RubyGems - inspec - Versions diffs - 1.51.6 → 1.51.15 - Mend

inspec 1.51.6 → 1.51.15

Files changed (404) hide show

checksums.yaml +4 -4
data/.rubocop.yml +101 -101
data/CHANGELOG.md +2915 -2902
data/Gemfile +53 -53
data/LICENSE +14 -14
data/MAINTAINERS.md +31 -31
data/MAINTAINERS.toml +47 -47
data/README.md +419 -419
data/Rakefile +167 -167
data/bin/inspec +12 -12
data/docs/.gitignore +2 -2
data/docs/README.md +40 -40
data/docs/dsl_inspec.md +258 -258
data/docs/dsl_resource.md +93 -93
data/docs/glossary.md +99 -99
data/docs/habitat.md +191 -191
data/docs/inspec_and_friends.md +107 -107
data/docs/matchers.md +165 -165
data/docs/migration.md +293 -293
data/docs/plugin_kitchen_inspec.md +49 -49
data/docs/profiles.md +370 -370
data/docs/resources/aide_conf.md.erb +78 -78
data/docs/resources/apache.md.erb +66 -66
data/docs/resources/apache_conf.md.erb +67 -67
data/docs/resources/apt.md.erb +70 -70
data/docs/resources/audit_policy.md.erb +46 -46
data/docs/resources/auditd.md.erb +78 -78
data/docs/resources/auditd_conf.md.erb +68 -68
data/docs/resources/auditd_rules.md.erb +116 -116
data/docs/resources/bash.md.erb +74 -74
data/docs/resources/bond.md.erb +89 -89
data/docs/resources/bridge.md.erb +54 -54
data/docs/resources/bsd_service.md.erb +65 -65
data/docs/resources/command.md.erb +137 -137
data/docs/resources/cpan.md.erb +77 -77
data/docs/resources/cran.md.erb +63 -63
data/docs/resources/crontab.md.erb +87 -87
data/docs/resources/csv.md.erb +53 -53
data/docs/resources/dh_params.md.erb +216 -216
data/docs/resources/directory.md.erb +28 -28
data/docs/resources/docker.md.erb +163 -163
data/docs/resources/docker_container.md.erb +99 -99
data/docs/resources/docker_image.md.erb +93 -93
data/docs/resources/docker_service.md.erb +113 -113
data/docs/resources/elasticsearch.md.erb +230 -230
data/docs/resources/etc_fstab.md.erb +124 -124
data/docs/resources/etc_group.md.erb +74 -74
data/docs/resources/etc_hosts.md.erb +75 -75
data/docs/resources/etc_hosts_allow.md.erb +73 -73
data/docs/resources/etc_hosts_deny.md.erb +73 -73
data/docs/resources/file.md.erb +512 -512
data/docs/resources/filesystem.md.erb +40 -40
data/docs/resources/firewalld.md.erb +105 -105
data/docs/resources/gem.md.erb +78 -78
data/docs/resources/group.md.erb +60 -60
data/docs/resources/grub_conf.md.erb +101 -100
data/docs/resources/host.md.erb +77 -77
data/docs/resources/http.md.erb +104 -98
data/docs/resources/iis_app.md.erb +120 -116
data/docs/resources/iis_site.md.erb +132 -128
data/docs/resources/inetd_conf.md.erb +95 -84
data/docs/resources/ini.md.erb +72 -69
data/docs/resources/interface.md.erb +55 -46
data/docs/resources/iptables.md.erb +63 -63
data/docs/resources/json.md.erb +61 -61
data/docs/resources/kernel_module.md.erb +106 -106
data/docs/resources/kernel_parameter.md.erb +58 -58
data/docs/resources/key_rsa.md.erb +73 -73
data/docs/resources/launchd_service.md.erb +56 -56
data/docs/resources/limits_conf.md.erb +66 -66
data/docs/resources/login_def.md.erb +62 -62
data/docs/resources/mount.md.erb +68 -68
data/docs/resources/mssql_session.md.erb +59 -59
data/docs/resources/mysql_conf.md.erb +98 -98
data/docs/resources/mysql_session.md.erb +73 -73
data/docs/resources/nginx.md.erb +78 -78
data/docs/resources/nginx_conf.md.erb +127 -127
data/docs/resources/npm.md.erb +59 -59
data/docs/resources/ntp_conf.md.erb +59 -59
data/docs/resources/oneget.md.erb +52 -52
data/docs/resources/oracledb_session.md.erb +51 -51
data/docs/resources/os.md.erb +140 -140
data/docs/resources/os_env.md.erb +77 -77
data/docs/resources/package.md.erb +119 -119
data/docs/resources/packages.md.erb +66 -66
data/docs/resources/parse_config.md.erb +102 -102
data/docs/resources/parse_config_file.md.erb +137 -137
data/docs/resources/passwd.md.erb +140 -140
data/docs/resources/pip.md.erb +66 -66
data/docs/resources/port.md.erb +136 -136
data/docs/resources/postgres_conf.md.erb +78 -78
