inspec 2.1.0 → 2.1.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (489) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +101 -101
  3. data/CHANGELOG.md +3024 -3004
  4. data/Gemfile +55 -55
  5. data/LICENSE +14 -14
  6. data/MAINTAINERS.md +33 -33
  7. data/MAINTAINERS.toml +52 -52
  8. data/README.md +447 -446
  9. data/Rakefile +322 -322
  10. data/bin/inspec +12 -12
  11. data/docs/.gitignore +2 -2
  12. data/docs/README.md +40 -40
  13. data/docs/dsl_inspec.md +258 -258
  14. data/docs/dsl_resource.md +100 -93
  15. data/docs/glossary.md +99 -99
  16. data/docs/habitat.md +191 -191
  17. data/docs/inspec_and_friends.md +114 -114
  18. data/docs/matchers.md +169 -169
  19. data/docs/migration.md +293 -293
  20. data/docs/platforms.md +118 -118
  21. data/docs/plugin_kitchen_inspec.md +50 -50
  22. data/docs/profiles.md +376 -376
  23. data/docs/reporters.md +105 -105
  24. data/docs/resources/aide_conf.md.erb +75 -75
  25. data/docs/resources/apache.md.erb +67 -67
  26. data/docs/resources/apache_conf.md.erb +68 -68
  27. data/docs/resources/apt.md.erb +71 -71
  28. data/docs/resources/audit_policy.md.erb +47 -47
  29. data/docs/resources/auditd.md.erb +79 -79
  30. data/docs/resources/auditd_conf.md.erb +68 -68
  31. data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
  32. data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
  33. data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
  34. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
  35. data/docs/resources/aws_config_recorder.md.erb +71 -71
  36. data/docs/resources/aws_ec2_instance.md.erb +106 -106
  37. data/docs/resources/aws_iam_access_key.md.erb +123 -123
  38. data/docs/resources/aws_iam_access_keys.md.erb +198 -198
  39. data/docs/resources/aws_iam_group.md.erb +46 -46
  40. data/docs/resources/aws_iam_groups.md.erb +43 -43
  41. data/docs/resources/aws_iam_password_policy.md.erb +76 -76
  42. data/docs/resources/aws_iam_policies.md.erb +82 -82
  43. data/docs/resources/aws_iam_policy.md.erb +144 -144
  44. data/docs/resources/aws_iam_role.md.erb +63 -63
  45. data/docs/resources/aws_iam_root_user.md.erb +58 -58
  46. data/docs/resources/aws_iam_user.md.erb +64 -64
  47. data/docs/resources/aws_iam_users.md.erb +89 -89
  48. data/docs/resources/aws_kms_keys.md.erb +84 -84
  49. data/docs/resources/aws_route_table.md.erb +47 -47
  50. data/docs/resources/aws_s3_bucket.md.erb +134 -134
  51. data/docs/resources/aws_s3_bucket_object.md.erb +83 -0
  52. data/docs/resources/aws_security_group.md.erb +151 -151
  53. data/docs/resources/aws_security_groups.md.erb +91 -91
  54. data/docs/resources/aws_sns_subscription.md.erb +125 -0
  55. data/docs/resources/aws_sns_topic.md.erb +63 -63
  56. data/docs/resources/aws_sns_topics.md.erb +52 -0
  57. data/docs/resources/aws_subnet.md.erb +134 -134
  58. data/docs/resources/aws_subnets.md.erb +126 -126
  59. data/docs/resources/aws_vpc.md.erb +120 -120
  60. data/docs/resources/aws_vpcs.md.erb +48 -48
  61. data/docs/resources/azure_generic_resource.md.erb +171 -171
  62. data/docs/resources/azure_resource_group.md.erb +284 -284
  63. data/docs/resources/azure_virtual_machine.md.erb +347 -347
  64. data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
  65. data/docs/resources/bash.md.erb +75 -75
  66. data/docs/resources/bond.md.erb +90 -90
  67. data/docs/resources/bridge.md.erb +57 -57
