inspec 2.1.0 → 2.1.10

data/Gemfile

@@ -1,55 +1,55 @@
-# encoding: utf-8
-source 'https://rubygems.org'
-gemspec
-
-if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2.2')
-  gem 'json', '~> 1.8'
-  gem 'rack', '< 2.0'
-end
-
-gem 'ffi', '>= 1.9.14'
-gem 'aws-sdk', '~> 2'
-
-group :test do
-  gem 'bundler', '~> 1.5'
-  gem 'minitest', '~> 5.5'
-  gem 'rake', '>= 10'
-  gem 'rubocop', '= 0.49.1'
-  gem 'simplecov', '~> 0.10'
-  gem 'concurrent-ruby', '~> 1.0'
-  gem 'mocha', '~> 1.1'
-  gem 'ruby-progressbar', '~> 1.8'
-  gem 'webmock', '~> 2.3.2'
-  gem 'jsonschema', '~> 2.0.2'
-  gem 'passgen'
-  gem 'm'
-end
-
-group :integration do
-  gem 'berkshelf', '~> 4.3'
-  gem 'test-kitchen', '~> 1.6'
-  gem 'kitchen-vagrant'
-  # we need winrm v2 support >= 0.15.1
-  gem 'kitchen-inspec', '>= 0.15.1'
-  gem 'kitchen-ec2'
-  gem 'kitchen-dokken'
-end
-
-group :tools do
-  gem 'pry', '~> 0.10'
-  gem 'rb-readline'
-  gem 'license_finder'
-end
-
-# gems for Maintainers.md generation
-group :maintenance do
-  gem 'tomlrb'
-
-  # To sync maintainers with github
-  gem 'octokit'
-  gem 'netrc'
-end
-
-group :deploy do
-  gem 'inquirer'
-end
+# encoding: utf-8
+source 'https://rubygems.org'
+gemspec
+
+if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2.2')
+  gem 'json', '~> 1.8'
+  gem 'rack', '< 2.0'
+end
+
+gem 'ffi', '>= 1.9.14'
+gem 'aws-sdk', '~> 2'
+
+group :test do
+  gem 'bundler', '~> 1.5'
+  gem 'minitest', '~> 5.5'
+  gem 'rake', '>= 10'
+  gem 'rubocop', '= 0.49.1'
+  gem 'simplecov', '~> 0.10'
+  gem 'concurrent-ruby', '~> 1.0'
+  gem 'mocha', '~> 1.1'
+  gem 'ruby-progressbar', '~> 1.8'
+  gem 'webmock', '~> 2.3.2'
+  gem 'jsonschema', '~> 2.0.2'
+  gem 'passgen'
+  gem 'm'
+end
+
+group :integration do
+  gem 'berkshelf', '~> 4.3'
+  gem 'test-kitchen', '~> 1.6'
+  gem 'kitchen-vagrant'
+  # we need winrm v2 support >= 0.15.1
+  gem 'kitchen-inspec', '>= 0.15.1'
+  gem 'kitchen-ec2'
+  gem 'kitchen-dokken'
+end
+
+group :tools do
+  gem 'pry', '~> 0.10'
+  gem 'rb-readline'
+  gem 'license_finder'
+end
+
+# gems for Maintainers.md generation
+group :maintenance do
+  gem 'tomlrb'
+
+  # To sync maintainers with github
+  gem 'octokit'
+  gem 'netrc'
+end
+
+group :deploy do
+  gem 'inquirer'
+end

data/LICENSE

@@ -1,14 +1,14 @@
-Copyright (c) 2015 Chef Software Inc.
-Copyright (c) 2015 Vulcano Security GmbH.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
+Copyright (c) 2015 Chef Software Inc.
+Copyright (c) 2015 Vulcano Security GmbH.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/MAINTAINERS.md

@@ -1,33 +1,33 @@
-<!-- This is a generated file. Please do not edit directly -->
-
-<!-- Modify MAINTAINERS.toml and run `rake maintainers:generate` to regenerate. -->
-
-# Maintainers
-
-This file lists how the InSpec project is maintained. When making changes to the
-system, this file tells you who needs to review your patch - you need at least
-two maintainers to provide a :+1: on your pull request. Additionally, you need
-to not receive a veto from a Lieutenant or the Project Lead.
-Check out [How Chef is Maintained](https://github.com/chef/chef-rfc/blob/master/rfc030-maintenance-policy.md#how-the-project-is-maintained)
-for details on the process, how to become a maintainer, lieutenant, or the
-project lead.
-
-## Components
-
-## InSpec
-
-  Handles the [InSpec](https://github.com/chef/inspec) toolset.