data/docs/resources/postgres_hba_conf.md.erb +92 -92
data/docs/resources/postgres_ident_conf.md.erb +75 -75
data/docs/resources/postgres_session.md.erb +68 -68
data/docs/resources/powershell.md.erb +101 -101
data/docs/resources/processes.md.erb +107 -107
data/docs/resources/rabbitmq_config.md.erb +40 -40
data/docs/resources/registry_key.md.erb +157 -157
data/docs/resources/runit_service.md.erb +56 -56
data/docs/resources/security_policy.md.erb +46 -46
data/docs/resources/service.md.erb +120 -120
data/docs/resources/shadow.md.erb +143 -143
data/docs/resources/ssh_config.md.erb +79 -79
data/docs/resources/sshd_config.md.erb +82 -82
data/docs/resources/ssl.md.erb +118 -118
data/docs/resources/sys_info.md.erb +41 -41
data/docs/resources/systemd_service.md.erb +56 -56
data/docs/resources/sysv_service.md.erb +56 -56
data/docs/resources/upstart_service.md.erb +56 -56
data/docs/resources/user.md.erb +139 -139
data/docs/resources/users.md.erb +126 -126
data/docs/resources/vbscript.md.erb +54 -54
data/docs/resources/virtualization.md.erb +56 -56
data/docs/resources/windows_feature.md.erb +46 -46
data/docs/resources/windows_hotfix.md.erb +52 -52
data/docs/resources/windows_task.md.erb +89 -89
data/docs/resources/wmi.md.erb +80 -80
data/docs/resources/x509_certificate.md.erb +150 -150
data/docs/resources/xinetd_conf.md.erb +155 -155
data/docs/resources/xml.md.erb +84 -84
data/docs/resources/yaml.md.erb +68 -68
data/docs/resources/yum.md.erb +97 -97
data/docs/resources/zfs_dataset.md.erb +52 -52
data/docs/resources/zfs_pool.md.erb +46 -46
data/docs/ruby_usage.md +203 -203
data/docs/shared/matcher_be.md.erb +1 -1
data/docs/shared/matcher_cmp.md.erb +43 -43
data/docs/shared/matcher_eq.md.erb +3 -3
data/docs/shared/matcher_include.md.erb +1 -1
data/docs/shared/matcher_match.md.erb +1 -1
data/docs/shell.md +172 -172
data/examples/README.md +8 -8
data/examples/inheritance/README.md +65 -65
data/examples/inheritance/controls/example.rb +14 -14
data/examples/inheritance/inspec.yml +15 -15
data/examples/kitchen-ansible/.kitchen.yml +25 -25
data/examples/kitchen-ansible/Gemfile +19 -19
data/examples/kitchen-ansible/README.md +53 -53
data/examples/kitchen-ansible/files/nginx.repo +6 -6
data/examples/kitchen-ansible/tasks/main.yml +16 -16
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
data/examples/kitchen-chef/.kitchen.yml +20 -20
data/examples/kitchen-chef/Berksfile +3 -3
data/examples/kitchen-chef/Gemfile +19 -19
data/examples/kitchen-chef/README.md +27 -27
data/examples/kitchen-chef/metadata.rb +7 -7
data/examples/kitchen-chef/recipes/default.rb +6 -6
data/examples/kitchen-chef/recipes/nginx.rb +30 -30
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
data/examples/kitchen-puppet/.kitchen.yml +22 -22
data/examples/kitchen-puppet/Gemfile +20 -20
data/examples/kitchen-puppet/Puppetfile +25 -25
data/examples/kitchen-puppet/README.md +53 -53
data/examples/kitchen-puppet/manifests/site.pp +33 -33
data/examples/kitchen-puppet/metadata.json +11 -11
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
data/examples/meta-profile/README.md +37 -37
data/examples/meta-profile/controls/example.rb +13 -13
data/examples/meta-profile/inspec.yml +13 -13
data/examples/profile-attribute.yml +2 -2
data/examples/profile-attribute/README.md +14 -14
data/examples/profile-attribute/controls/example.rb +11 -11
data/examples/profile-attribute/inspec.yml +8 -8
data/examples/profile-sensitive/README.md +29 -29
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
data/examples/profile-sensitive/controls/sensitive.rb +9 -9
data/examples/profile-sensitive/inspec.yml +8 -8
data/examples/profile/README.md +48 -48
data/examples/profile/controls/example.rb +23 -23
data/examples/profile/controls/gordon.rb +36 -36
data/examples/profile/controls/meta.rb +34 -34
data/examples/profile/inspec.yml +10 -10
data/examples/profile/libraries/gordon_config.rb +53 -53
data/inspec.gemspec +47 -47
