inspec 2.0.32 → 2.0.45
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +2991 -2970
- data/Gemfile +55 -55
- data/LICENSE +14 -14
- data/MAINTAINERS.md +33 -33
- data/MAINTAINERS.toml +52 -52
- data/README.md +446 -437
- data/Rakefile +322 -322
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +40 -40
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +93 -93
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +107 -107
- data/docs/matchers.md +169 -168
- data/docs/migration.md +293 -293
- data/docs/platforms.md +118 -118
- data/docs/plugin_kitchen_inspec.md +49 -49
- data/docs/profiles.md +370 -370
- data/docs/reporters.md +105 -105
- data/docs/resources/aide_conf.md.erb +75 -75
- data/docs/resources/apache.md.erb +67 -67
- data/docs/resources/apache_conf.md.erb +68 -68
- data/docs/resources/apt.md.erb +71 -71
- data/docs/resources/audit_policy.md.erb +47 -47
- data/docs/resources/auditd.md.erb +79 -79
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
- data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
- data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
- data/docs/resources/aws_config_recorder.md.erb +71 -71
- data/docs/resources/aws_ec2_instance.md.erb +106 -106
- data/docs/resources/aws_iam_access_key.md.erb +123 -123
- data/docs/resources/aws_iam_access_keys.md.erb +198 -198
- data/docs/resources/aws_iam_group.md.erb +46 -46
- data/docs/resources/aws_iam_groups.md.erb +43 -43
- data/docs/resources/aws_iam_password_policy.md.erb +76 -76
- data/docs/resources/aws_iam_policies.md.erb +82 -82
- data/docs/resources/aws_iam_policy.md.erb +144 -144
- data/docs/resources/aws_iam_role.md.erb +63 -63
- data/docs/resources/aws_iam_root_user.md.erb +58 -58
- data/docs/resources/aws_iam_user.md.erb +64 -64
- data/docs/resources/aws_iam_users.md.erb +89 -89
- data/docs/resources/aws_kms_keys.md.erb +84 -84
- data/docs/resources/aws_route_table.md.erb +47 -47
- data/docs/resources/aws_s3_bucket.md.erb +134 -134
- data/docs/resources/aws_security_group.md.erb +151 -151
- data/docs/resources/aws_security_groups.md.erb +91 -91
- data/docs/resources/aws_sns_topic.md.erb +63 -63
- data/docs/resources/aws_subnet.md.erb +133 -133
- data/docs/resources/aws_subnets.md.erb +126 -126
- data/docs/resources/aws_vpc.md.erb +120 -120
- data/docs/resources/aws_vpcs.md.erb +48 -48
- data/docs/resources/azure_generic_resource.md.erb +170 -170
- data/docs/resources/azure_resource_group.md.erb +284 -284
- data/docs/resources/azure_virtual_machine.md.erb +347 -347
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
- data/docs/resources/bash.md.erb +75 -75
- data/docs/resources/bond.md.erb +90 -90
- data/docs/resources/bridge.md.erb +57 -57
- data/docs/resources/bsd_service.md.erb +67 -67
- data/docs/resources/command.md.erb +138 -138
- data/docs/resources/cpan.md.erb +79 -79
- data/docs/resources/cran.md.erb +64 -64
- data/docs/resources/crontab.md.erb +89 -89
- data/docs/resources/csv.md.erb +54 -54
- data/docs/resources/dh_params.md.erb +205 -205
- data/docs/resources/directory.md.erb +30 -30
- data/docs/resources/docker.md.erb +219 -219
- data/docs/resources/docker_container.md.erb +104 -104
- data/docs/resources/docker_image.md.erb +94 -94
- data/docs/resources/docker_service.md.erb +114 -114
- data/docs/resources/elasticsearch.md.erb +242 -242
- data/docs/resources/etc_fstab.md.erb +125 -125
- data/docs/resources/etc_group.md.erb +75 -75
- data/docs/resources/etc_hosts.md.erb +78 -78
- data/docs/resources/etc_hosts_allow.md.erb +74 -74
- data/docs/resources/etc_hosts_deny.md.erb +74 -74
- data/docs/resources/file.md.erb +526 -515
- data/docs/resources/filesystem.md.erb +41 -41
- data/docs/resources/firewalld.md.erb +107 -107
- data/docs/resources/gem.md.erb +79 -79
- data/docs/resources/group.md.erb +61 -61
- data/docs/resources/grub_conf.md.erb +101 -101
- data/docs/resources/host.md.erb +86 -86
- data/docs/resources/http.md.erb +196 -196
- data/docs/resources/iis_app.md.erb +122 -122
- data/docs/resources/iis_site.md.erb +135 -135
- data/docs/resources/inetd_conf.md.erb +94 -94
- data/docs/resources/ini.md.erb +76 -76
- data/docs/resources/interface.md.erb +58 -58
- data/docs/resources/iptables.md.erb +64 -64