-  
-To mention the team, use @chef/inspec-maintainers
-
-### Lieutenant
-
-* [Dominik Richter](https://github.com/arlimus)
-
-### Maintainers
-
-* [Christoph Hartmann](https://github.com/chris-rock)
-* [Adam Leff](https://github.com/adamleff)
-* [Alex Pop](https://github.com/alexpop)
-* [Jared Quick](https://github.com/jquick)
-
+<!-- This is a generated file. Please do not edit directly -->
+
+<!-- Modify MAINTAINERS.toml and run `rake maintainers:generate` to regenerate. -->
+
+# Maintainers
+
+This file lists how the InSpec project is maintained. When making changes to the
+system, this file tells you who needs to review your patch - you need at least
+two maintainers to provide a :+1: on your pull request. Additionally, you need
+to not receive a veto from a Lieutenant or the Project Lead.
+Check out [How Chef is Maintained](https://github.com/chef/chef-rfc/blob/master/rfc030-maintenance-policy.md#how-the-project-is-maintained)
+for details on the process, how to become a maintainer, lieutenant, or the
+project lead.
+
+## Components
+
+## InSpec
+
+  Handles the [InSpec](https://github.com/chef/inspec) toolset.
+  
+To mention the team, use @chef/inspec-maintainers
+
+### Lieutenant
+
+* [Dominik Richter](https://github.com/arlimus)
+
+### Maintainers
+
+* [Christoph Hartmann](https://github.com/chris-rock)
+* [Adam Leff](https://github.com/adamleff)
+* [Alex Pop](https://github.com/alexpop)
+* [Jared Quick](https://github.com/jquick)
+

data/MAINTAINERS.toml

@@ -1,52 +1,52 @@
-[Preamble]
-  title = "Maintainers"
-  text = """
-This file lists how the InSpec project is maintained. When making changes to the
-system, this file tells you who needs to review your patch - you need at least
-two maintainers to provide a :+1: on your pull request. Additionally, you need
-to not receive a veto from a Lieutenant or the Project Lead.
-Check out [How Chef is Maintained](https://github.com/chef/chef-rfc/blob/master/rfc030-maintenance-policy.md#how-the-project-is-maintained)
-for details on the process, how to become a maintainer, lieutenant, or the
-project lead.
-"""
-
-[Org]
-  [Org.Components]
-     title = "Components"
-
-     [Org.Components.InSpec]
-        title = "InSpec"
-        text = """
-  Handles the [InSpec](https://github.com/chef/inspec) toolset.
-  """
-        team = "inspec-maintainers"
-
-        lieutenant = "arlimus"
-
-        maintainers = [
-          "chris-rock",
-          "adamleff",
-          "alexpop",
-          "jquick"
-        ]
-
-[people]
-  [people.arlimus]
-    Name = "Dominik Richter"
-    GitHub = "arlimus"
-
-  [people.chris-rock]
-    Name = "Christoph Hartmann"
-    GitHub = "chris-rock"
-
-  [people.adamleff]
-    Name = "Adam Leff"
-    GitHub = "adamleff"
-
-  [people.alexpop]
-    Name = "Alex Pop"
-    GitHub = "alexpop"
-
-  [people.jquick]
-    Name = "Jared Quick"
-    GitHub = "jquick"
+[Preamble]
+  title = "Maintainers"
+  text = """
+This file lists how the InSpec project is maintained. When making changes to the
+system, this file tells you who needs to review your patch - you need at least
+two maintainers to provide a :+1: on your pull request. Additionally, you need
+to not receive a veto from a Lieutenant or the Project Lead.
+Check out [How Chef is Maintained](https://github.com/chef/chef-rfc/blob/master/rfc030-maintenance-policy.md#how-the-project-is-maintained)
+for details on the process, how to become a maintainer, lieutenant, or the
+project lead.
+"""
+
+[Org]
+  [Org.Components]
+     title = "Components"
+
+     [Org.Components.InSpec]
+        title = "InSpec"
+        text = """
+  Handles the [InSpec](https://github.com/chef/inspec) toolset.
+  """
+        team = "inspec-maintainers"
+
+        lieutenant = "arlimus"
+
+        maintainers = [
+          "chris-rock",
+          "adamleff",
+          "alexpop",
+          "jquick"
+        ]
+
+[people]
+  [people.arlimus]
+    Name = "Dominik Richter"
+    GitHub = "arlimus"
+
+  [people.chris-rock]
+    Name = "Christoph Hartmann"
+    GitHub = "chris-rock"
+
+  [people.adamleff]
+    Name = "Adam Leff"
+    GitHub = "adamleff"
+
+  [people.alexpop]
+    Name = "Alex Pop"
+    GitHub = "alexpop"
+
+  [people.jquick]
+    Name = "Jared Quick"
+    GitHub = "jquick"

data/README.md

@@ -1,446 +1,447 @@
-# InSpec: Inspect Your Infrastructure
-
-[![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
-[![Build Status Master](https://travis-ci.org/chef/inspec.svg?branch=master)](https://travis-ci.org/chef/inspec)
-[![Build Status Master](https://ci.appveyor.com/api/projects/status/github/chef/inspec?branch=master&svg=true&passingText=master%20-%20Ok&pendingText=master%20-%20Pending&failingText=master%20-%20Failing)](https://ci.appveyor.com/project/Chef/inspec/branch/master)
-
-InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
-
-```ruby
-# Disallow insecure protocols by testing
-
-describe package('telnetd') do
-  it { should_not be_installed }
-end
-
-describe inetd_conf do
-  its("telnet") { should eq nil }
-end
-```
-
-InSpec makes it easy to run your tests wherever you need. More options are found in our [CLI docs](https://www.inspec.io/docs/reference/cli/).