data/lib/bundles/README.md +3 -3
data/lib/bundles/inspec-artifact.rb +7 -7
data/lib/bundles/inspec-artifact/README.md +1 -1
data/lib/bundles/inspec-artifact/cli.rb +277 -277
data/lib/bundles/inspec-compliance.rb +16 -16
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
data/lib/bundles/inspec-compliance/README.md +185 -185
data/lib/bundles/inspec-compliance/api.rb +316 -316
data/lib/bundles/inspec-compliance/api/login.rb +152 -152
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
data/lib/bundles/inspec-compliance/cli.rb +277 -277
data/lib/bundles/inspec-compliance/configuration.rb +103 -103
data/lib/bundles/inspec-compliance/http.rb +86 -86
data/lib/bundles/inspec-compliance/support.rb +36 -36
data/lib/bundles/inspec-compliance/target.rb +98 -98
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
data/lib/bundles/inspec-habitat.rb +12 -12
data/lib/bundles/inspec-habitat/cli.rb +36 -36
data/lib/bundles/inspec-habitat/log.rb +10 -10
data/lib/bundles/inspec-habitat/profile.rb +390 -390
data/lib/bundles/inspec-init.rb +8 -8
data/lib/bundles/inspec-init/README.md +31 -31
data/lib/bundles/inspec-init/cli.rb +97 -97
data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
data/lib/bundles/inspec-supermarket.rb +13 -13
data/lib/bundles/inspec-supermarket/README.md +45 -45
data/lib/bundles/inspec-supermarket/api.rb +84 -84
data/lib/bundles/inspec-supermarket/cli.rb +65 -65
data/lib/bundles/inspec-supermarket/target.rb +34 -34
data/lib/fetchers/git.rb +163 -163
data/lib/fetchers/local.rb +74 -74
data/lib/fetchers/mock.rb +35 -35
data/lib/fetchers/url.rb +204 -204
data/lib/inspec.rb +24 -24
data/lib/inspec/archive/tar.rb +29 -29
data/lib/inspec/archive/zip.rb +19 -19
data/lib/inspec/backend.rb +92 -92
data/lib/inspec/base_cli.rb +324 -322
data/lib/inspec/cached_fetcher.rb +66 -66
data/lib/inspec/cli.rb +298 -298
data/lib/inspec/completions/bash.sh.erb +45 -45
data/lib/inspec/completions/fish.sh.erb +34 -34
data/lib/inspec/completions/zsh.sh.erb +61 -61
data/lib/inspec/control_eval_context.rb +179 -179
data/lib/inspec/dependencies/cache.rb +72 -72
data/lib/inspec/dependencies/dependency_set.rb +92 -92
data/lib/inspec/dependencies/lockfile.rb +115 -115
data/lib/inspec/dependencies/requirement.rb +123 -123
data/lib/inspec/dependencies/resolver.rb +86 -86
data/lib/inspec/describe.rb +27 -27
data/lib/inspec/dsl.rb +66 -66
data/lib/inspec/dsl_shared.rb +33 -33
data/lib/inspec/env_printer.rb +157 -157
data/lib/inspec/errors.rb +13 -13
data/lib/inspec/exceptions.rb +12 -12
data/lib/inspec/expect.rb +45 -45
data/lib/inspec/fetcher.rb +45 -45
data/lib/inspec/file_provider.rb +275 -275
data/lib/inspec/formatters.rb +3 -3
data/lib/inspec/formatters/base.rb +208 -208
data/lib/inspec/formatters/json_rspec.rb +20 -20
data/lib/inspec/formatters/show_progress.rb +12 -12
data/lib/inspec/library_eval_context.rb +58 -58
data/lib/inspec/log.rb +11 -11
data/lib/inspec/metadata.rb +253 -253
data/lib/inspec/method_source.rb +24 -24
data/lib/inspec/objects.rb +14 -14
data/lib/inspec/objects/attribute.rb +65 -65
data/lib/inspec/objects/control.rb +61 -61
data/lib/inspec/objects/describe.rb +92 -92
data/lib/inspec/objects/each_loop.rb +36 -36
data/lib/inspec/objects/list.rb +15 -15
data/lib/inspec/objects/or_test.rb +40 -40
data/lib/inspec/objects/ruby_helper.rb +15 -15
data/lib/inspec/objects/tag.rb +27 -27
data/lib/inspec/objects/test.rb +87 -87
data/lib/inspec/objects/value.rb +27 -27
data/lib/inspec/plugins.rb +60 -60
data/lib/inspec/plugins/cli.rb +24 -24
data/lib/inspec/plugins/fetcher.rb +86 -86
data/lib/inspec/plugins/resource.rb +132 -132
data/lib/inspec/plugins/secret.rb +15 -15
data/lib/inspec/plugins/source_reader.rb +40 -40
data/lib/inspec/polyfill.rb +12 -12
data/lib/inspec/profile.rb +510 -510
data/lib/inspec/profile_context.rb +207 -207
data/lib/inspec/profile_vendor.rb +66 -66
data/lib/inspec/reporters.rb +50 -33
data/lib/inspec/reporters/base.rb +24 -23
