inspec 2.0.16 → 2.0.17

data/docs/resources/kernel_parameter.md.erb

@@ -1,53 +1,53 @@
----
-title: About the kernel_parameter Resource
-platform: linux
----
-
-# kernel_parameter
-
-Use the `kernel_parameter` InSpec audit resource to test kernel parameters on Linux platforms.
- These parameters are located under `/proc/cmdline`.
-<br>
-
-## Syntax
-
-A `kernel_parameter` resource block declares a parameter and then a value to be tested:
-
-    describe kernel_parameter('path.to.parameter') do
-      its('value') { should eq 0 }
-    end
-
-where
-
-* `'kernel.parameter'` must specify a kernel parameter, such as `'net.ipv4.conf.all.forwarding'`
-* `{ should eq 0 }` states the value to be tested
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test if global forwarding is enabled for an IPv4 address
-
-    describe kernel_parameter('net.ipv4.conf.all.forwarding') do
-      its('value') { should eq 1 }
-    end
-
-### Test if global forwarding is disabled for an IPv6 address
-
-    describe kernel_parameter('net.ipv6.conf.all.forwarding') do
-      its('value') { should eq 0 }
-    end
-
-### Test if an IPv6 address accepts redirects
-
-    describe kernel_parameter('net.ipv6.conf.interface.accept_redirects') do
-      its('value') { should cmp 'true' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+---
+title: About the kernel_parameter Resource
+platform: linux
+---
+
+# kernel_parameter
+
+Use the `kernel_parameter` InSpec audit resource to test kernel parameters on Linux platforms.
+ These parameters are located under `/proc/cmdline`.
+<br>
+
+## Syntax
+
+A `kernel_parameter` resource block declares a parameter and then a value to be tested:
+
+    describe kernel_parameter('path.to.parameter') do
+      its('value') { should eq 0 }
+    end
+
+where
+
+* `'kernel.parameter'` must specify a kernel parameter, such as `'net.ipv4.conf.all.forwarding'`
+* `{ should eq 0 }` states the value to be tested
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if global forwarding is enabled for an IPv4 address
+
+    describe kernel_parameter('net.ipv4.conf.all.forwarding') do
+      its('value') { should eq 1 }
+    end
+
+### Test if global forwarding is disabled for an IPv6 address
+
+    describe kernel_parameter('net.ipv6.conf.all.forwarding') do
+      its('value') { should eq 0 }
+    end
+
+### Test if an IPv6 address accepts redirects
+
+    describe kernel_parameter('net.ipv6.conf.interface.accept_redirects') do
+      its('value') { should cmp 'true' }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/key_rsa.md.erb

