inspec 2.1.0 → 2.1.10

data/docs/resources/passwd.md.erb

@@ -1,141 +1,141 @@
----
-title: About the passwd Resource
-platform: linux
----
-
-# passwd
-
-Use the `passwd` InSpec audit resource to test the contents of `/etc/passwd`, which contains the following information for users that may log into the system and/or as users that own running processes. The format for `/etc/passwd` includes:
-
-* A username
-* The password for that user (on newer systems passwords should be stored in `/etc/shadow` )
-* The user identifier (UID) assigned to that user
-* The group identifier (GID) assigned to that user
-* Additional information about that user
-* That user's home directory
-* That user's default command shell
-
-These entries are defined as a colon-delimited row in the file, one row per user:
-
-    root:x:1234:5678:additional_info:/home/dir/:/bin/bash
-
-<br>
-
-## Syntax
-
-A `passwd` resource block declares one (or more) users and associated user information to be tested:
-
-    describe passwd do
-      its('users') { should_not include 'forbidden_user' }
-    end
-
-    describe passwd.uid(filter) do
-      its('users') { should cmp 'root' }
-      its('count') { should eq 1 }
-    end
-
-where
-
-* `homes`, `gids`, `passwords`, `shells`, `uids`, and `users` are valid accessors for `passwd`
-* `filter` one (or more) arguments, for example: `passwd.users(/name/)` used to define filtering
-* `filter` may take any of the following arguments: `count` (retrieves the number of entries), `lines` (provides raw `passwd` lines), and `params` (returns an array of maps for all entries)
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test usernames and UIDs
-
-    describe passwd do
-      its('users') { should eq ['root', 'www-data'] }
-      its('uids') { should eq [0, 33] }
-    end
-
-### Select one user and test for multiple occurrences
-
-    describe passwd.uids(0) do
-      its('users') { should cmp 'root' }
-      its('count') { should eq 1 }
-    end
-
-    describe passwd.where { user == 'www-data' } do
-      its('uids') { should cmp 33 }
-      its('count') { should eq 1 }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### gids
-
-The `gids` matcher tests if the group indentifiers in the test match group identifiers in `/etc/passwd`:
-
-    its('gids') { should include 1234 }
-    its('gids') { should cmp 0 }
-
-### homes
-
-The `homes` matcher tests the absolute path to a user's home directory:
-
-    its('home') { should eq '/' }
-
-### length
-
-The `length` matcher tests the length of a password that appears in `/etc/passwd`:
-
-    its('length') { should be <= 32 }
-
-This matcher is best used in conjunction with filters. For example:
-
-    describe passwd.users('highlander') do
-       its('length') { should_not be < 16 }
-    end
-
-### passwords
-
-The `passwords` matcher tests if passwords are
-
-* Encrypted
-* Have direct logins disabled, as indicated by an asterisk (`*`)
-* In the `/etc/shadow` file, as indicated by the letter x (`x`)
-
-For example:
-
-    its('passwords') { should eq ['x'] }
-    its('passwords') { should cmp '*' }
-
-### shells
-
-The `shells` matcher tests the absolute path of a shell (or command) to which a user has access:
-
-    its('shells') { should_not include 'user' }
-
-or to find all users with the nologin shell:
-
-    describe passwd.shells(/nologin/) do
-      its('users') { should_not include 'my_login_user' }
-    end
-
-### uids
-
-The `uids` matcher tests if the user indentifiers in the test match user identifiers in `/etc/passwd`:
-
-    its('uids') { should eq ['1234', '1235'] }
-
-or:
-
-    describe passwd.uids(0) do
-      its('users') { should cmp 'root' }
-      its('count') { should eq 1 }
-    end
-
-### users
-
-The `users` matcher tests if the user names in the test match user names in `/etc/passwd`:
-
-    its('users') { should eq ['root', 'www-data'] }
+---
+title: About the passwd Resource
+platform: linux
+---
+
+# passwd