data/lib/inspec/reporters/cli.rb +395 -395
data/lib/inspec/reporters/json.rb +134 -132
data/lib/inspec/reporters/json_min.rb +48 -44
data/lib/inspec/reporters/junit.rb +77 -77
data/lib/inspec/require_loader.rb +33 -33
data/lib/inspec/resource.rb +176 -176
data/lib/inspec/rule.rb +266 -266
data/lib/inspec/runner.rb +340 -337
data/lib/inspec/runner_mock.rb +41 -41
data/lib/inspec/runner_rspec.rb +163 -185
data/lib/inspec/runtime_profile.rb +26 -26
data/lib/inspec/schema.rb +186 -186
data/lib/inspec/secrets.rb +19 -19
data/lib/inspec/secrets/yaml.rb +30 -30
data/lib/inspec/shell.rb +223 -223
data/lib/inspec/shell_detector.rb +90 -90
data/lib/inspec/source_reader.rb +29 -29
data/lib/inspec/version.rb +8 -8
data/lib/matchers/matchers.rb +397 -397
data/lib/resources/aide_conf.rb +160 -160
data/lib/resources/apache.rb +49 -49
data/lib/resources/apache_conf.rb +158 -158
data/lib/resources/apt.rb +150 -150
data/lib/resources/audit_policy.rb +64 -64
data/lib/resources/auditd.rb +233 -233
data/lib/resources/auditd_conf.rb +56 -56
data/lib/resources/auditd_rules.rb +205 -205
data/lib/resources/bash.rb +36 -36
data/lib/resources/bond.rb +69 -69
data/lib/resources/bridge.rb +123 -123
data/lib/resources/command.rb +69 -69
data/lib/resources/cpan.rb +60 -60
data/lib/resources/cran.rb +66 -66
data/lib/resources/crontab.rb +169 -169
data/lib/resources/csv.rb +58 -58
data/lib/resources/dh_params.rb +83 -83
data/lib/resources/directory.rb +25 -25
data/lib/resources/docker.rb +239 -239
data/lib/resources/docker_container.rb +92 -92
data/lib/resources/docker_image.rb +86 -86
data/lib/resources/docker_object.rb +57 -57
data/lib/resources/docker_service.rb +94 -94
data/lib/resources/elasticsearch.rb +168 -168
data/lib/resources/etc_fstab.rb +102 -102
data/lib/resources/etc_group.rb +157 -157
data/lib/resources/etc_hosts.rb +81 -81
data/lib/resources/etc_hosts_allow_deny.rb +122 -122
data/lib/resources/file.rb +298 -298
data/lib/resources/filesystem.rb +31 -31
data/lib/resources/firewalld.rb +144 -144
data/lib/resources/gem.rb +71 -71
data/lib/resources/groups.rb +213 -213
data/lib/resources/grub_conf.rb +237 -237
data/lib/resources/host.rb +300 -300
data/lib/resources/http.rb +252 -252
data/lib/resources/iis_app.rb +103 -103
data/lib/resources/iis_site.rb +147 -147
data/lib/resources/inetd_conf.rb +63 -63
data/lib/resources/ini.rb +29 -29
data/lib/resources/interface.rb +130 -130
data/lib/resources/iptables.rb +70 -70
data/lib/resources/json.rb +115 -115
data/lib/resources/kernel_module.rb +110 -110
data/lib/resources/kernel_parameter.rb +58 -58
data/lib/resources/key_rsa.rb +67 -67
data/lib/resources/limits_conf.rb +56 -56
data/lib/resources/login_def.rb +67 -67
data/lib/resources/mount.rb +90 -90
data/lib/resources/mssql_session.rb +103 -103
data/lib/resources/mysql.rb +82 -82
data/lib/resources/mysql_conf.rb +133 -133
data/lib/resources/mysql_session.rb +72 -72
data/lib/resources/nginx.rb +97 -97
data/lib/resources/nginx_conf.rb +228 -228
data/lib/resources/npm.rb +48 -48
data/lib/resources/ntp_conf.rb +59 -59
data/lib/resources/oneget.rb +72 -72
data/lib/resources/oracledb_session.rb +140 -140
data/lib/resources/os.rb +46 -46
data/lib/resources/os_env.rb +76 -76
data/lib/resources/package.rb +357 -357
data/lib/resources/packages.rb +112 -112
data/lib/resources/parse_config.rb +116 -116
data/lib/resources/passwd.rb +96 -96
data/lib/resources/pip.rb +89 -89
data/lib/resources/platform.rb +112 -112
data/lib/resources/port.rb +771 -771
data/lib/resources/postgres.rb +132 -132
data/lib/resources/postgres_conf.rb +122 -122
data/lib/resources/postgres_hba_conf.rb +101 -101
data/lib/resources/postgres_ident_conf.rb +79 -79
data/lib/resources/postgres_session.rb +72 -72
data/lib/resources/powershell.rb +58 -58
data/lib/resources/processes.rb +204 -204
data/lib/resources/rabbitmq_conf.rb +53 -53
data/lib/resources/registry_key.rb +296 -296