  68. data/docs/resources/bsd_service.md.erb +67 -67
  69. data/docs/resources/command.md.erb +138 -138
  70. data/docs/resources/cpan.md.erb +79 -79
  71. data/docs/resources/cran.md.erb +64 -64
  72. data/docs/resources/crontab.md.erb +89 -89
  73. data/docs/resources/csv.md.erb +54 -54
  74. data/docs/resources/dh_params.md.erb +205 -205
  75. data/docs/resources/directory.md.erb +30 -30
  76. data/docs/resources/docker.md.erb +219 -219
  77. data/docs/resources/docker_container.md.erb +103 -103
  78. data/docs/resources/docker_image.md.erb +94 -94
  79. data/docs/resources/docker_service.md.erb +114 -114
  80. data/docs/resources/elasticsearch.md.erb +242 -242
  81. data/docs/resources/etc_fstab.md.erb +125 -125
  82. data/docs/resources/etc_group.md.erb +75 -75
  83. data/docs/resources/etc_hosts.md.erb +78 -78
  84. data/docs/resources/etc_hosts_allow.md.erb +74 -74
  85. data/docs/resources/etc_hosts_deny.md.erb +74 -74
  86. data/docs/resources/file.md.erb +526 -526
  87. data/docs/resources/filesystem.md.erb +41 -41
  88. data/docs/resources/firewalld.md.erb +107 -107
  89. data/docs/resources/gem.md.erb +79 -79
  90. data/docs/resources/group.md.erb +61 -61
  91. data/docs/resources/grub_conf.md.erb +101 -101
  92. data/docs/resources/host.md.erb +86 -86
  93. data/docs/resources/http.md.erb +196 -196
  94. data/docs/resources/iis_app.md.erb +122 -122
  95. data/docs/resources/iis_site.md.erb +135 -135
  96. data/docs/resources/inetd_conf.md.erb +94 -94
  97. data/docs/resources/ini.md.erb +76 -76
  98. data/docs/resources/interface.md.erb +58 -58
  99. data/docs/resources/iptables.md.erb +64 -64
  100. data/docs/resources/json.md.erb +63 -63
  101. data/docs/resources/kernel_module.md.erb +120 -120
  102. data/docs/resources/kernel_parameter.md.erb +53 -53
  103. data/docs/resources/key_rsa.md.erb +85 -85
  104. data/docs/resources/launchd_service.md.erb +57 -57
  105. data/docs/resources/limits_conf.md.erb +75 -75
  106. data/docs/resources/{login_def.md.erb → login_defs.md.erb} +71 -71
  107. data/docs/resources/mount.md.erb +69 -69
  108. data/docs/resources/mssql_session.md.erb +60 -60
  109. data/docs/resources/mysql_conf.md.erb +99 -99
  110. data/docs/resources/mysql_session.md.erb +74 -74
  111. data/docs/resources/nginx.md.erb +79 -79
  112. data/docs/resources/nginx_conf.md.erb +138 -128
  113. data/docs/resources/npm.md.erb +60 -60
  114. data/docs/resources/ntp_conf.md.erb +60 -60
  115. data/docs/resources/oneget.md.erb +53 -53
  116. data/docs/resources/oracledb_session.md.erb +52 -52
  117. data/docs/resources/os.md.erb +141 -141
  118. data/docs/resources/os_env.md.erb +78 -78
  119. data/docs/resources/package.md.erb +120 -120
  120. data/docs/resources/packages.md.erb +67 -67
  121. data/docs/resources/parse_config.md.erb +103 -103
  122. data/docs/resources/parse_config_file.md.erb +138 -138
  123. data/docs/resources/passwd.md.erb +141 -141
  124. data/docs/resources/pip.md.erb +67 -67
  125. data/docs/resources/port.md.erb +137 -137
  126. data/docs/resources/postgres_conf.md.erb +79 -79
  127. data/docs/resources/postgres_hba_conf.md.erb +93 -93
  128. data/docs/resources/postgres_ident_conf.md.erb +76 -76
  129. data/docs/resources/postgres_session.md.erb +69 -69
  130. data/docs/resources/powershell.md.erb +102 -102
  131. data/docs/resources/processes.md.erb +109 -109