- data/docs/resources/json.md.erb +63 -63
- data/docs/resources/kernel_module.md.erb +120 -120
- data/docs/resources/kernel_parameter.md.erb +53 -53
- data/docs/resources/key_rsa.md.erb +85 -85
- data/docs/resources/launchd_service.md.erb +57 -57
- data/docs/resources/limits_conf.md.erb +75 -75
- data/docs/resources/login_def.md.erb +71 -71
- data/docs/resources/mount.md.erb +69 -69
- data/docs/resources/mssql_session.md.erb +60 -60
- data/docs/resources/mysql_conf.md.erb +99 -99
- data/docs/resources/mysql_session.md.erb +74 -74
- data/docs/resources/nginx.md.erb +79 -79
- data/docs/resources/nginx_conf.md.erb +128 -128
- data/docs/resources/npm.md.erb +60 -60
- data/docs/resources/ntp_conf.md.erb +60 -60
- data/docs/resources/oneget.md.erb +53 -53
- data/docs/resources/oracledb_session.md.erb +52 -52
- data/docs/resources/os.md.erb +141 -141
- data/docs/resources/os_env.md.erb +78 -78
- data/docs/resources/package.md.erb +120 -120
- data/docs/resources/packages.md.erb +67 -67
- data/docs/resources/parse_config.md.erb +103 -103
- data/docs/resources/parse_config_file.md.erb +138 -138
- data/docs/resources/passwd.md.erb +141 -141
- data/docs/resources/pip.md.erb +67 -67
- data/docs/resources/port.md.erb +137 -137
- data/docs/resources/postgres_conf.md.erb +79 -79
- data/docs/resources/postgres_hba_conf.md.erb +93 -93
- data/docs/resources/postgres_ident_conf.md.erb +76 -76
- data/docs/resources/postgres_session.md.erb +69 -69
- data/docs/resources/powershell.md.erb +102 -102
- data/docs/resources/processes.md.erb +109 -109
- data/docs/resources/rabbitmq_config.md.erb +41 -41
- data/docs/resources/registry_key.md.erb +158 -158
- data/docs/resources/runit_service.md.erb +57 -57
- data/docs/resources/security_policy.md.erb +47 -47
- data/docs/resources/service.md.erb +121 -121
- data/docs/resources/shadow.md.erb +146 -144
- data/docs/resources/ssh_config.md.erb +80 -80
- data/docs/resources/sshd_config.md.erb +83 -83
- data/docs/resources/ssl.md.erb +119 -119
- data/docs/resources/sys_info.md.erb +42 -42
- data/docs/resources/systemd_service.md.erb +57 -57
- data/docs/resources/sysv_service.md.erb +57 -57
- data/docs/resources/upstart_service.md.erb +57 -57
- data/docs/resources/user.md.erb +140 -140
- data/docs/resources/users.md.erb +127 -127
- data/docs/resources/vbscript.md.erb +55 -55
- data/docs/resources/virtualization.md.erb +57 -57
- data/docs/resources/windows_feature.md.erb +47 -47
- data/docs/resources/windows_hotfix.md.erb +53 -53
- data/docs/resources/windows_task.md.erb +95 -95
- data/docs/resources/wmi.md.erb +81 -81
- data/docs/resources/x509_certificate.md.erb +151 -151
- data/docs/resources/xinetd_conf.md.erb +156 -156
- data/docs/resources/xml.md.erb +85 -85
- data/docs/resources/yaml.md.erb +69 -69
- data/docs/resources/yum.md.erb +98 -98
- data/docs/resources/zfs_dataset.md.erb +53 -53
- data/docs/resources/zfs_pool.md.erb +47 -47
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +215 -215
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +22 -22
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
- data/examples/profile-aws/inspec.yml +11 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
- data/examples/profile-azure/inspec.yml +11 -11
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +53 -53
- data/inspec.gemspec +47 -47
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +185 -185
- data/lib/bundles/inspec-compliance/api.rb +316 -316
- data/lib/bundles/inspec-compliance/api/login.rb +152 -152
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +254 -254
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +86 -86
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +98 -98
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +390 -390
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +73 -73
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +204 -204
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +92 -92
- data/lib/inspec/base_cli.rb +355 -350
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +292 -292
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +13 -13
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +250 -250
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +247 -247