-
-```bash
-# run test locally
-inspec exec test.rb
-
-# run test on remote host on SSH
-inspec exec test.rb -t ssh://user@hostname -i /path/to/key
-
-# run test on remote host using SSH agent private key authentication. Requires InSpec 1.7.1
-inspec exec test.rb -t ssh://user@hostname
-
-# run test on remote windows host on WinRM
-inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
-
-# run test on docker container
-inspec exec test.rb -t docker://container_id
-```
-
-# Features
-
-- Built-in Compliance: Compliance no longer occurs at the end of the release cycle
-- Targeted Tests: InSpec writes tests that specifically target compliance issues
-- Metadata: Includes the metadata required by security and compliance pros
-- Easy Testing: Includes a command-line interface to run tests quickly
-
-## Installation
-
-InSpec requires Ruby ( >1.9 ).
-
-### Install as package
-
-The InSpec package is available for MacOS, RedHat, Ubuntu and Windows. Download the latest package at [InSpec Downloads](https://downloads.chef.io/inspec) or install InSpec via script:
-
-```
-# RedHat, Ubuntu, and macOS
-curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P inspec
-
-# Windows
-. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project inspec
-```
-
-### Install it via rubygems.org
-
-When installing from source, gem dependencies may require ruby build tools to be installed.
-
-For CentOS/RedHat/Fedora:
-
-```bash
-yum -y install ruby ruby-devel make gcc gcc-c++
-```
-
-For Ubuntu:
-
-```bash
-apt-get -y install ruby ruby-dev gcc g++ make
-```
-
-To install inspec from [rubygems](https://rubygems.org/):
-
-```bash
-gem install inspec
-```
-
-### Usage via Docker
-
-Download the image and define a function for convenience:
-
-For Linux:
-
-```
-docker pull chef/inspec
-function inspec { docker run -it --rm -v $(pwd):/share chef/inspec $@; }
-```
-
-For Windows (PowerShell):
-
-```
-docker pull chef/inspec
-function inspec { docker run -it --rm -v "$(pwd):/share" chef/inspec $args; }
-```
-
-If you call `inspec` from your shell, it automatically mounts the current directory into the Docker container. Therefore you can easily use local tests and key files. Note: Only files in the current directory and sub-directories are available within the container.
-
-```
-$ ls -1
-vagrant
-test.rb
-
-$ inspec exec test.rb -t ssh://root@192.168.64.2:11022 -i vagrant
-..
-
-Finished in 0.04321 seconds (files took 0.54917 seconds to load)
-2 examples, 0 failures
-```
-
-
-### Install it from source
-
-That requires [bundler](http://bundler.io/):
-
-```bash
-bundle install
-bundle exec bin/inspec help
-```
-
-To install it as a gem locally, run:
-
-```bash
-gem build inspec.gemspec
-gem install inspec-*.gem
-```
-
-On Windows, you need to install [Ruby](http://rubyinstaller.org/downloads/) with [Ruby Development Kit](https://github.com/oneclick/rubyinstaller/wiki/Development-Kit) to build dependencies with its native extensions.
-
-### Install via Habitat
-
-Currently, this method of installation only supports Linux. See the [Habitat site](https://www.habitat.sh/) for more information.
-
-Download the `hab` binary from the [Habitat](https://www.habitat.sh/docs/get-habitat/) site.
-
-```bash
-hab pkg install chef/inspec
-export PATH="$(hab pkg path core/ruby)/bin:$(hab pkg path chef/inspec)/bin:$PATH"
-
-inspec
-```
-
-### Run InSpec
-
-You should now be able to run:
-
-```bash
-$ inspec --help
-Commands:
-  inspec archive PATH                # archive a profile to tar.gz (default) ...
-  inspec check PATH                  # verify all tests at the specified PATH
-  inspec compliance SUBCOMMAND ...   # Chef Compliance commands
-  inspec detect                      # detect the target OS
-  inspec exec PATH(S)                # run all test files at the specified PATH.