  132. data/docs/resources/rabbitmq_config.md.erb +41 -41
  133. data/docs/resources/registry_key.md.erb +158 -158
  134. data/docs/resources/runit_service.md.erb +57 -57
  135. data/docs/resources/security_policy.md.erb +47 -47
  136. data/docs/resources/service.md.erb +121 -121
  137. data/docs/resources/shadow.md.erb +146 -146
  138. data/docs/resources/ssh_config.md.erb +73 -80
  139. data/docs/resources/sshd_config.md.erb +83 -83
  140. data/docs/resources/ssl.md.erb +119 -119
  141. data/docs/resources/sys_info.md.erb +42 -42
  142. data/docs/resources/systemd_service.md.erb +57 -57
  143. data/docs/resources/sysv_service.md.erb +57 -57
  144. data/docs/resources/upstart_service.md.erb +57 -57
  145. data/docs/resources/user.md.erb +140 -140
  146. data/docs/resources/users.md.erb +127 -127
  147. data/docs/resources/vbscript.md.erb +55 -55
  148. data/docs/resources/virtualization.md.erb +57 -57
  149. data/docs/resources/windows_feature.md.erb +47 -47
  150. data/docs/resources/windows_hotfix.md.erb +53 -53
  151. data/docs/resources/windows_task.md.erb +95 -95
  152. data/docs/resources/wmi.md.erb +81 -81
  153. data/docs/resources/x509_certificate.md.erb +151 -151
  154. data/docs/resources/xinetd_conf.md.erb +156 -156
  155. data/docs/resources/xml.md.erb +85 -85
  156. data/docs/resources/yaml.md.erb +69 -69
  157. data/docs/resources/yum.md.erb +98 -98
  158. data/docs/resources/zfs_dataset.md.erb +53 -53
  159. data/docs/resources/zfs_pool.md.erb +47 -47
  160. data/docs/ruby_usage.md +203 -203
  161. data/docs/shared/matcher_be.md.erb +1 -1
  162. data/docs/shared/matcher_cmp.md.erb +43 -43
  163. data/docs/shared/matcher_eq.md.erb +3 -3
  164. data/docs/shared/matcher_include.md.erb +1 -1
  165. data/docs/shared/matcher_match.md.erb +1 -1
  166. data/docs/shell.md +217 -217
  167. data/examples/README.md +8 -8
  168. data/examples/inheritance/README.md +65 -65
  169. data/examples/inheritance/controls/example.rb +14 -14
  170. data/examples/inheritance/inspec.yml +15 -15
  171. data/examples/kitchen-ansible/.kitchen.yml +25 -25
  172. data/examples/kitchen-ansible/Gemfile +19 -19
  173. data/examples/kitchen-ansible/README.md +53 -53
  174. data/examples/kitchen-ansible/files/nginx.repo +6 -6
  175. data/examples/kitchen-ansible/tasks/main.yml +16 -16
  176. data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
  177. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
  178. data/examples/kitchen-chef/.kitchen.yml +20 -20
  179. data/examples/kitchen-chef/Berksfile +3 -3
  180. data/examples/kitchen-chef/Gemfile +19 -19
  181. data/examples/kitchen-chef/README.md +27 -27
  182. data/examples/kitchen-chef/metadata.rb +7 -7
  183. data/examples/kitchen-chef/recipes/default.rb +6 -6
  184. data/examples/kitchen-chef/recipes/nginx.rb +30 -30
  185. data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
  186. data/examples/kitchen-puppet/.kitchen.yml +22 -22
  187. data/examples/kitchen-puppet/Gemfile +20 -20
  188. data/examples/kitchen-puppet/Puppetfile +25 -25
  189. data/examples/kitchen-puppet/README.md +53 -53
  190. data/examples/kitchen-puppet/manifests/site.pp +33 -33
  191. data/examples/kitchen-puppet/metadata.json +11 -11
  192. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
  193. data/examples/meta-profile/README.md +37 -37
  194. data/examples/meta-profile/controls/example.rb +13 -13