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +65 -65
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +135 -135
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +510 -510
- data/lib/inspec/profile_context.rb +207 -207
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +54 -50
- data/lib/inspec/reporters/base.rb +24 -24
- data/lib/inspec/reporters/cli.rb +356 -356
- data/lib/inspec/reporters/json.rb +116 -116
- data/lib/inspec/reporters/json_min.rb +48 -48
- data/lib/inspec/reporters/junit.rb +77 -77
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +186 -186
- data/lib/inspec/rule.rb +266 -266
- data/lib/inspec/runner.rb +345 -345
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +175 -175
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +213 -213
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +220 -220
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +339 -339
- data/lib/resource_support/aws.rb +41 -41
- data/lib/resource_support/aws/aws_backend_base.rb +12 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
- data/lib/resources/aide_conf.rb +159 -160
- data/lib/resources/apache.rb +48 -48
- data/lib/resources/apache_conf.rb +156 -156
- data/lib/resources/apt.rb +149 -149
- data/lib/resources/audit_policy.rb +63 -63
- data/lib/resources/auditd.rb +231 -231
- data/lib/resources/auditd_conf.rb +55 -55
- data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
- data/lib/resources/aws/aws_config_recorder.rb +98 -98
- data/lib/resources/aws/aws_ec2_instance.rb +157 -157
- data/lib/resources/aws/aws_iam_access_key.rb +106 -106
- data/lib/resources/aws/aws_iam_access_keys.rb +149 -144
- data/lib/resources/aws/aws_iam_group.rb +56 -56
- data/lib/resources/aws/aws_iam_groups.rb +52 -45
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
- data/lib/resources/aws/aws_iam_policies.rb +53 -46
- data/lib/resources/aws/aws_iam_policy.rb +125 -119
- data/lib/resources/aws/aws_iam_role.rb +51 -51
- data/lib/resources/aws/aws_iam_root_user.rb +60 -60
- data/lib/resources/aws/aws_iam_user.rb +111 -111
- data/lib/resources/aws/aws_iam_users.rb +108 -96
- data/lib/resources/aws/aws_kms_keys.rb +53 -46
- data/lib/resources/aws/aws_route_table.rb +61 -61
- data/lib/resources/aws/aws_s3_bucket.rb +115 -115
- data/lib/resources/aws/aws_security_group.rb +93 -93
- data/lib/resources/aws/aws_security_groups.rb +68 -68
- data/lib/resources/aws/aws_sns_topic.rb +53 -53
- data/lib/resources/aws/aws_subnet.rb +88 -88
- data/lib/resources/aws/aws_subnets.rb +53 -53
- data/lib/resources/aws/aws_vpc.rb +69 -69
- data/lib/resources/aws/aws_vpcs.rb +45 -45
- data/lib/resources/azure/azure_backend.rb +377 -377
- data/lib/resources/azure/azure_generic_resource.rb +59 -59
- data/lib/resources/azure/azure_resource_group.rb +152 -152
- data/lib/resources/azure/azure_virtual_machine.rb +264 -264
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -136
- data/lib/resources/bash.rb +35 -35
- data/lib/resources/bond.rb +68 -68
- data/lib/resources/bridge.rb +122 -122
- data/lib/resources/command.rb +73 -69
- data/lib/resources/cpan.rb +58 -58
- data/lib/resources/cran.rb +64 -64
- data/lib/resources/crontab.rb +169 -170
- data/lib/resources/csv.rb +60 -60
- data/lib/resources/dh_params.rb +82 -82
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +236 -236
- data/lib/resources/docker_container.rb +89 -89
- data/lib/resources/docker_image.rb +83 -83
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +90 -90
- data/lib/resources/elasticsearch.rb +169 -169
- data/lib/resources/etc_fstab.rb +101 -102
- data/lib/resources/etc_group.rb +152 -156
- data/lib/resources/etc_hosts.rb +82 -81
- data/lib/resources/etc_hosts_allow_deny.rb +122 -123
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +143 -144
- data/lib/resources/gem.rb +70 -70
- data/lib/resources/groups.rb +215 -215
- data/lib/resources/grub_conf.rb +237 -237
- data/lib/resources/host.rb +306 -300
- data/lib/resources/http.rb +251 -250
- data/lib/resources/iis_app.rb +101 -104
- data/lib/resources/iis_site.rb +148 -148
- data/lib/resources/inetd_conf.rb +62 -62
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +129 -129
- data/lib/resources/iptables.rb +80 -69
