inspec 2.0.32 → 2.0.45

data/docs/resources/postgres_session.md.erb

@@ -1,69 +1,69 @@
----
-title: About the postgres_session Resource
-platform: os
----
-
-# postgres_session
-
-Use the `postgres_session` InSpec audit resource to test SQL commands run against a PostgreSQL database.
-
-<br>
-
-## Syntax
-
-A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:
-
-    # Create a PostgreSQL session:
-    sql = postgres_session('username', 'password', 'host')
-
-    # default values:
-    #   username: 'postgres'
-    #   host: 'localhost'
-
-    # Run an SQL query with an optional database to execute
-    sql.query('sql_query', ['database_name'])`
-
-A full example is:
-
-    sql = postgres_session('username', 'password', 'host')
-    describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
-      its('output') { should eq '' }
-    end
-
-where `its('output') { should eq '' }` compares the results of the query against the expected result in the test
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test the PostgreSQL shadow password
-
-    sql = postgres_session('my_user', 'password', '192.168.1.2')
-
-    describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;', ['testdb']) do
-      its('output') { should eq('') }
-    end
-
-### Test for risky database entries
-
-    describe postgres_session('my_user', 'password').query('SELECT count (*)
-                  FROM pg_language
-                  WHERE lanpltrusted = \'f\'
-                  AND lanname!=\'internal\'
-                  AND lanname!=\'c\';', ['postgres']) do
-      its('output') { should eq '0' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### output
-
-The `output` matcher tests the results of the query:
-
-    its('output') { should eq(/^0/) }
+---
+title: About the postgres_session Resource
+platform: os
+---
+
+# postgres_session
+
+Use the `postgres_session` InSpec audit resource to test SQL commands run against a PostgreSQL database.
+
+<br>
+
+## Syntax
+
+A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:
+
+    # Create a PostgreSQL session:
+    sql = postgres_session('username', 'password', 'host')
+
+    # default values:
+    #   username: 'postgres'
+    #   host: 'localhost'
+
+    # Run an SQL query with an optional database to execute
+    sql.query('sql_query', ['database_name'])`
+
+A full example is:
+
+    sql = postgres_session('username', 'password', 'host')
+    describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
+      its('output') { should eq '' }
+    end
+
+where `its('output') { should eq '' }` compares the results of the query against the expected result in the test
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test the PostgreSQL shadow password
+
+    sql = postgres_session('my_user', 'password', '192.168.1.2')
+
+    describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;', ['testdb']) do
+      its('output') { should eq('') }
+    end
+
+### Test for risky database entries
+
+    describe postgres_session('my_user', 'password').query('SELECT count (*)
+                  FROM pg_language
+                  WHERE lanpltrusted = \'f\'
+                  AND lanname!=\'internal\'
+                  AND lanname!=\'c\';', ['postgres']) do
+      its('output') { should eq '0' }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### output
+
+The `output` matcher tests the results of the query:
+
+    its('output') { should eq(/^0/) }