-  inspec help [COMMAND]              # Describe available commands or one spe...
-  inspec init TEMPLATE ...           # Scaffolds a new project
-  inspec json PATH                   # read all tests in PATH and generate a ...
-  inspec shell                       # open an interactive debugging shell
-  inspec supermarket SUBCOMMAND ...  # Supermarket commands
-  inspec version                     # prints the version of this tool
-
-Options:
-  [--diagnose], [--no-diagnose]  # Show diagnostics (versions, configurations)
-```
-
-# Examples
-
-* Only accept requests on secure ports - This test ensures that a web server is only listening on well-secured ports.
-
-```ruby
-describe port(80) do
-  it { should_not be_listening }
-end
-
-describe port(443) do
-  it { should be_listening }
-  its('protocols') {should include 'tcp'}
-end
-```
-
-* Use approved strong ciphers - This test ensures that only enterprise-compliant ciphers are used for SSH servers.
-
-```ruby
-describe sshd_config do
-   its('Ciphers') { should eq('chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr') }
-end
-```
-
-* Test your `kitchen.yml` file to verify that only Vagrant is configured as the driver.  The %w() formatting will
-pass rubocop lintng and allow you to access nested mappings.
-
-```ruby
-describe yaml('.kitchen.yml') do
-  its(%w(driver name)) { should eq('vagrant') }
-end
-```
-
-Also have a look at our examples for:
-- [Using InSpec with Test Kitchen & Chef](https://github.com/chef/inspec/tree/master/examples/kitchen-chef)
-- [Using InSpec with Test Kitchen & Puppet](https://github.com/chef/inspec/tree/master/examples/kitchen-puppet)
-- [Using InSpec with Test Kitchen & Ansible](https://github.com/chef/inspec/tree/master/examples/kitchen-ansible)
-- [Implementing an InSpec profile](https://github.com/chef/inspec/tree/master/examples/profile)
-
-## Or tests: Testing for a OR b
-
-* Using describe.one, you can test for a or b.  The control will be marked as passing if EITHER condition is met.
-
-```ruby
-control 'or-test' do
-  impact 1.0
-  title 'This is a OR test'
-  describe.one do
-    describe ssh_config do
-      its('Protocol') { should eq('3') }
-    end
-    describe ssh_config do
-      its('Protocol') { should eq('2') }
-    end
-  end
-end
-```
-
-## Command Line Usage
-
-### exec
-
-Run tests against different targets:
-
-```bash
-# run test locally
-inspec exec test.rb
-
-# run test on remote host on SSH
-inspec exec test.rb -t ssh://user@hostname
-
-# run test on remote windows host on WinRM
-inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
-
-# run test on docker container
-inspec exec test.rb -t docker://container_id
-
-# run with sudo
-inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_command ...]
-
-# run in a subshell
-inspec exec test.rb --shell [--shell-options ...] [--shell-command ...]
-
-# run a profile targeting AWS using env vars
-inspec exec test.rb -t aws://
-
-# or store your AWS credentials in your ~/.aws/credentials profiles file
-inspec exec test.rb -t aws://us-east-2/my-profile
-
-# run a profile targeting Azure using env vars
-inspec exec test.rb -t azure://
-
-# or store your Azure credentials in your ~/.azure/credentials profiles file
-inspec exec test.rb -t azure://subscription_id
-```
-
-### detect
-
-Verify your configuration and detect
-
-```bash
-id=$( docker run -dti ubuntu:14.04 /bin/bash )
-inspec detect -t docker://$id
-```
-
-Which will provide you with:
-
-```
-{"family":"ubuntu","release":"14.04","arch":null}
-```
-
-## Supported OS
-
-Remote Targets
-
-| Platform                     | Versions                                         | Architectures |
-| ---------------------------- | ------------------------------------------------ | ------------- |
-| AIX                          | 6.1, 7.1, 7.2                                    | ppc64         |
-| CentOS                       | 5, 6, 7                                          | i386, x86_64  |
-| Debian                       | 7, 8                                             | i386, x86_64  |
-| FreeBSD                      | 9, 10                                            | i386, amd64   |
-| Mac OS X                     | 10.9, 10.10, 10.11                               | x86_64        |
-| Oracle Enterprise Linux      | 5, 6, 7                                          | i386, x86_64  |
-| Red Hat Enterprise Linux     | 5, 6, 7                                          | i386, x86_64  |
-| Solaris                      | 10, 11                                           | sparc, x86    |