- data/lib/resources/json.rb +117 -117
- data/lib/resources/kernel_module.rb +107 -107
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +67 -67
- data/lib/resources/limits_conf.rb +55 -55
- data/lib/resources/login_def.rb +66 -66
- data/lib/resources/mount.rb +88 -88
- data/lib/resources/mssql_session.rb +101 -101
- data/lib/resources/mysql.rb +81 -81
- data/lib/resources/mysql_conf.rb +134 -134
- data/lib/resources/mysql_session.rb +71 -71
- data/lib/resources/nginx.rb +96 -96
- data/lib/resources/nginx_conf.rb +227 -227
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +58 -58
- data/lib/resources/oneget.rb +71 -71
- data/lib/resources/oracledb_session.rb +139 -139
- data/lib/resources/os.rb +36 -36
- data/lib/resources/os_env.rb +76 -76
- data/lib/resources/package.rb +370 -370
- data/lib/resources/packages.rb +111 -111
- data/lib/resources/parse_config.rb +116 -116
- data/lib/resources/passwd.rb +74 -74
- data/lib/resources/pip.rb +89 -89
- data/lib/resources/platform.rb +109 -109
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +130 -130
- data/lib/resources/postgres_conf.rb +121 -121
- data/lib/resources/postgres_hba_conf.rb +99 -100
- data/lib/resources/postgres_ident_conf.rb +76 -78
- data/lib/resources/postgres_session.rb +71 -71
- data/lib/resources/powershell.rb +53 -57
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +52 -52
- data/lib/resources/registry_key.rb +296 -296
- data/lib/resources/security_policy.rb +180 -180
- data/lib/resources/service.rb +789 -789
- data/lib/resources/shadow.rb +146 -140
- data/lib/resources/ssh_conf.rb +102 -102
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +28 -28
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +654 -654
- data/lib/resources/vbscript.rb +68 -69
- data/lib/resources/virtualization.rb +247 -247
- data/lib/resources/windows_feature.rb +84 -84
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +102 -105
- data/lib/resources/wmi.rb +110 -113
- data/lib/resources/x509_certificate.rb +143 -143
- data/lib/resources/xinetd.rb +111 -111
- data/lib/resources/xml.rb +46 -46
- data/lib/resources/yaml.rb +47 -47
- data/lib/resources/yum.rb +180 -180
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/filter.rb +272 -272
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +44 -44
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +85 -85
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +120 -120
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +2 -2
data/lib/resources/key_rsa.rb
CHANGED
|
@@ -1,67 +1,67 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
|
|
3
|
-
require 'openssl'
|
|
4
|
-
require 'hashie/mash'
|
|
5
|
-
|
|
6
|
-
module Inspec::Resources
|
|
7
|
-
class RsaKey < Inspec.resource(1)
|
|
8
|
-
name 'key_rsa'
|
|
9
|
-
supports platform: 'unix'
|
|
10
|
-
supports platform: 'windows'
|
|
11
|
-
desc 'public/private RSA key pair test'
|
|
12
|
-
example "
|
|
13
|
-
describe key_rsa('/etc/pki/www.mywebsite.com.key') do
|
|
14
|
-
its('public_key') { should match /BEGIN RSA PUBLIC KEY/ }
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
describe key_rsa('/etc/pki/www.mywebsite.com.key', 'passphrase') do
|
|
18
|
-
it { should be_private }
|
|
19
|
-
it { should be_public }
|
|
20
|
-
end
|
|
21
|
-
"
|
|
22
|
-
|
|
23
|
-
def initialize(keypath, passphrase = nil)
|
|
24
|
-
@key_path = keypath
|
|
25
|
-
@key_file = inspec.file(@key_path)
|
|
26
|
-
@key = nil
|
|
27
|
-
@passphrase = passphrase
|
|
28
|
-
|
|
29
|
-
return skip_resource "Unable to find key file #{@key_path}" unless @key_file.exist?
|
|
30
|
-
|
|
31
|
-
begin
|
|
32
|
-
@key = OpenSSL::PKey.read(@key_file.content, @passphrase)
|
|
33
|
-
rescue OpenSSL::PKey::RSAError => _
|
|
34
|
-
return skip_resource "Unable to load key file #{@key_path}"
|
|
35
|
-
end
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
def public?
|
|
39
|
-
return if @key.nil?
|
|
40
|
-
@key.public?
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
def public_key
|
|
44
|
-
return if @key.nil?
|
|
45
|
-
@key.public_key.to_s
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
def private?
|
|
49
|
-
return if @key.nil?
|
|
50
|
-
@key.private?