+
+Use the `passwd` InSpec audit resource to test the contents of `/etc/passwd`, which contains the following information for users that may log into the system and/or as users that own running processes. The format for `/etc/passwd` includes:
+
+* A username
+* The password for that user (on newer systems passwords should be stored in `/etc/shadow` )
+* The user identifier (UID) assigned to that user
+* The group identifier (GID) assigned to that user
+* Additional information about that user
+* That user's home directory
+* That user's default command shell
+
+These entries are defined as a colon-delimited row in the file, one row per user:
+
+    root:x:1234:5678:additional_info:/home/dir/:/bin/bash
+
+<br>
+
+## Syntax
+
+A `passwd` resource block declares one (or more) users and associated user information to be tested:
+
+    describe passwd do
+      its('users') { should_not include 'forbidden_user' }
+    end
+
+    describe passwd.uid(filter) do
+      its('users') { should cmp 'root' }
+      its('count') { should eq 1 }
+    end
+
+where
+
+* `homes`, `gids`, `passwords`, `shells`, `uids`, and `users` are valid accessors for `passwd`
+* `filter` one (or more) arguments, for example: `passwd.users(/name/)` used to define filtering
+* `filter` may take any of the following arguments: `count` (retrieves the number of entries), `lines` (provides raw `passwd` lines), and `params` (returns an array of maps for all entries)
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test usernames and UIDs
+
+    describe passwd do
+      its('users') { should eq ['root', 'www-data'] }
+      its('uids') { should eq [0, 33] }
+    end
+
+### Select one user and test for multiple occurrences
+
+    describe passwd.uids(0) do
+      its('users') { should cmp 'root' }
+      its('count') { should eq 1 }
+    end
+
+    describe passwd.where { user == 'www-data' } do
+      its('uids') { should cmp 33 }
+      its('count') { should eq 1 }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### gids
+
+The `gids` matcher tests if the group indentifiers in the test match group identifiers in `/etc/passwd`:
+
+    its('gids') { should include 1234 }
+    its('gids') { should cmp 0 }
+
+### homes
+
+The `homes` matcher tests the absolute path to a user's home directory:
+
+    its('home') { should eq '/' }
+
+### length
+
+The `length` matcher tests the length of a password that appears in `/etc/passwd`:
+
+    its('length') { should be <= 32 }
+
+This matcher is best used in conjunction with filters. For example:
+
+    describe passwd.users('highlander') do
+       its('length') { should_not be < 16 }
+    end
+
+### passwords
+
+The `passwords` matcher tests if passwords are
+
+* Encrypted
+* Have direct logins disabled, as indicated by an asterisk (`*`)
+* In the `/etc/shadow` file, as indicated by the letter x (`x`)
+
+For example:
+
+    its('passwords') { should eq ['x'] }
+    its('passwords') { should cmp '*' }
+
+### shells
+
+The `shells` matcher tests the absolute path of a shell (or command) to which a user has access:
+
+    its('shells') { should_not include 'user' }
+
+or to find all users with the nologin shell:
+
+    describe passwd.shells(/nologin/) do
+      its('users') { should_not include 'my_login_user' }
+    end
+
+### uids
+
+The `uids` matcher tests if the user indentifiers in the test match user identifiers in `/etc/passwd`:
+
+    its('uids') { should eq ['1234', '1235'] }
+
+or:
+
+    describe passwd.uids(0) do
+      its('users') { should cmp 'root' }
+      its('count') { should eq 1 }
+    end
+
+### users
+
+The `users` matcher tests if the user names in the test match user names in `/etc/passwd`:
+
+    its('users') { should eq ['root', 'www-data'] }

data/docs/resources/pip.md.erb

@@ -1,67 +1,67 @@
----
-title: About the pip Resource
-platform: os
----
-
-# pip
-
-Use the `pip` InSpec audit resource to test packages that are installed using the Python PIP installer.