-| Windows                      | 7, 8, 8.1, 10, 2008, 2008R2 , 2012, 2012R2, 2016 | x86, x86_64   |
-| Ubuntu Linux                 |                                                  | x86, x86_64   |
-| SUSE Linux Enterprise Server | 11, 12                                           | x86_64        |
-| Scientific Linux             | 5.x, 6.x and 7.x                                 | i386, x86_64  |
-| Fedora                       |                                                  | x86_64        |
-| OpenSUSE                     | 13.1/13.2/42.1                                   | x86_64        |
-| OmniOS                       |                                                  | x86_64        |
-| Gentoo Linux                 |                                                  | x86_64        |
-| Arch Linux                   |                                                  | x86_64        |
-| HP-UX                        | 11.31                                            | ia64          |
-
-*For Windows, PowerShell 3.0 or above is required.*
-
-In addition, runtime support is provided for:
-
-| Platform | Versions |
-| -------- | -------- |
-| Debian   | 8        |
-| RHEL     | 6, 7     |
-| Ubuntu   | 12.04+   |
-| Windows  | 7+       |
-| Windows  | 2012+    |
-
-## Documentation
-
-Documentation
-
- * https://www.inspec.io/docs/
- * https://www.inspec.io/docs/reference/resources/
- * https://github.com/chef/inspec/tree/master/docs
-
-Tutorials/Blogs/Podcasts:
-
- * https://www.inspec.io/tutorials/
-
-Relationship to other tools (RSpec, Serverspec):
-
- * https://www.inspec.io/docs/reference/inspec_and_friends/
-
-## Share your Profiles
-
-You may share your InSpec Profiles in the [Tools & Plugins section](https://supermarket.chef.io/tools-directory) of the [Chef Supermarket](https://supermarket.chef.io/).  [Sign in](https://supermarket.chef.io/sign-in) and [add the details of your profile](https://supermarket.chef.io/tools/new).
-
-You may also [browse the Supermarket for shared Compliance Profiles](https://supermarket.chef.io/tools?type=compliance_profile).
-
-## Kudos
-
-InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!
-
-The AWS resources were inspired by [inspec-aws](https://github.com/arothian/inspec-aws) from [arothian](https://github.com/arothian).
-
-## Contribute
-
-1. Fork it
-1. Create your feature branch (git checkout -b my-new-feature)
-1. Commit your changes (git commit -am 'Add some feature')
-1. Push to the branch (git push origin my-new-feature)
-1. Create new Pull Request
-
-
-The InSpec community and maintainers are very active and helpful. This project benefits greatly from this activity.
-
-[![InSpec health](https://graphs.waffle.io/chef/inspec/throughput.svg)](https://waffle.io/chef/inspec/metrics/throughput)
-
-
-## Testing InSpec
-
-We offer `unit`, `integration`, and `aws` tests.
-
-- `unit` tests ensure the intended behaviour of the implementation
-- `integration` tests run against Docker-based VMs via test-kitchen and [kitchen-inspec](https://github.com/chef/kitchen-inspec)
-- `aws` tests exercise the AWS resources against real AWS accounts
-
-### Unit tests
-
-```bash
-bundle exec rake test
-```
-
-If you like to run only one test file:
-
-```bash
-bundle exec m test/unit/resources/user_test.rb
-```
-
-You may also run a single test within a file by line number:
-
-```bash
-bundle exec m test/unit/resources/user_test.rb -l 123
-
-### Integration tests
-
-These tests download various virtual machines, to ensure InSpec is working as expected across different operating systems.
-
-These tests require the following gems:
-
-- test-kitchen
-- kitchen-dokken
-- kitchen-inspec
-
-These gems are provided via the `integration` group in the project's Gemfile.
-
-In addition, these test require Docker to be available on your machine or a remote Docker machine configured via the standard Docker environment variables.
-
-#### Running Integration tests
-
-List the various test instances available:
-
-```bash
-bundle exec kitchen list
-```
-
-The platforms and test suites are configured in the `.kitchen.yml` file. Once you know which instance you wish to test, test that instance:
-
-```bash
-bundle exec kitchen test <INSTANCE_NAME>
-```
-
-You may test all instances in parallel with:
-
-```bash
-bundle exec kitchen test -c
-```
-
-### AWS Tests
-
-Use the rake task `bundle exec rake test:aws` to test the AWS resources against a pair of real AWS accounts.
-
-Please see [TESTING_AGAINST_AWS.md](./test/integration/aws/TESTING_AGAINST_AWS.md) for details on how to setup the needed AWS accounts to perform testing.