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
def private_key
|
|
54
|
-
return if @key.nil?
|
|
55
|
-
@key.to_s
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
def key_length
|
|
59
|
-
return if @key.nil?
|
|
60
|
-
@key.public_key.n.num_bytes * 8
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
def to_s
|
|
64
|
-
"rsa_key #{@key_path}"
|
|
65
|
-
end
|
|
66
|
-
end
|
|
67
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
|
|
3
|
+
require 'openssl'
|
|
4
|
+
require 'hashie/mash'
|
|
5
|
+
|
|
6
|
+
module Inspec::Resources
|
|
7
|
+
class RsaKey < Inspec.resource(1)
|
|
8
|
+
name 'key_rsa'
|
|
9
|
+
supports platform: 'unix'
|
|
10
|
+
supports platform: 'windows'
|
|
11
|
+
desc 'public/private RSA key pair test'
|
|
12
|
+
example "
|
|
13
|
+
describe key_rsa('/etc/pki/www.mywebsite.com.key') do
|
|
14
|
+
its('public_key') { should match /BEGIN RSA PUBLIC KEY/ }
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
describe key_rsa('/etc/pki/www.mywebsite.com.key', 'passphrase') do
|
|
18
|
+
it { should be_private }
|
|
19
|
+
it { should be_public }
|
|
20
|
+
end
|
|
21
|
+
"
|
|
22
|
+
|
|
23
|
+
def initialize(keypath, passphrase = nil)
|
|
24
|
+
@key_path = keypath
|
|
25
|
+
@key_file = inspec.file(@key_path)
|
|
26
|
+
@key = nil
|
|
27
|
+
@passphrase = passphrase
|
|
28
|
+
|
|
29
|
+
return skip_resource "Unable to find key file #{@key_path}" unless @key_file.exist?
|
|
30
|
+
|
|
31
|
+
begin
|
|
32
|
+
@key = OpenSSL::PKey.read(@key_file.content, @passphrase)
|
|
33
|
+
rescue OpenSSL::PKey::RSAError => _
|
|
34
|
+
return skip_resource "Unable to load key file #{@key_path}"
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def public?
|
|
39
|
+
return if @key.nil?
|
|
40
|
+
@key.public?
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def public_key
|
|
44
|
+
return if @key.nil?
|
|
45
|
+
@key.public_key.to_s
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def private?
|
|
49
|
+
return if @key.nil?
|
|
50
|
+
@key.private?
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def private_key
|
|
54
|
+
return if @key.nil?
|
|
55
|
+
@key.to_s
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def key_length
|
|
59
|
+
return if @key.nil?
|
|
60
|
+
@key.public_key.n.num_bytes * 8
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def to_s
|
|
64
|
+
"rsa_key #{@key_path}"
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
end
|
|
@@ -1,55 +1,55 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
# copyright: 2015, Vulcano Security GmbH
|
|
3
|
-
|
|
4
|
-
require 'utils/simpleconfig'
|
|
5
|
-
|
|
6
|
-
module Inspec::Resources
|
|
7
|
-
class LimitsConf < Inspec.resource(1)
|
|
8
|
-
name 'limits_conf'
|
|
9
|
-
supports platform: 'unix'
|
|
10
|
-
desc 'Use the limits_conf InSpec audit resource to test configuration settings in the /etc/security/limits.conf file. The limits.conf defines limits for processes (by user and/or group names) and helps ensure that the system on which those processes are running remains stable. Each process may be assigned a hard or soft limit.'
|
|
11
|
-
example "
|
|
12
|
-
describe limits_conf do
|
|
13
|
-
its('*') { should include ['hard','core','0'] }
|
|
14
|
-
end
|
|
15
|
-
"
|
|
16
|
-
|
|
17
|
-
def initialize(path = nil)
|
|
18
|
-
@conf_path = path || '/etc/security/limits.conf'
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
def method_missing(name)
|
|
22
|
-
read_params[name.to_s]
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def read_params
|
|
26
|
-
return @params if defined?(@params)
|
|
27
|
-
|
|
28
|
-
# read the file
|
|
29
|
-
file = inspec.file(@conf_path)
|
|
30
|
-
if !file.file?
|
|
31
|
-
skip_resource "Can't find file \"#{@conf_path}\""
|
|
32
|
-
return @params = {}
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
content = file.content
|
|
36
|
-
if content.empty? && !file.empty?
|
|
37
|
-
skip_resource "Can't read file \"#{@conf_path}\""
|
|
38
|
-
return @params = {}
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
# parse the file
|
|
42
|
-
conf = SimpleConfig.new(
|
|
43
|
-
content,
|
|
44
|
-
assignment_regex: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
|
|
45
|
-
key_values: 3,
|
|
46
|
-
multiple_values: true,
|
|
47
|
-
)
|
|
48
|
-
@params = conf.params
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
def to_s
|
|
52
|
-
'limits.conf'
|
|
53
|
-
end
|
|
54
|
-
end
|
|
55
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# copyright: 2015, Vulcano Security GmbH
|
|
3
|
+
|
|
4
|
+
require 'utils/simpleconfig'
|
|
5
|
+
|
|
6
|
+
module Inspec::Resources
|
|
7
|
+
class LimitsConf < Inspec.resource(1)
|
|
8
|
+
name 'limits_conf'
|
|
9
|
+
supports platform: 'unix'
|
|
10
|
+
desc 'Use the limits_conf InSpec audit resource to test configuration settings in the /etc/security/limits.conf file. The limits.conf defines limits for processes (by user and/or group names) and helps ensure that the system on which those processes are running remains stable. Each process may be assigned a hard or soft limit.'