data/lib/resources/security_policy.rb +181 -181
data/lib/resources/service.rb +784 -784
data/lib/resources/shadow.rb +141 -141
data/lib/resources/ssh_conf.rb +102 -102
data/lib/resources/ssl.rb +99 -99
data/lib/resources/sys_info.rb +26 -26
data/lib/resources/toml.rb +32 -32
data/lib/resources/users.rb +652 -652
data/lib/resources/vbscript.rb +70 -70
data/lib/resources/virtualization.rb +251 -251
data/lib/resources/windows_feature.rb +85 -85
data/lib/resources/windows_hotfix.rb +35 -35
data/lib/resources/windows_task.rb +106 -106
data/lib/resources/wmi.rb +114 -114
data/lib/resources/x509_certificate.rb +143 -143
data/lib/resources/xinetd.rb +112 -112
data/lib/resources/xml.rb +45 -45
data/lib/resources/yaml.rb +45 -45
data/lib/resources/yum.rb +181 -181
data/lib/resources/zfs_dataset.rb +60 -60
data/lib/resources/zfs_pool.rb +49 -49
data/lib/source_readers/flat.rb +39 -39
data/lib/source_readers/inspec.rb +75 -75
data/lib/utils/command_wrapper.rb +27 -27
data/lib/utils/convert.rb +12 -12
data/lib/utils/database_helpers.rb +77 -77
data/lib/utils/erlang_parser.rb +192 -192
data/lib/utils/filter.rb +272 -272
data/lib/utils/filter_array.rb +27 -27
data/lib/utils/find_files.rb +44 -44
data/lib/utils/hash.rb +41 -41
data/lib/utils/json_log.rb +18 -18
data/lib/utils/latest_version.rb +22 -22
data/lib/utils/modulator.rb +12 -12
data/lib/utils/nginx_parser.rb +85 -85
data/lib/utils/object_traversal.rb +49 -49
data/lib/utils/parser.rb +274 -274
data/lib/utils/plugin_registry.rb +93 -93
data/lib/utils/simpleconfig.rb +132 -132
data/lib/utils/spdx.rb +13 -13
data/lib/utils/spdx.txt +343 -343
metadata +2 -2

data/lib/resources/inetd_conf.rb CHANGED

@@ -1,63 +1,63 @@
-# encoding: utf-8
-# copyright: 2015, Vulcano Security GmbH
-# author: Christoph Hartmann
-# author: Dominik Richter
-require 'utils/simpleconfig'
-module Inspec::Resources
-  class InetdConf < Inspec.resource(1)
-    name 'inetd_conf'
-    desc 'Use the inetd_conf InSpec audit resource to test if a service is enabled in the inetd.conf file on Linux and UNIX platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The inetd.conf file is typically located at /etc/inetd.conf and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.'
-    example "
-      describe inetd_conf do
-        its('shell') { should eq nil }
-        its('login') { should eq nil }
-        its('exec') { should eq nil }
-      end
-    "
-    def initialize(path = nil)
-      @conf_path = path || '/etc/inetd.conf'
-    end
-    # overwrite exec to ensure it works with its
-    # TODO: this needs to be fixed in RSpec
-    def exec
-      read_params['exec']
-    end
-    def method_missing(name)
-      read_params[name.to_s]
-    end
-    def read_params
-      return @params if defined?(@params)
-      # read the file
-      file = inspec.file(@conf_path)
-      if !file.file?
-        skip_resource "Can't find file \"#{@conf_path}\""
-        return @params = {}
-      end
-      content = file.content
-      if content.empty? && !file.empty?
-        skip_resource "Can't read file \"#{@conf_path}\""
-        return @params = {}
-      end
-      # parse the file
-      conf = SimpleConfig.new(
-        content,
-        assignment_regex: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
-        key_values: 6,
-        multiple_values: false,
-      )
-      @params = conf.params
-    end
-    def to_s
-      'inetd.conf'
-    end
-  end
-end
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+require 'utils/simpleconfig'
+module Inspec::Resources
+  class InetdConf < Inspec.resource(1)
+    name 'inetd_conf'
+    desc 'Use the inetd_conf InSpec audit resource to test if a service is enabled in the inetd.conf file on Linux and UNIX platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The inetd.conf file is typically located at /etc/inetd.conf and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.'