-
-## License
-
-|                |                                           |
-| -------------- | ----------------------------------------- |
-| **Author:**    | Dominik Richter (<drichter@chef.io>)      |
-| **Author:**    | Christoph Hartmann (<chartmann@chef.io>)  |
-| **Copyright:** | Copyright (c) 2015 Vulcano Security GmbH. |
-| **Copyright:** | Copyright (c) 2017 Chef Software Inc.     |
-| **License:**   | Apache License, Version 2.0               |
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+# InSpec: Inspect Your Infrastructure
+
+[![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
+[![Build Status Master](https://travis-ci.org/chef/inspec.svg?branch=master)](https://travis-ci.org/chef/inspec)
+[![Build Status Master](https://ci.appveyor.com/api/projects/status/github/chef/inspec?branch=master&svg=true&passingText=master%20-%20Ok&pendingText=master%20-%20Pending&failingText=master%20-%20Failing)](https://ci.appveyor.com/project/Chef/inspec/branch/master)
+
+InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
+
+```ruby
+# Disallow insecure protocols by testing
+
+describe package('telnetd') do
+  it { should_not be_installed }
+end
+
+describe inetd_conf do
+  its("telnet") { should eq nil }
+end
+```
+
+InSpec makes it easy to run your tests wherever you need. More options are found in our [CLI docs](https://www.inspec.io/docs/reference/cli/).
+
+```bash
+# run test locally
+inspec exec test.rb
+
+# run test on remote host on SSH
+inspec exec test.rb -t ssh://user@hostname -i /path/to/key
+
+# run test on remote host using SSH agent private key authentication. Requires InSpec 1.7.1
+inspec exec test.rb -t ssh://user@hostname
+
+# run test on remote windows host on WinRM
+inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
+
+# run test on docker container
+inspec exec test.rb -t docker://container_id
+```
+
+# Features
+
+- Built-in Compliance: Compliance no longer occurs at the end of the release cycle
+- Targeted Tests: InSpec writes tests that specifically target compliance issues
+- Metadata: Includes the metadata required by security and compliance pros
+- Easy Testing: Includes a command-line interface to run tests quickly
+
+## Installation
+
+InSpec requires Ruby ( >1.9 ).
+
+### Install as package
+
+The InSpec package is available for MacOS, RedHat, Ubuntu and Windows. Download the latest package at [InSpec Downloads](https://downloads.chef.io/inspec) or install InSpec via script:
+
+```
+# RedHat, Ubuntu, and macOS
+curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P inspec
+
+# Windows
+. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project inspec
+```
+
+### Install it via rubygems.org
+
+When installing from source, gem dependencies may require ruby build tools to be installed.
+
+For CentOS/RedHat/Fedora:
+
+```bash
+yum -y install ruby ruby-devel make gcc gcc-c++
+```
+
+For Ubuntu:
+
+```bash
+apt-get -y install ruby ruby-dev gcc g++ make
+```
+
+To install inspec from [rubygems](https://rubygems.org/):
+
+```bash
+gem install inspec
+```
+
+### Usage via Docker
+
+Download the image and define a function for convenience:
+
+For Linux:
+
+```
+docker pull chef/inspec
+function inspec { docker run -it --rm -v $(pwd):/share chef/inspec $@; }
+```
+
+For Windows (PowerShell):
+
+```
+docker pull chef/inspec
+function inspec { docker run -it --rm -v "$(pwd):/share" chef/inspec $args; }
+```
+
+If you call `inspec` from your shell, it automatically mounts the current directory into the Docker container. Therefore you can easily use local tests and key files. Note: Only files in the current directory and sub-directories are available within the container.
+
+```
+$ ls -1
+vagrant
+test.rb
+
+$ inspec exec test.rb -t ssh://root@192.168.64.2:11022 -i vagrant
+..
+
+Finished in 0.04321 seconds (files took 0.54917 seconds to load)
+2 examples, 0 failures
+```
+
+
+### Install it from source
+
+That requires [bundler](http://bundler.io/):
+
+```bash
+bundle install
+bundle exec bin/inspec help
+```
+
+To install it as a gem locally, run:
+
+```bash
+gem build inspec.gemspec
+gem install inspec-*.gem
+```
+
+On Windows, you need to install [Ruby](http://rubyinstaller.org/downloads/) with [Ruby Development Kit](https://github.com/oneclick/rubyinstaller/wiki/Development-Kit) to build dependencies with its native extensions.
+
+### Install via Habitat
+
+Currently, this method of installation only supports Linux. See the [Habitat site](https://www.habitat.sh/) for more information.
+
+Download the `hab` binary from the [Habitat](https://www.habitat.sh/docs/get-habitat/) site.
+
+```bash
+hab pkg install chef/inspec
+export PATH="$(hab pkg path core/ruby)/bin:$(hab pkg path chef/inspec)/bin:$PATH"
+
+inspec
+```
+
+### Run InSpec
+
+You should now be able to run:
+
+```bash
+$ inspec --help
+Commands:
+  inspec archive PATH                # archive a profile to tar.gz (default) ...
+  inspec check PATH                  # verify all tests at the specified PATH
+  inspec compliance SUBCOMMAND ...   # Chef Compliance commands
+  inspec detect                      # detect the target OS
+  inspec exec PATH(S)                # run all test files at the specified PATH.