|
|
11
|
+
example "
|
|
12
|
+
describe limits_conf do
|
|
13
|
+
its('*') { should include ['hard','core','0'] }
|
|
14
|
+
end
|
|
15
|
+
"
|
|
16
|
+
|
|
17
|
+
def initialize(path = nil)
|
|
18
|
+
@conf_path = path || '/etc/security/limits.conf'
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def method_missing(name)
|
|
22
|
+
read_params[name.to_s]
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def read_params
|
|
26
|
+
return @params if defined?(@params)
|
|
27
|
+
|
|
28
|
+
# read the file
|
|
29
|
+
file = inspec.file(@conf_path)
|
|
30
|
+
if !file.file?
|
|
31
|
+
skip_resource "Can't find file \"#{@conf_path}\""
|
|
32
|
+
return @params = {}
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
content = file.content
|
|
36
|
+
if content.empty? && !file.empty?
|
|
37
|
+
skip_resource "Can't read file \"#{@conf_path}\""
|
|
38
|
+
return @params = {}
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
# parse the file
|
|
42
|
+
conf = SimpleConfig.new(
|
|
43
|
+
content,
|
|
44
|
+
assignment_regex: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
|
|
45
|
+
key_values: 3,
|
|
46
|
+
multiple_values: true,
|
|
47
|
+
)
|
|
48
|
+
@params = conf.params
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def to_s
|
|
52
|
+
'limits.conf'
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
data/lib/resources/login_def.rb
CHANGED
|
@@ -1,66 +1,66 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
# copyright: 2015, Vulcano Security GmbH
|
|
3
|
-
|
|
4
|
-
require 'utils/simpleconfig'
|
|
5
|
-
|
|
6
|
-
# Usage:
|
|
7
|
-
#
|
|
8
|
-
# describe login_def do
|
|
9
|
-
# its('UMASK') {
|
|
10
|
-
# should eq '077'
|
|
11
|
-
# }
|
|
12
|
-
#
|
|
13
|
-
# its('PASS_MAX_DAYS.to_i') {
|
|
14
|
-
# should be <= 90
|
|
15
|
-
# }
|
|
16
|
-
# end
|
|
17
|
-
|
|
18
|
-
module Inspec::Resources
|
|
19
|
-
class LoginDef < Inspec.resource(1)
|
|
20
|
-
name 'login_defs'
|
|
21
|
-
supports platform: 'unix'
|
|
22
|
-
desc 'Use the login_defs InSpec audit resource to test configuration settings in the /etc/login.defs file. The logins.defs file defines site-specific configuration for the shadow password suite on Linux and UNIX platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.'
|
|
23
|
-
example "
|
|
24
|
-
describe login_defs do
|
|
25
|
-
its('ENCRYPT_METHOD') { should eq 'SHA512' }
|
|
26
|
-
end
|
|
27
|
-
"
|
|
28
|
-
|
|
29
|
-
def initialize(path = nil)
|
|
30
|
-
@conf_path = path || '/etc/login.defs'
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
def method_missing(name)
|
|
34
|
-
read_params[name.to_s]
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
def read_params
|
|
38
|
-
return @params if defined?(@params)
|
|
39
|
-
|
|
40
|
-
# read the file
|
|
41
|
-
file = inspec.file(@conf_path)
|
|
42
|
-
if !file.file?
|
|
43
|
-
skip_resource "Can't find file \"#{@conf_path}\""
|
|
44
|
-
return @params = {}
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
content = file.content
|
|
48
|
-
if content.empty? && !file.empty?