+    example "
+      describe inetd_conf do
+        its('shell') { should eq nil }
+        its('login') { should eq nil }
+        its('exec') { should eq nil }
+      end
+    "
+    def initialize(path = nil)
+      @conf_path = path || '/etc/inetd.conf'
+    end
+    # overwrite exec to ensure it works with its
+    # TODO: this needs to be fixed in RSpec
+    def exec
+      read_params['exec']
+    end
+    def method_missing(name)
+      read_params[name.to_s]
+    end
+    def read_params
+      return @params if defined?(@params)
+      # read the file
+      file = inspec.file(@conf_path)
+      if !file.file?
+        skip_resource "Can't find file \"#{@conf_path}\""
+        return @params = {}
+      end
+      content = file.content
+      if content.empty? && !file.empty?
+        skip_resource "Can't read file \"#{@conf_path}\""
+        return @params = {}
+      end
+      # parse the file
+      conf = SimpleConfig.new(
+        content,
+        assignment_regex: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
+        key_values: 6,
+        multiple_values: false,
+      )
+      @params = conf.params
+    end
+    def to_s
+      'inetd.conf'
+    end
+  end
+end

data/lib/resources/ini.rb CHANGED

@@ -1,29 +1,29 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-require 'utils/simpleconfig'
-module Inspec::Resources
-  class IniConfig < JsonConfig
-    name 'ini'
-    desc 'Use the ini InSpec audit resource to test data in a INI file.'
-    example "
-      descibe ini do
-        its('auth_protocol') { should eq 'https' }
-      end
-    "
-    # override file load and parse hash with simple config
-    def parse(content)
-      SimpleConfig.new(content).params
-    end
-    private
-    # used by JsonConfig to build up a full to_s method
-    # based on whether a file path, content, or command was supplied.
-    def resource_base_name
-      'INI'
-    end
-  end
-end
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+require 'utils/simpleconfig'
+module Inspec::Resources
+  class IniConfig < JsonConfig
+    name 'ini'
+    desc 'Use the ini InSpec audit resource to test data in a INI file.'
+    example "
+      descibe ini do
+        its('auth_protocol') { should eq 'https' }
+      end
+    "
+    # override file load and parse hash with simple config
+    def parse(content)
+      SimpleConfig.new(content).params
+    end
+    private
+    # used by JsonConfig to build up a full to_s method
+    # based on whether a file path, content, or command was supplied.
+    def resource_base_name
+      'INI'
+    end
+  end
+end

data/lib/resources/interface.rb CHANGED

@@ -1,130 +1,130 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-# author: Aaron Lippold
-require 'utils/convert'
-module Inspec::Resources
-  class NetworkInterface < Inspec.resource(1)
-    name 'interface'
-    desc 'Use the interface InSpec audit resource to test basic network adapter properties, such as name, status, and link speed (in MB/sec).'
-    example "
-      describe interface('eth0') do
-        it { should exist }
-        it { should be_up }
-        its('speed') { should eq 1000 }
-      end
-    "
-    def initialize(iface)
-      @iface = iface
-      @interface_provider = nil
-      if inspec.os.linux?
-        @interface_provider = LinuxInterface.new(inspec)
-      elsif inspec.os.windows?
-        @interface_provider = WindowsInterface.new(inspec)
-      else
-        return skip_resource 'The `interface` resource is not supported on your OS yet.'
-      end
-    end
-    def exists?
-      !interface_info.nil? && !interface_info[:name].nil?
-    end
-    def up?
-      interface_info.nil? ? false : interface_info[:up]
-    end
-    # returns link speed in Mbits/sec
-    def speed
-      interface_info.nil? ? nil : interface_info[:speed]
-    end
-    def to_s
-      "Interface #{@iface}"
-    end
-    private
-    def interface_info
-      return @cache if defined?(@cache)
-      @cache = @interface_provider.interface_info(@iface) if !@interface_provider.nil?
-    end
-  end
-  class InterfaceInfo
-    include Converter
-    attr_reader :inspec
-    def initialize(inspec)
-      @inspec = inspec
-    end
-  end
-  class LinuxInterface < InterfaceInfo
-    def interface_info(iface)
-      # will return "[mtu]\n1500\n[type]\n1"
-      cmd = inspec.command("find /sys/class/net/#{iface}/ -maxdepth 1 -type f -exec sh -c 'echo \"[$(basename {})]\"; cat {} || echo -n' \\;")
-      return nil if cmd.exit_status.to_i != 0
-      # parse values, we only recieve values, therefore we threat them as keys
-      params = SimpleConfig.new(cmd.stdout.chomp).params
-      # abort if we got an empty result-set
-      return nil if params.empty?