-
-<br>
-
-## Syntax
-
-A `pip` resource block declares a package and (optionally) a package version:
-
-    describe pip('package_name') do
-      it { should be_installed }
-    end
-
-where
-
-* `'package_name'` is the name of the package, such as `'Jinja2'`
-* `be_installed` tests to see if the package described above is installed
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test if Jinja2 is installed on the system
-
-    describe pip('Jinja2') do
-      it { should be_installed }
-    end
-
-### Test if Jinja2 2.8 is installed on the system
-
-    describe pip('Jinja2') do
-      it { should be_installed }
-      its('version') { should eq '2.8' }
-    end
-
-### Test packages installed into a non-default location (e.g. virtualenv) by passing a custom path to pip executable
-
-    describe pip('Jinja2', '/path/to/bin/pip') do
-      it { should be_installed }
-      its('version') { should eq '2.8' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### be_installed
-
-The `be_installed` matcher tests if the named package is installed on the system:
-
-    it { should be_installed }
-
-### version
-
-The `version` matcher tests if the named package version is on the system:
-
-    its('version') { should eq '1.2.3' }
+---
+title: About the pip Resource
+platform: os
+---
+
+# pip
+
+Use the `pip` InSpec audit resource to test packages that are installed using the Python PIP installer.
+
+<br>
+
+## Syntax
+
+A `pip` resource block declares a package and (optionally) a package version:
+
+    describe pip('package_name') do
+      it { should be_installed }
+    end
+
+where
+
+* `'package_name'` is the name of the package, such as `'Jinja2'`
+* `be_installed` tests to see if the package described above is installed
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if Jinja2 is installed on the system
+
+    describe pip('Jinja2') do
+      it { should be_installed }
+    end
+
+### Test if Jinja2 2.8 is installed on the system
+
+    describe pip('Jinja2') do
+      it { should be_installed }
+      its('version') { should eq '2.8' }
+    end
+
+### Test packages installed into a non-default location (e.g. virtualenv) by passing a custom path to pip executable
+
+    describe pip('Jinja2', '/path/to/bin/pip') do
+      it { should be_installed }
+      its('version') { should eq '2.8' }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### be_installed
+
+The `be_installed` matcher tests if the named package is installed on the system:
+
+    it { should be_installed }
+
+### version
+
+The `version` matcher tests if the named package version is on the system:
+
+    its('version') { should eq '1.2.3' }

data/docs/resources/port.md.erb

@@ -1,137 +1,137 @@
----
-title: About the port Resource
-platform: os
----
-
-# port
-
-Use the `port` InSpec audit resource to test basic port properties, such as port, process, if it's listening.
-
-<br>
-
-## Syntax
-
-A `port` resource block declares a port, and then depending on what needs to be tested, a process, protocol, process identifier, and its state (is it listening?):
-
-    describe port(514) do
-      it { should be_listening }
-      its('processes') {should include 'syslog'}
-    end
-
-where the `processes` returns the processes listening on port 514.
-
-A filter may specify an attribute:
-
-    describe port.where { protocol =~ /tcp/ && port > 22 && port < 80 } do
-      it { should_not be_listening }
-    end
-
-where
-
-* `.where{}` specifies a block in which one (or more) attributes---`port`, `address`, `protocol`, `process`, `pid`, or `listening?`----scope the test to ports that match those attributes
-
-For example, to test if the SSH daemon is available on a Linux machine via the default port (22):
-
-    describe port(22) do
-      its('processes') { should include 'sshd' }
-      its('protocols') { should include 'tcp' }
-      its('addresses') { should include '0.0.0.0' }
-    end
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test port 80, listening with the TCP protocol
-
-    describe port(80) do
-      it { should be_listening }
-      its('protocols') { should cmp 'tcp' }
-    end
-
-### Test port 80, on a specific address
-
-A specific port address may be checked using either of the following examples:
-
-    describe port(80) do
-      it { should be_listening }
-      its('addresses') {should include '0.0.0.0'}
-    end
-
-or:
-
-    describe port('0.0.0.0', 80) do
-      it { should be_listening }
-    end
-
-### Test port 80, listening with TCP version IPv6 protocol
-
-    describe port(80) do
-      it { should be_listening }
-      its('protocols') { should cmp 'tcp6' }
-    end
-
-### Test that only secure ports accept requests
-
-    describe port(80) do
-      it { should_not be_listening }
-    end
-
-    describe port(443) do
-      it { should be_listening }
-      its('protocols') { should cmp 'tcp' }
-    end
-
-### Verify port 65432 is not listening
-
-    describe port(22) do
-      it { should be_listening }
-      its('protocols') { should include('tcp') }
-      its('protocols') { should_not include('udp') }
-    end
-
-    describe port(65432) do
-      it { should_not be_listening }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### address
-
-The `addresses` matcher tests if the specified address is associated with a port:
-
-    its('addresses') { should include '0.0.0.0' }
-
-### be_listening
-
-The `be_listening` matcher tests if the port is listening for traffic:
-
-    it { should be_listening }
-
-### pids
-
-The `pids` matcher tests the process identifiers (PIDs):
-
-    its('pids') { should cmp 27808 }
-
-### processes
-
-The `processes` matcher tests if the named process is running on the system:
-
-    its('processes') { should cmp 'syslog' }
-
-### protocols
-
-The `protocols` matcher tests the Internet protocol: ICMP (`'icmp'`), TCP (`'tcp'` or `'tcp6'`), or UDP (`'udp'` or `'udp6'`):
-
-    its('protocols') { should include 'tcp' }
-
-or for the IPv6 protocol:
-
-    its('protocols') { should include 'tcp6' }
+---
+title: About the port Resource
+platform: os
+---
+
+# port
+
+Use the `port` InSpec audit resource to test basic port properties, such as port, process, if it's listening.