@@ -1,85 +1,85 @@
----
-title: The key_rsa Resource
-platform: os
----
-
-# key_rsa
-
-Use the `key_rsa` InSpec audit resource to test RSA public/private keypairs.
-
-This resource is mainly useful when used in conjunction with the x509_certificate resource but it can also be used for checking SSH keys.
-
-<br>
-
-## Syntax
-
-An `key_rsa` resource block declares a `key file` to be tested.
-
-    describe key_rsa('mycertificate.key') do
-      it { should be_private }
-      it { should be_public }
-      its('public_key') { should match "-----BEGIN PUBLIC KEY-----\n3597459df9f3982" }
-      its('key_length') { should eq 2048 }
-    end
-
-You can use an optional passphrase with `key_rsa`
-
-    describe key_rsa('mycertificate.key', 'passphrase') do
-      it { should be_private }
-    end
-
-<br>
-
-## Properties
-
-  * `public_key`, `private_key`, `key_length`
-
-<br>
-
-## Property Examples
-
-### public_key (String)
-
-The `public_key` property returns the public part of the RSA key pair
-
-    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
-      its('public_key') { should match "-----BEGIN PUBLIC KEY-----\n3597459df9f3982......" }
-    end
-
-### private_key (String)
-
-The `private_key` property returns the private key or the RSA key pair.
-
-    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
-      its('private_key') { should match "-----BEGIN RSA PRIVATE KEY-----\nMIIJJwIBAAK......" }
-    end
-
-### key_length
-
-The `key_length` property allows testing the number of bits in the key pair.
-
-    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
-      its('key_length') { should eq 2048 }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### public?
-
-To verify if a key is public use the following:
-
-    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
-      it { should be_public }
-    end
-
-### private?
-
-This property verifies that the key includes a private key:
-
-    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
-      it { should be_private }
-    end
+---
+title: The key_rsa Resource
+platform: os
+---
+
+# key_rsa
+
+Use the `key_rsa` InSpec audit resource to test RSA public/private keypairs.
+
+This resource is mainly useful when used in conjunction with the x509_certificate resource but it can also be used for checking SSH keys.
+
+<br>
+
+## Syntax
+
+An `key_rsa` resource block declares a `key file` to be tested.
+
+    describe key_rsa('mycertificate.key') do
+      it { should be_private }
+      it { should be_public }
+      its('public_key') { should match "-----BEGIN PUBLIC KEY-----\n3597459df9f3982" }
+      its('key_length') { should eq 2048 }
+    end
+
+You can use an optional passphrase with `key_rsa`
+
+    describe key_rsa('mycertificate.key', 'passphrase') do
+      it { should be_private }
+    end
+
+<br>
+
+## Properties
+
+  * `public_key`, `private_key`, `key_length`
+
+<br>
+
+## Property Examples
+
+### public_key (String)
+
+The `public_key` property returns the public part of the RSA key pair
+
+    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
+      its('public_key') { should match "-----BEGIN PUBLIC KEY-----\n3597459df9f3982......" }
+    end
+
+### private_key (String)
+
+The `private_key` property returns the private key or the RSA key pair.
+
+    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
+      its('private_key') { should match "-----BEGIN RSA PRIVATE KEY-----\nMIIJJwIBAAK......" }
+    end
+
+### key_length
+
+The `key_length` property allows testing the number of bits in the key pair.
+
+    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
+      its('key_length') { should eq 2048 }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### public?
+
+To verify if a key is public use the following:
+
+    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
+      it { should be_public }
+    end
+
+### private?
+
+This property verifies that the key includes a private key:
+
+    describe key_rsa('/etc/pki/www.mywebsite.com.key') do
+      it { should be_private }
+    end

data/docs/resources/launchd_service.md.erb

@@ -1,57 +1,57 @@
----
-title: About the launchd_service Resource
-platform: linux
----
-
-# launchd_service
-
-Use the ``launchd_service`` InSpec audit resource to test a service using Launchd.
-
-<br>
-
-## Syntax
-
-A ``launchd_service`` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
-
-    describe launchd_service('service_name') do
-      it { should be_installed }
-      it { should be_enabled }
-      it { should be_running }
-    end
-
-where
-
-* ``('service_name')`` must specify a service name
-* `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
-
-The path to the service manager's control may be specified for situations where the path isn't available in the current ``PATH``. For example:
-
-    describe launchd_service('service_name', '/path/to/control') do
-      it { should be_enabled }
-      it { should be_installed }
-      it { should be_running }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### be_enabled
-
-The `be_enabled` matcher tests if the named service is enabled:
-
-    it { should be_enabled }
-
-### be_installed
-
-The `be_installed` matcher tests if the named service is installed:
-
-    it { should be_installed }
-
-### be_running
-
-The `be_running` matcher tests if the named service is running:
-
-    it { should be_running }
+---
+title: About the launchd_service Resource
+platform: linux
+---
+
+# launchd_service
+
+Use the ``launchd_service`` InSpec audit resource to test a service using Launchd.
+
+<br>
+
+## Syntax
+
+A ``launchd_service`` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
+
+    describe launchd_service('service_name') do
+      it { should be_installed }
+      it { should be_enabled }
+      it { should be_running }
+    end
+
+where
+
+* ``('service_name')`` must specify a service name
+* `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
+
+The path to the service manager's control may be specified for situations where the path isn't available in the current ``PATH``. For example:
+
+    describe launchd_service('service_name', '/path/to/control') do
+      it { should be_enabled }
+      it { should be_installed }
+      it { should be_running }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### be_enabled
+
+The `be_enabled` matcher tests if the named service is enabled:
+
+    it { should be_enabled }
+
+### be_installed
+
+The `be_installed` matcher tests if the named service is installed:
+
+    it { should be_installed }
+
+### be_running
+
+The `be_running` matcher tests if the named service is running:
+
+    it { should be_running }