data/docs/resources/powershell.md.erb

@@ -1,102 +1,102 @@
----
-title: About the powershell Resource
-platform: windows
----
-
-# powershell
-
-Use the `powershell` InSpec audit resource to test a Powershell script on the Windows platform.
-
-<br>
-
-## Syntax
-
-A `powershell` resource block declares a Powershell script to be tested, and then compares the output of that command to the matcher in the test:
-
-    script = <<-EOH
-      # a PowerShell script
-    EOH
-
-    describe powershell(script) do
-      its('property') { should eq 'output' }
-    end
-
-where
-
-* `'script'` must specify a Powershell script to be run
-* `'matcher'` is one of `exit_status`, `stderr`, or `stdout`
-* `'output'` tests the output of the command run on the system versus the output value stated in the test
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Get all groups of Administrator user
-
-    script = <<-EOH
-      # find user
-      $user = Get-WmiObject Win32_UserAccount -filter "Name = 'Administrator'"
-      # get related groups
-      $groups = $user.GetRelated('Win32_Group') | Select-Object -Property Caption, Domain, Name, LocalAccount, SID, SIDType, Status
-      $groups | ConvertTo-Json
-    EOH
-
-    describe powershell(script) do
-      its('stdout') { should_not eq '' }
-    end
-
-### Write-Output 'hello'
-
-The following Powershell script:
-
-    script = <<-EOH
-      Write-Output 'hello'
-    EOH
-
-can be tested in the following ways.
-
-For a newline:
-
-    describe powershell(script) do
-      its('stdout') { should eq "hello\r\n" }
-      its('stderr') { should eq '' }
-    end
-
-Removing whitespace `\r\n` from `stdout`:
-
-    describe powershell(script) do
-      its('strip') { should eq "hello" }
-    end
-
-No newline:
-
-    describe powershell("'hello' | Write-Host -NoNewLine") do
-      its('stdout') { should eq 'hello' }
-      its('stderr') { should eq '' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### exit_status
-
-The `exit_status` matcher tests the exit status for the command:
-
-    its('exit_status') { should eq 123 }
-
-### stderr
-
-The `stderr` matcher tests results of the command as returned in standard error (stderr):
-
-    its('stderr') { should eq 'error' }
-
-### stdout
-
-The `stdout` matcher tests results of the command as returned in standard output (stdout):
-
-    its('stdout') { should eq '/^1$/' }
+---
+title: About the powershell Resource
+platform: windows
+---
+
+# powershell
+
+Use the `powershell` InSpec audit resource to test a Powershell script on the Windows platform.
+
+<br>
+
+## Syntax
+
+A `powershell` resource block declares a Powershell script to be tested, and then compares the output of that command to the matcher in the test:
+
+    script = <<-EOH
+      # a PowerShell script
+    EOH
+
+    describe powershell(script) do
+      its('property') { should eq 'output' }
+    end
+
+where
+
+* `'script'` must specify a Powershell script to be run
+* `'matcher'` is one of `exit_status`, `stderr`, or `stdout`
+* `'output'` tests the output of the command run on the system versus the output value stated in the test
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Get all groups of Administrator user
+
+    script = <<-EOH
+      # find user
+      $user = Get-WmiObject Win32_UserAccount -filter "Name = 'Administrator'"
+      # get related groups
+      $groups = $user.GetRelated('Win32_Group') | Select-Object -Property Caption, Domain, Name, LocalAccount, SID, SIDType, Status
+      $groups | ConvertTo-Json
+    EOH
+
+    describe powershell(script) do
+      its('stdout') { should_not eq '' }
+    end
+
+### Write-Output 'hello'
+
+The following Powershell script:
+
+    script = <<-EOH
+      Write-Output 'hello'
+    EOH
+
+can be tested in the following ways.
+
+For a newline:
+
+    describe powershell(script) do
+      its('stdout') { should eq "hello\r\n" }
+      its('stderr') { should eq '' }
+    end
+
+Removing whitespace `\r\n` from `stdout`:
+
+    describe powershell(script) do
+      its('strip') { should eq "hello" }
+    end
+
+No newline:
+
+    describe powershell("'hello' | Write-Host -NoNewLine") do
+      its('stdout') { should eq 'hello' }
+      its('stderr') { should eq '' }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exit_status
+
+The `exit_status` matcher tests the exit status for the command:
+
+    its('exit_status') { should eq 123 }
+
+### stderr
+
+The `stderr` matcher tests results of the command as returned in standard error (stderr):
+
+    its('stderr') { should eq 'error' }
+
+### stdout
+
+The `stdout` matcher tests results of the command as returned in standard output (stdout):
+
+    its('stdout') { should eq '/^1$/' }