-      # parse state
-      state = false
-      if params.key?('operstate')
-        operstate, _value = params['operstate'].first
-        state = operstate == 'up'
-      end
-      # parse speed
-      speed = nil
-      if params.key?('speed')
-        speed, _value = params['speed'].first
-        speed = convert_to_i(speed)
-      end
-      {
-        name: iface,
-        up: state,
-        speed: speed,
-      }
-    end
-  end
-  class WindowsInterface < InterfaceInfo
-    def interface_info(iface)
-      # gather all network interfaces
-      cmd = inspec.command('Get-NetAdapter | Select-Object -Property Name, InterfaceDescription, Status, State, MacAddress, LinkSpeed, ReceiveLinkSpeed, TransmitLinkSpeed, Virtual | ConvertTo-Json')
-      # filter network interface
-      begin
-        net_adapter = JSON.parse(cmd.stdout)
-      rescue JSON::ParserError => _e
-        return nil
-      end
-      # ensure we have an array of groups
-      net_adapter = [net_adapter] if !net_adapter.is_a?(Array)
-      # select the requested interface
-      adapters = net_adapter.each_with_object([]) do |adapter, adapter_collection|
-        # map object
-        info = {
-          name: adapter['Name'],
-          up: adapter['State'] == 2,
-          speed: adapter['ReceiveLinkSpeed'] / 1000,
-        }
-        adapter_collection.push(info) if info[:name].casecmp(iface) == 0
-      end
-      return nil if adapters.empty?
-      warn "[Possible Error] detected multiple network interfaces with the name #{iface}" if adapters.size > 1
-      adapters[0]
-    end
-  end
-end
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# author: Aaron Lippold
+require 'utils/convert'
+module Inspec::Resources
+  class NetworkInterface < Inspec.resource(1)
+    name 'interface'
+    desc 'Use the interface InSpec audit resource to test basic network adapter properties, such as name, status, and link speed (in MB/sec).'
+    example "
+      describe interface('eth0') do
+        it { should exist }
+        it { should be_up }
+        its('speed') { should eq 1000 }
+      end
+    "
+    def initialize(iface)
+      @iface = iface
+      @interface_provider = nil
+      if inspec.os.linux?
+        @interface_provider = LinuxInterface.new(inspec)
+      elsif inspec.os.windows?
+        @interface_provider = WindowsInterface.new(inspec)
+      else
+        return skip_resource 'The `interface` resource is not supported on your OS yet.'
+      end
+    end
+    def exists?
+      !interface_info.nil? && !interface_info[:name].nil?
+    end
+    def up?
+      interface_info.nil? ? false : interface_info[:up]
+    end
+    # returns link speed in Mbits/sec
+    def speed
+      interface_info.nil? ? nil : interface_info[:speed]
+    end
+    def to_s
+      "Interface #{@iface}"
+    end
+    private
+    def interface_info
+      return @cache if defined?(@cache)
+      @cache = @interface_provider.interface_info(@iface) if !@interface_provider.nil?
+    end
+  end
+  class InterfaceInfo
+    include Converter
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
+  end
+  class LinuxInterface < InterfaceInfo
+    def interface_info(iface)
+      # will return "[mtu]\n1500\n[type]\n1"
+      cmd = inspec.command("find /sys/class/net/#{iface}/ -maxdepth 1 -type f -exec sh -c 'echo \"[$(basename {})]\"; cat {} || echo -n' \\;")
+      return nil if cmd.exit_status.to_i != 0
+      # parse values, we only recieve values, therefore we threat them as keys
+      params = SimpleConfig.new(cmd.stdout.chomp).params
+      # abort if we got an empty result-set
+      return nil if params.empty?
+      # parse state
+      state = false
+      if params.key?('operstate')
+        operstate, _value = params['operstate'].first
+        state = operstate == 'up'
+      end
+      # parse speed
+      speed = nil
+      if params.key?('speed')
+        speed, _value = params['speed'].first
+        speed = convert_to_i(speed)
+      end
+      {
+        name: iface,
+        up: state,
+        speed: speed,
+      }
+    end
+  end
+  class WindowsInterface < InterfaceInfo
+    def interface_info(iface)
+      # gather all network interfaces
+      cmd = inspec.command('Get-NetAdapter | Select-Object -Property Name, InterfaceDescription, Status, State, MacAddress, LinkSpeed, ReceiveLinkSpeed, TransmitLinkSpeed, Virtual | ConvertTo-Json')
+      # filter network interface
+      begin
+        net_adapter = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => _e
+        return nil
+      end
+      # ensure we have an array of groups
+      net_adapter = [net_adapter] if !net_adapter.is_a?(Array)
+      # select the requested interface
+      adapters = net_adapter.each_with_object([]) do |adapter, adapter_collection|
+        # map object
+        info = {
+          name: adapter['Name'],
+          up: adapter['State'] == 2,
+          speed: adapter['ReceiveLinkSpeed'] / 1000,
+        }
+        adapter_collection.push(info) if info[:name].casecmp(iface) == 0
+      end
+      return nil if adapters.empty?