+  inspec help [COMMAND]              # Describe available commands or one spe...
+  inspec init TEMPLATE ...           # Scaffolds a new project
+  inspec json PATH                   # read all tests in PATH and generate a ...
+  inspec shell                       # open an interactive debugging shell
+  inspec supermarket SUBCOMMAND ...  # Supermarket commands
+  inspec version                     # prints the version of this tool
+
+Options:
+  [--diagnose], [--no-diagnose]  # Show diagnostics (versions, configurations)
+```
+
+# Examples
+
+* Only accept requests on secure ports - This test ensures that a web server is only listening on well-secured ports.
+
+```ruby
+describe port(80) do
+  it { should_not be_listening }
+end
+
+describe port(443) do
+  it { should be_listening }
+  its('protocols') {should include 'tcp'}
+end
+```
+
+* Use approved strong ciphers - This test ensures that only enterprise-compliant ciphers are used for SSH servers.
+
+```ruby
+describe sshd_config do
+   its('Ciphers') { should eq('chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr') }
+end
+```
+
+* Test your `kitchen.yml` file to verify that only Vagrant is configured as the driver.  The %w() formatting will
+pass rubocop linting and allow you to access nested mappings.
+
+```ruby
+describe yaml('.kitchen.yml') do
+  its(%w(driver name)) { should eq('vagrant') }
+end
+```
+
+Also have a look at our examples for:
+- [Using InSpec with Test Kitchen & Chef](https://github.com/chef/inspec/tree/master/examples/kitchen-chef)
+- [Using InSpec with Test Kitchen & Puppet](https://github.com/chef/inspec/tree/master/examples/kitchen-puppet)
+- [Using InSpec with Test Kitchen & Ansible](https://github.com/chef/inspec/tree/master/examples/kitchen-ansible)
+- [Implementing an InSpec profile](https://github.com/chef/inspec/tree/master/examples/profile)
+
+## Or tests: Testing for a OR b
+
+* Using describe.one, you can test for a or b.  The control will be marked as passing if EITHER condition is met.
+
+```ruby
+control 'or-test' do
+  impact 1.0
+  title 'This is a OR test'
+  describe.one do
+    describe ssh_config do
+      its('Protocol') { should eq('3') }
+    end
+    describe ssh_config do
+      its('Protocol') { should eq('2') }
+    end
+  end
+end
+```
+
+## Command Line Usage
+
+### exec
+
+Run tests against different targets:
+
+```bash
+# run test locally
+inspec exec test.rb
+
+# run test on remote host on SSH
+inspec exec test.rb -t ssh://user@hostname
+
+# run test on remote windows host on WinRM
+inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
+
+# run test on docker container
+inspec exec test.rb -t docker://container_id
+
+# run with sudo
+inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_command ...]
+
+# run in a subshell
+inspec exec test.rb --shell [--shell-options ...] [--shell-command ...]
+
+# run a profile targeting AWS using env vars
+inspec exec test.rb -t aws://
+
+# or store your AWS credentials in your ~/.aws/credentials profiles file
+inspec exec test.rb -t aws://us-east-2/my-profile
+
+# run a profile targeting Azure using env vars
+inspec exec test.rb -t azure://
+
+# or store your Azure credentials in your ~/.azure/credentials profiles file
+inspec exec test.rb -t azure://subscription_id
+```
+
+### detect
+
+Verify your configuration and detect
+
+```bash
+id=$( docker run -dti ubuntu:14.04 /bin/bash )
+inspec detect -t docker://$id
+```
+
+Which will provide you with:
+
+```
+{"family":"ubuntu","release":"14.04","arch":null}
+```
+
+## Supported OS
+
+Remote Targets
+
+| Platform                     | Versions                                         | Architectures |
+| ---------------------------- | ------------------------------------------------ | ------------- |
+| AIX                          | 6.1, 7.1, 7.2                                    | ppc64         |
+| CentOS                       | 5, 6, 7                                          | i386, x86_64  |
+| Debian                       | 7, 8                                             | i386, x86_64  |
+| FreeBSD                      | 9, 10                                            | i386, amd64   |
+| Mac OS X                     | 10.9, 10.10, 10.11                               | x86_64        |
+| Oracle Enterprise Linux      | 5, 6, 7                                          | i386, x86_64  |
+| Red Hat Enterprise Linux     | 5, 6, 7                                          | i386, x86_64  |
+| Solaris                      | 10, 11                                           | sparc, x86    |
+| Windows                      | 7, 8, 8.1, 10, 2008, 2008R2 , 2012, 2012R2, 2016 | x86, x86_64   |
+| Ubuntu Linux                 |                                                  | x86, x86_64   |
+| SUSE Linux Enterprise Server | 11, 12                                           | x86_64        |