data/docs/resources/processes.md.erb

@@ -1,109 +1,109 @@
----
-title: About the processes Resource
-platform: os
----
-
-# processes
-
-Use the `processes` InSpec audit resource to test properties for programs that are running on the system.
-
-<br>
-
-## Syntax
-
-A `processes` resource block declares the name of the process to be tested, and then declares one (or more) property/value pairs:
-
-    describe processes('process_name') do
-      its('property_name') { should eq ['property_value'] }
-    end
-
-where
-
-* `processes('process_name')` specifies the name of a process to check. If this is a string, it will be converted to a Regexp. For more specificity, pass a Regexp directly. If left blank, all processes will be returned.
-* `property_name` may be used to test user (`its('users')`) and state properties (`its('states')`)
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test if the list length for the mysqld process is 1
-
-    describe processes('mysqld') do
-      its('list.length') { should eq 1 }
-    end
-
-### Test if the process is owned by a specifc user
-
-    describe processes('init') do
-      its('users') { should eq ['root'] }
-    end
-
-    describe processes('winlogon') do
-      its('users') { should cmp "NT AUTHORITY\\SYSTEM" }
-    end
-
-
-### Test if a high-priority process is running
-
-    describe processes('linux_process') do
-      its('states') { should eq ['R<'] }
-    end
-
-    describe processes('windows_process') do
-      its('labels') { should cmp "High" }
-    end
-
-### Test if a process exists on the system
-
-    describe processes('some_process') do
-      it { should exist }
-    end
-
-### Test for a process using a specific Regexp
-
-If the process name is too common for a string to uniquely find it,
-you may use a regexp. Inclusion of whitespace characters may be
-needed.
-
-    describe processes(Regexp.new("/usr/local/bin/swap -d")) do
-      its('list.length') { should eq 1 }
-    end
-
-### Notes for auditing Windows systems
-
-Sometimes with system properties there isn't a direct comparison between different operating systems.
-Most of the `property_name`'s do align between the different OS's.
-
-There are however some exception's, for example, within linux `states` offers multiple properties.
-Windows doesn't have direct comparison that is a single property so instead `states` is mapped to the property of `Responding`, This is a boolean true/false flag to help determine if the process is hung.
-
-Below is a mapping table to help you understand what property the unix field maps to the windows `Get-Process` Property
-
-| *unix ps field* | *windows PowerShell Property* |
-|:---------------:|:-----------------------------:|
-|labels           |PriorityClass|
-|pids             |Id|
-|cpus             |CPU|
-|mem              |PM|
-|vsz              |VirtualMemorySize|
-|rss              |NPM|
-|tty              |SessionId|
-|states           |Responding|
-|start            |StartTime|
-|time             |TotalProcessorTime|
-|users            |UserName|
-|commands         |Path|
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### property_name
-
-The `property_name` matcher tests the named property for the specified value:
-
-    its('property_name') { should eq ['property_value'] }
+---
+title: About the processes Resource
+platform: os
+---
+
+# processes
+
+Use the `processes` InSpec audit resource to test properties for programs that are running on the system.
+
+<br>
+
+## Syntax
+
+A `processes` resource block declares the name of the process to be tested, and then declares one (or more) property/value pairs:
+
+    describe processes('process_name') do
+      its('property_name') { should eq ['property_value'] }
+    end
+
+where
+
+* `processes('process_name')` specifies the name of a process to check. If this is a string, it will be converted to a Regexp. For more specificity, pass a Regexp directly. If left blank, all processes will be returned.
+* `property_name` may be used to test user (`its('users')`) and state properties (`its('states')`)
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if the list length for the mysqld process is 1
+
+    describe processes('mysqld') do
+      its('list.length') { should eq 1 }
+    end
+
+### Test if the process is owned by a specifc user
+
+    describe processes('init') do
+      its('users') { should eq ['root'] }
+    end
+
+    describe processes('winlogon') do
+      its('users') { should cmp "NT AUTHORITY\\SYSTEM" }
+    end
+
+
+### Test if a high-priority process is running
+
+    describe processes('linux_process') do
+      its('states') { should eq ['R<'] }
+    end
+
+    describe processes('windows_process') do
+      its('labels') { should cmp "High" }
+    end
+
+### Test if a process exists on the system
+
+    describe processes('some_process') do
+      it { should exist }
+    end
+
+### Test for a process using a specific Regexp
+
+If the process name is too common for a string to uniquely find it,
+you may use a regexp. Inclusion of whitespace characters may be
+needed.
+
+    describe processes(Regexp.new("/usr/local/bin/swap -d")) do
+      its('list.length') { should eq 1 }
+    end
+
+### Notes for auditing Windows systems
+
+Sometimes with system properties there isn't a direct comparison between different operating systems.
+Most of the `property_name`'s do align between the different OS's.
+
+There are however some exception's, for example, within linux `states` offers multiple properties.
+Windows doesn't have direct comparison that is a single property so instead `states` is mapped to the property of `Responding`, This is a boolean true/false flag to help determine if the process is hung.
+
+Below is a mapping table to help you understand what property the unix field maps to the windows `Get-Process` Property
+
+| *unix ps field* | *windows PowerShell Property* |
+|:---------------:|:-----------------------------:|
+|labels           |PriorityClass|
+|pids             |Id|
+|cpus             |CPU|
+|mem              |PM|
+|vsz              |VirtualMemorySize|
+|rss              |NPM|
+|tty              |SessionId|
+|states           |Responding|
+|start            |StartTime|
+|time             |TotalProcessorTime|
+|users            |UserName|
+|commands         |Path|
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### property_name
+
+The `property_name` matcher tests the named property for the specified value:
+
+    its('property_name') { should eq ['property_value'] }