+      warn "[Possible Error] detected multiple network interfaces with the name #{iface}" if adapters.size > 1
+      adapters[0]
+    end
+  end
+end

data/lib/resources/iptables.rb CHANGED

@@ -1,70 +1,70 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-# Usage:
-# describe iptables do
-#   it { should have_rule('-P INPUT ACCEPT') }
-# end
-#
-# The following serverspec sytax is not implemented:
-# describe iptables do
-#   it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') }
-# end
-# Please use the new sytax:
-# describe iptables(table:'mangle', chain: 'input') do
-#   it { should have_rule('-P INPUT ACCEPT') }
-# end
-#
-# Note: Docker containers normally do not have iptables installed
-#
-# @see http://ipset.netfilter.org/iptables.man.html
-# @see http://ipset.netfilter.org/iptables.man.html
-# @see https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
-module Inspec::Resources
-  class IpTables < Inspec.resource(1)
-    name 'iptables'
-    desc 'Use the iptables InSpec audit resource to test rules that are defined in iptables, which maintains tables of IP packet filtering rules. There may be more than one table. Each table contains one (or more) chains (both built-in and custom). A chain is a list of rules that match packets. When the rule matches, the rule defines what target to assign to the packet.'
-    example "
-      describe iptables do
-        it { should have_rule('-P INPUT ACCEPT') }
-      end
-    "
-    def initialize(params = {})
-      @table = params[:table]
-      @chain = params[:chain]
-      # we're done if we are on linux
-      return if inspec.os.linux?
-      # ensures, all calls are aborted for non-supported os
-      @iptables_cache = []
-      skip_resource 'The `iptables` resource is not supported on your OS yet.'
-    end
-    def has_rule?(rule = nil, _table = nil, _chain = nil)
-      # checks if the rule is part of the ruleset
-      # for now, we expect an exact match
-      retrieve_rules.any? { |line| line.casecmp(rule) == 0 }
-    end
-    def retrieve_rules
-      return @iptables_cache if defined?(@iptables_cache)
-      # construct iptables command to read all rules
-      table_cmd = "-t #{@table}" if @table
-      iptables_cmd = format('iptables %s -S %s', table_cmd, @chain).strip
-      cmd = inspec.command(iptables_cmd)
-      return [] if cmd.exit_status.to_i != 0
-      # split rules, returns array or rules
-      @iptables_cache = cmd.stdout.split("\n").map(&:strip)
-    end
-    def to_s
-      format('Iptables %s %s', @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
-    end
-  end
-end
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Usage:
+# describe iptables do
+#   it { should have_rule('-P INPUT ACCEPT') }
+# end
+#
+# The following serverspec sytax is not implemented:
+# describe iptables do
+#   it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') }
+# end
+# Please use the new sytax:
+# describe iptables(table:'mangle', chain: 'input') do
+#   it { should have_rule('-P INPUT ACCEPT') }
+# end
+#
+# Note: Docker containers normally do not have iptables installed
+#
+# @see http://ipset.netfilter.org/iptables.man.html
+# @see http://ipset.netfilter.org/iptables.man.html
+# @see https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
+module Inspec::Resources
+  class IpTables < Inspec.resource(1)
+    name 'iptables'
+    desc 'Use the iptables InSpec audit resource to test rules that are defined in iptables, which maintains tables of IP packet filtering rules. There may be more than one table. Each table contains one (or more) chains (both built-in and custom). A chain is a list of rules that match packets. When the rule matches, the rule defines what target to assign to the packet.'
+    example "
+      describe iptables do
+        it { should have_rule('-P INPUT ACCEPT') }
+      end
+    "
+    def initialize(params = {})
+      @table = params[:table]
+      @chain = params[:chain]
+      # we're done if we are on linux
+      return if inspec.os.linux?
+      # ensures, all calls are aborted for non-supported os
+      @iptables_cache = []
+      skip_resource 'The `iptables` resource is not supported on your OS yet.'
+    end
+    def has_rule?(rule = nil, _table = nil, _chain = nil)
+      # checks if the rule is part of the ruleset
+      # for now, we expect an exact match
+      retrieve_rules.any? { |line| line.casecmp(rule) == 0 }
+    end
+    def retrieve_rules
+      return @iptables_cache if defined?(@iptables_cache)
+      # construct iptables command to read all rules
+      table_cmd = "-t #{@table}" if @table
+      iptables_cmd = format('iptables %s -S %s', table_cmd, @chain).strip
+      cmd = inspec.command(iptables_cmd)
+      return [] if cmd.exit_status.to_i != 0
+      # split rules, returns array or rules
+      @iptables_cache = cmd.stdout.split("\n").map(&:strip)
+    end
+    def to_s
+      format('Iptables %s %s', @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
+    end
+  end
+end