+| Scientific Linux             | 5.x, 6.x and 7.x                                 | i386, x86_64  |
+| Fedora                       |                                                  | x86_64        |
+| OpenSUSE                     | 13.1/13.2/42.1                                   | x86_64        |
+| OmniOS                       |                                                  | x86_64        |
+| Gentoo Linux                 |                                                  | x86_64        |
+| Arch Linux                   |                                                  | x86_64        |
+| HP-UX                        | 11.31                                            | ia64          |
+
+*For Windows, PowerShell 3.0 or above is required.*
+
+In addition, runtime support is provided for:
+
+| Platform | Versions |
+| -------- | -------- |
+| Debian   | 8        |
+| RHEL     | 6, 7     |
+| Ubuntu   | 12.04+   |
+| Windows  | 7+       |
+| Windows  | 2012+    |
+
+## Documentation
+
+Documentation
+
+ * https://www.inspec.io/docs/
+ * https://www.inspec.io/docs/reference/resources/
+ * https://github.com/chef/inspec/tree/master/docs
+
+Tutorials/Blogs/Podcasts:
+
+ * https://www.inspec.io/tutorials/
+
+Relationship to other tools (RSpec, Serverspec):
+
+ * https://www.inspec.io/docs/reference/inspec_and_friends/
+
+## Share your Profiles
+
+You may share your InSpec Profiles in the [Tools &amp; Plugins section](https://supermarket.chef.io/tools-directory) of the [Chef Supermarket](https://supermarket.chef.io/).  [Sign in](https://supermarket.chef.io/sign-in) and [add the details of your profile](https://supermarket.chef.io/tools/new).
+
+You may also [browse the Supermarket for shared Compliance Profiles](https://supermarket.chef.io/tools?type=compliance_profile).
+
+## Kudos
+
+InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!
+
+The AWS resources were inspired by [inspec-aws](https://github.com/arothian/inspec-aws) from [arothian](https://github.com/arothian).
+
+## Contribute
+
+1. Fork it
+1. Create your feature branch (git checkout -b my-new-feature)
+1. Commit your changes (git commit -am 'Add some feature')
+1. Push to the branch (git push origin my-new-feature)
+1. Create new Pull Request
+
+
+The InSpec community and maintainers are very active and helpful. This project benefits greatly from this activity.
+
+[![InSpec health](https://graphs.waffle.io/chef/inspec/throughput.svg)](https://waffle.io/chef/inspec/metrics/throughput)
+
+
+## Testing InSpec
+
+We offer `unit`, `integration`, and `aws` tests.
+
+- `unit` tests ensure the intended behaviour of the implementation
+- `integration` tests run against Docker-based VMs via test-kitchen and [kitchen-inspec](https://github.com/chef/kitchen-inspec)
+- `aws` tests exercise the AWS resources against real AWS accounts
+
+### Unit tests
+
+```bash
+bundle exec rake test
+```
+
+If you like to run only one test file:
+
+```bash
+bundle exec m test/unit/resources/user_test.rb
+```
+
+You may also run a single test within a file by line number:
+
+```bash
+bundle exec m test/unit/resources/user_test.rb -l 123
+```
+
+### Integration tests
+
+These tests download various virtual machines, to ensure InSpec is working as expected across different operating systems.
+
+These tests require the following gems:
+
+- test-kitchen
+- kitchen-dokken
+- kitchen-inspec
+
+These gems are provided via the `integration` group in the project's Gemfile.
+
+In addition, these test require Docker to be available on your machine or a remote Docker machine configured via the standard Docker environment variables.
+
+#### Running Integration tests
+
+List the various test instances available:
+
+```bash
+bundle exec kitchen list
+```
+
+The platforms and test suites are configured in the `.kitchen.yml` file. Once you know which instance you wish to test, test that instance:
+
+```bash
+bundle exec kitchen test <INSTANCE_NAME>
+```
+
+You may test all instances in parallel with:
+
+```bash
+bundle exec kitchen test -c
+```
+
+### AWS Tests
+
+Use the rake task `bundle exec rake test:aws` to test the AWS resources against a pair of real AWS accounts.
+
+Please see [TESTING_AGAINST_AWS.md](./test/integration/aws/TESTING_AGAINST_AWS.md) for details on how to setup the needed AWS accounts to perform testing.
+
+## License
+
+|                |                                           |
+| -------------- | ----------------------------------------- |
+| **Author:**    | Dominik Richter (<drichter@chef.io>)      |
+| **Author:**    | Christoph Hartmann (<chartmann@chef.io>)  |
+| **Copyright:** | Copyright (c) 2015 Vulcano Security GmbH. |
+| **Copyright:** | Copyright (c) 2017 Chef Software Inc.     |
+| **License:**   | Apache License, Version 2.0               |
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.