|
|
49
|
-
skip_resource "Can't read file \"#{@conf_path}\""
|
|
50
|
-
return @params = {}
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
# parse the file
|
|
54
|
-
conf = SimpleConfig.new(
|
|
55
|
-
content,
|
|
56
|
-
assignment_regex: /^\s*(\S+)\s+(\S*)\s*$/,
|
|
57
|
-
multiple_values: false,
|
|
58
|
-
)
|
|
59
|
-
@params = conf.params
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
def to_s
|
|
63
|
-
'login.defs'
|
|
64
|
-
end
|
|
65
|
-
end
|
|
66
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# copyright: 2015, Vulcano Security GmbH
|
|
3
|
+
|
|
4
|
+
require 'utils/simpleconfig'
|
|
5
|
+
|
|
6
|
+
# Usage:
|
|
7
|
+
#
|
|
8
|
+
# describe login_def do
|
|
9
|
+
# its('UMASK') {
|
|
10
|
+
# should eq '077'
|
|
11
|
+
# }
|
|
12
|
+
#
|
|
13
|
+
# its('PASS_MAX_DAYS.to_i') {
|
|
14
|
+
# should be <= 90
|
|
15
|
+
# }
|
|
16
|
+
# end
|
|
17
|
+
|
|
18
|
+
module Inspec::Resources
|
|
19
|
+
class LoginDef < Inspec.resource(1)
|
|
20
|
+
name 'login_defs'
|
|
21
|
+
supports platform: 'unix'
|
|
22
|
+
desc 'Use the login_defs InSpec audit resource to test configuration settings in the /etc/login.defs file. The logins.defs file defines site-specific configuration for the shadow password suite on Linux and UNIX platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.'
|
|
23
|
+
example "
|
|
24
|
+
describe login_defs do
|
|
25
|
+
its('ENCRYPT_METHOD') { should eq 'SHA512' }
|
|
26
|
+
end
|
|
27
|
+
"
|
|
28
|
+
|
|
29
|
+
def initialize(path = nil)
|
|
30
|
+
@conf_path = path || '/etc/login.defs'
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def method_missing(name)
|
|
34
|
+
read_params[name.to_s]
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def read_params
|
|
38
|
+
return @params if defined?(@params)
|
|
39
|
+
|
|
40
|
+
# read the file
|
|
41
|
+
file = inspec.file(@conf_path)
|
|
42
|
+
if !file.file?
|
|
43
|
+
skip_resource "Can't find file \"#{@conf_path}\""
|
|
44
|
+
return @params = {}
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
content = file.content
|
|
48
|
+
if content.empty? && !file.empty?
|
|
49
|
+
skip_resource "Can't read file \"#{@conf_path}\""
|
|
50
|
+
return @params = {}
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
# parse the file
|
|
54
|
+
conf = SimpleConfig.new(
|
|
55
|
+
content,
|
|
56
|
+
assignment_regex: /^\s*(\S+)\s+(\S*)\s*$/,
|
|
57
|
+
multiple_values: false,
|
|
58
|
+
)
|
|
59
|
+
@params = conf.params
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
def to_s
|
|
63
|
+
'login.defs'
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
end
|
data/lib/resources/mount.rb
CHANGED
|
@@ -1,88 +1,88 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
|
|
3
|
-
require 'utils/simpleconfig'
|
|
4
|
-
|
|
5
|
-
module Inspec::Resources
|
|
6
|
-
class Mount < Inspec.resource(1)
|
|
7
|
-
name 'mount'
|
|
8
|
-
supports platform: 'unix'
|
|
9
|
-
desc 'Use the mount InSpec audit resource to test if mount points.'
|
|
10
|
-
example "
|
|
11
|
-
describe mount('/') do
|
|
12
|
-
it { should be_mounted }
|
|
13
|
-
its('count') { should eq 1 }
|
|
14
|
-
its('device') { should eq '/dev/mapper/VolGroup-lv_root' }
|
|
15
|
-
its('type') { should eq 'ext4' }
|
|
16
|
-
its('options') { should eq ['rw', 'mode=620'] }
|
|
17
|
-
its('options') { should include 'nodev' }
|
|
18
|
-
end
|
|
19
|
-
"
|
|
20
|
-
attr_reader :file
|
|
21
|
-
|
|
22
|
-
def initialize(path)
|
|
23
|
-
@path = path
|
|
24
|
-
@mount_manager = mount_manager_for_os
|
|
25
|
-
return skip_resource 'The `mount` resource is not supported on your OS yet.' if @mount_manager.nil?
|
|
26
|
-
@file = inspec.backend.file(@path)
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
def mounted?
|
|
30
|
-
file.mounted?
