST_RULES') {
+        should contain_match(/^exit,always watch=\/etc\/security\/opasswd perm=wa key=identity/)
+      }
+    end
+
+where each test must declare one (or more) rules to be tested.
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if a rule contains a matching element that is identified by a regular expression
+
+For `audit` >= 2.3:
+
+    describe auditd_rules do
+      its('lines') { should contain_match(%r{-w /etc/ssh/sshd_config/}) }
+    end
+
+For `audit` < 2.3:
+
+    describe audit_daemon_rules do
+      its("LIST_RULES") {
+        should contain_match(/^exit,always arch=.*\
+        key=time-change\
+        syscall=adjtimex,settimeofday/)
+      }
+    end
+
+
+### Query the audit daemon status
+
+    describe auditd_rules.status('backlog') do
+      it { should cmp 0 }
+    end
+
+### Query properties of rules targeting specific syscalls or files
+
+    describe auditd_rules.syscall('open').action do
+      it { should eq(['always']) }
+    end
+
+    describe auditd_rules.key('sshd_config') do
+      its('permissions') { should contain_match(/x/) }
+    end
+
+Filters may be chained. For example:
+
+    describe auditd_rules.syscall('open').action('always').list do
+      it { should eq(['exit']) }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).