+
+<br>
+
+## Syntax
+
+A `port` resource block declares a port, and then depending on what needs to be tested, a process, protocol, process identifier, and its state (is it listening?):
+
+    describe port(514) do
+      it { should be_listening }
+      its('processes') {should include 'syslog'}
+    end
+
+where the `processes` returns the processes listening on port 514.
+
+A filter may specify an attribute:
+
+    describe port.where { protocol =~ /tcp/ && port > 22 && port < 80 } do
+      it { should_not be_listening }
+    end
+
+where
+
+* `.where{}` specifies a block in which one (or more) attributes---`port`, `address`, `protocol`, `process`, `pid`, or `listening?`----scope the test to ports that match those attributes
+
+For example, to test if the SSH daemon is available on a Linux machine via the default port (22):
+
+    describe port(22) do
+      its('processes') { should include 'sshd' }
+      its('protocols') { should include 'tcp' }
+      its('addresses') { should include '0.0.0.0' }
+    end
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test port 80, listening with the TCP protocol
+
+    describe port(80) do
+      it { should be_listening }
+      its('protocols') { should cmp 'tcp' }
+    end
+
+### Test port 80, on a specific address
+
+A specific port address may be checked using either of the following examples:
+
+    describe port(80) do
+      it { should be_listening }
+      its('addresses') {should include '0.0.0.0'}
+    end
+
+or:
+
+    describe port('0.0.0.0', 80) do
+      it { should be_listening }
+    end
+
+### Test port 80, listening with TCP version IPv6 protocol
+
+    describe port(80) do
+      it { should be_listening }
+      its('protocols') { should cmp 'tcp6' }
+    end
+
+### Test that only secure ports accept requests
+
+    describe port(80) do
+      it { should_not be_listening }
+    end
+
+    describe port(443) do
+      it { should be_listening }
+      its('protocols') { should cmp 'tcp' }
+    end
+
+### Verify port 65432 is not listening
+
+    describe port(22) do
+      it { should be_listening }
+      its('protocols') { should include('tcp') }
+      its('protocols') { should_not include('udp') }
+    end
+
+    describe port(65432) do
+      it { should_not be_listening }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### address
+
+The `addresses` matcher tests if the specified address is associated with a port:
+
+    its('addresses') { should include '0.0.0.0' }
+
+### be_listening
+
+The `be_listening` matcher tests if the port is listening for traffic:
+
+    it { should be_listening }
+
+### pids
+
+The `pids` matcher tests the process identifiers (PIDs):
+
+    its('pids') { should cmp 27808 }
+
+### processes
+
+The `processes` matcher tests if the named process is running on the system:
+
+    its('processes') { should cmp 'syslog' }
+
+### protocols
+
+The `protocols` matcher tests the Internet protocol: ICMP (`'icmp'`), TCP (`'tcp'` or `'tcp6'`), or UDP (`'udp'` or `'udp6'`):
+
+    its('protocols') { should include 'tcp' }
+
+or for the IPv6 protocol:
+
+    its('protocols') { should include 'tcp6' }