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
def count
|
|
34
|
-
mounted = file.mounted
|
|
35
|
-
return nil if mounted.nil? || mounted.stdout.nil?
|
|
36
|
-
mounted.stdout.lines.count
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
def method_missing(name)
|
|
40
|
-
return nil if !file.mounted?
|
|
41
|
-
|
|
42
|
-
mounted = file.mounted
|
|
43
|
-
return nil if mounted.nil? || mounted.stdout.nil?
|
|
44
|
-
|
|
45
|
-
line = mounted.stdout
|
|
46
|
-
# if we got multiple lines, only use the last entry
|
|
47
|
-
line = mounted.stdout.lines.to_a.last if mounted.stdout.lines.count > 1
|
|
48
|
-
|
|
49
|
-
# parse content if we are on linux
|
|
50
|
-
@mount_options ||= @mount_manager.parse_mount_options(line)
|
|
51
|
-
@mount_options[name]
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
def to_s
|
|
55
|
-
"Mount #{@path}"
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
private
|
|
59
|
-
|
|
60
|
-
def mount_manager_for_os
|
|
61
|
-
os = inspec.os
|
|
62
|
-
if os.linux?
|
|
63
|
-
LinuxMounts.new(inspec)
|
|
64
|
-
elsif ['freebsd'].include?(os[:family])
|
|
65
|
-
BsdMounts.new(inspec)
|
|
66
|
-
end
|
|
67
|
-
end
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
class MountsInfo
|
|
71
|
-
attr_reader :inspec
|
|
72
|
-
def initialize(inspec)
|
|
73
|
-
@inspec = inspec
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
def parse_mount_options(_mount_line, _compatibility = false)
|
|
77
|
-
raise NotImplementedError
|
|
78
|
-
end
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
class LinuxMounts < MountsInfo
|
|
82
|
-
include LinuxMountParser
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
class BsdMounts < MountsInfo
|
|
86
|
-
include BsdMountParser
|
|
87
|
-
end
|
|
88
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
|
|
3
|
+
require 'utils/simpleconfig'
|
|
4
|
+
|
|
5
|
+
module Inspec::Resources
|
|
6
|
+
class Mount < Inspec.resource(1)
|
|
7
|
+
name 'mount'
|
|
8
|
+
supports platform: 'unix'
|
|
9
|
+
desc 'Use the mount InSpec audit resource to test if mount points.'
|
|
10
|
+
example "
|
|
11
|
+
describe mount('/') do
|
|
12
|
+
it { should be_mounted }
|
|
13
|
+
its('count') { should eq 1 }
|
|
14
|
+
its('device') { should eq '/dev/mapper/VolGroup-lv_root' }
|
|
15
|
+
its('type') { should eq 'ext4' }
|
|
16
|
+
its('options') { should eq ['rw', 'mode=620'] }
|
|
17
|
+
its('options') { should include 'nodev' }
|
|
18
|
+
end
|
|
19
|
+
"
|
|
20
|
+
attr_reader :file
|
|
21
|
+
|
|
22
|
+
def initialize(path)
|
|
23
|
+
@path = path
|
|
24
|
+
@mount_manager = mount_manager_for_os
|
|
25
|
+
return skip_resource 'The `mount` resource is not supported on your OS yet.' if @mount_manager.nil?
|
|
26
|
+
@file = inspec.backend.file(@path)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def mounted?
|
|
30
|
+
file.mounted?
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def count
|
|
34
|
+
mounted = file.mounted
|
|
35
|
+
return nil if mounted.nil? || mounted.stdout.nil?
|
|
36
|
+
mounted.stdout.lines.count
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def method_missing(name)
|
|
40
|
+
return nil if !file.mounted?
|
|
41
|
+
|
|
42
|
+
mounted = file.mounted
|
|
43
|
+
return nil if mounted.nil? || mounted.stdout.nil?
|
|
44
|
+
|
|
45
|
+
line = mounted.stdout
|
|
46
|
+
# if we got multiple lines, only use the last entry
|
|
47
|
+
line = mounted.stdout.lines.to_a.last if mounted.stdout.lines.count > 1
|
|
48
|
+
|
|
49
|
+
# parse content if we are on linux
|
|
50
|
+
@mount_options ||= @mount_manager.parse_mount_options(line)
|
|
51
|
+
@mount_options[name]
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def to_s
|
|
55
|
+
"Mount #{@path}"
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
private
|
|
59
|
+
|
|
60
|
+
def mount_manager_for_os
|
|
61
|
+
os = inspec.os
|
|
62
|
+
if os.linux?
|
|
63
|
+
LinuxMounts.new(inspec)
|
|
64
|
+
elsif ['freebsd'].include?(os[:family])
|
|
65
|
+
BsdMounts.new(inspec)
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
class MountsInfo
|
|
71
|
+
attr_reader :inspec
|
|
72
|
+
def initialize(inspec)
|
|
73
|
+
@inspec = inspec
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def parse_mount_options(_mount_line, _compatibility = false)
|
|
77
|
+
raise NotImplementedError
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
class LinuxMounts < MountsInfo
|
|
82
|
+
include LinuxMountParser
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
class BsdMounts < MountsInfo
|
|
86
|
+
include BsdMountParser
|
|
87
|
+
end
|
|
88
|
+
end
|