data/docs/resources/limits_conf.md.erb

@@ -1,75 +1,75 @@
----
-title: About the limits_conf Resource
-platform: linux
----
-
-# limits_conf
-
-Use the `limits_conf` InSpec audit resource to test configuration settings in the `/etc/security/limits.conf` file. The `limits.conf` defines limits for processes (by user and/or group names) and helps ensure that the system running those processes remains stable. Each process may be assigned a hard or soft limit.
-
-* Soft limits are maintained by the shell and defines the number of file handles (or open files) available to the user or group after login
-* Hard limits are maintained by the kernel and defines the maximum number of allowed file handles
-
-Entries in the `limits.conf` file are similar to:
-
-    grantmc     soft   nofile   4096
-    grantmc     hard   nofile   63536
-
-    ^^^^^^^^^   ^^^^   ^^^^^^   ^^^^^
-    domain      type    item    value
-
-<br>
-
-## Syntax
-
-A `limits_conf` resource block declares a domain to be tested, along with associated type, item, and value:
-
-    describe limits_conf('path') do
-      its('domain') { should include ['type', 'item', 'value'] }
-      its('domain') { should eq ['type', 'item', 'value'] }
-    end
-
-where
-
-* `('path')` is the non-default path to the `inetd.conf` file
-* `'domain'` is a user or group name, such as `grantmc`
-* `'type'` is either `hard` or `soft`
-* `'item'` is the item for which limits are defined, such as `core`, `nofile`, `stack`, `nproc`, `priority`, or `maxlogins`
-* `'value'` is the value associated with the `item`
-
-<br>
-
-## Properties
-
-* `domain`
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### domain
-
-The `domain` property tests the domain in the `limits.conf` file, along with associated type, item, and value:
-
-    its('domain') { should include ['type', 'item', 'value'] }
-`
-For example:
-
-    its('grantmc') { should include ['hard', 'nofile', '63536'] }
-
-### Test limits
-
-    describe limits_conf('path') do
-      its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
-      its('ftp') { should eq ['hard', 'nproc', '0'] }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-
+---
+title: About the limits_conf Resource
+platform: linux
+---
+
+# limits_conf
+
+Use the `limits_conf` InSpec audit resource to test configuration settings in the `/etc/security/limits.conf` file. The `limits.conf` defines limits for processes (by user and/or group names) and helps ensure that the system running those processes remains stable. Each process may be assigned a hard or soft limit.
+
+* Soft limits are maintained by the shell and defines the number of file handles (or open files) available to the user or group after login
+* Hard limits are maintained by the kernel and defines the maximum number of allowed file handles
+
+Entries in the `limits.conf` file are similar to:
+
+    grantmc     soft   nofile   4096
+    grantmc     hard   nofile   63536
+
+    ^^^^^^^^^   ^^^^   ^^^^^^   ^^^^^
+    domain      type    item    value
+
+<br>
+
+## Syntax
+
+A `limits_conf` resource block declares a domain to be tested, along with associated type, item, and value:
+
+    describe limits_conf('path') do
+      its('domain') { should include ['type', 'item', 'value'] }
+      its('domain') { should eq ['type', 'item', 'value'] }
+    end
+
+where
+
+* `('path')` is the non-default path to the `inetd.conf` file
+* `'domain'` is a user or group name, such as `grantmc`
+* `'type'` is either `hard` or `soft`
+* `'item'` is the item for which limits are defined, such as `core`, `nofile`, `stack`, `nproc`, `priority`, or `maxlogins`
+* `'value'` is the value associated with the `item`
+
+<br>
+
+## Properties
+
+* `domain`
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### domain
+
+The `domain` property tests the domain in the `limits.conf` file, along with associated type, item, and value:
+
+    its('domain') { should include ['type', 'item', 'value'] }
+`
+For example:
+
+    its('grantmc') { should include ['hard', 'nofile', '63536'] }
+
+### Test limits
+
+    describe limits_conf('path') do
+      its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
+      its('ftp') { should eq ['hard', 'nproc', '0'] }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+