  195. data/examples/meta-profile/inspec.yml +13 -13
  196. data/examples/profile-attribute.yml +2 -2
  197. data/examples/profile-attribute/README.md +14 -14
  198. data/examples/profile-attribute/controls/example.rb +11 -11
  199. data/examples/profile-attribute/inspec.yml +8 -8
  200. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
  201. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
  202. data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
  203. data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
  204. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
  205. data/examples/profile-aws/inspec.yml +11 -11
  206. data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
  207. data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
  208. data/examples/profile-azure/inspec.yml +11 -11
  209. data/examples/profile-sensitive/README.md +29 -29
  210. data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
  211. data/examples/profile-sensitive/controls/sensitive.rb +9 -9
  212. data/examples/profile-sensitive/inspec.yml +8 -8
  213. data/examples/profile/README.md +48 -48
  214. data/examples/profile/controls/example.rb +23 -23
  215. data/examples/profile/controls/gordon.rb +36 -36
  216. data/examples/profile/controls/meta.rb +34 -34
  217. data/examples/profile/inspec.yml +10 -10
  218. data/examples/profile/libraries/gordon_config.rb +53 -53
  219. data/inspec.gemspec +47 -47
  220. data/lib/bundles/README.md +3 -3
  221. data/lib/bundles/inspec-artifact.rb +7 -7
  222. data/lib/bundles/inspec-artifact/README.md +1 -1
  223. data/lib/bundles/inspec-artifact/cli.rb +277 -277
  224. data/lib/bundles/inspec-compliance.rb +16 -16
  225. data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
  226. data/lib/bundles/inspec-compliance/README.md +185 -185
  227. data/lib/bundles/inspec-compliance/api.rb +316 -316
  228. data/lib/bundles/inspec-compliance/api/login.rb +152 -152
  229. data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
  230. data/lib/bundles/inspec-compliance/cli.rb +254 -254
  231. data/lib/bundles/inspec-compliance/configuration.rb +103 -103
  232. data/lib/bundles/inspec-compliance/http.rb +86 -86
  233. data/lib/bundles/inspec-compliance/support.rb +36 -36
  234. data/lib/bundles/inspec-compliance/target.rb +98 -98
  235. data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
  236. data/lib/bundles/inspec-habitat.rb +12 -12
  237. data/lib/bundles/inspec-habitat/cli.rb +36 -36
  238. data/lib/bundles/inspec-habitat/log.rb +10 -10
  239. data/lib/bundles/inspec-habitat/profile.rb +390 -390
  240. data/lib/bundles/inspec-init.rb +8 -8
  241. data/lib/bundles/inspec-init/README.md +31 -31
  242. data/lib/bundles/inspec-init/cli.rb +97 -97
  243. data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
  244. data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
  245. data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
  246. data/lib/bundles/inspec-supermarket.rb +13 -13
  247. data/lib/bundles/inspec-supermarket/README.md +45 -45
  248. data/lib/bundles/inspec-supermarket/api.rb +84 -84
  249. data/lib/bundles/inspec-supermarket/cli.rb +73 -73
  250. data/lib/bundles/inspec-supermarket/target.rb +34 -34
  251. data/lib/fetchers/git.rb +163 -163
  252. data/lib/fetchers/local.rb +74 -74
  253. data/lib/fetchers/mock.rb +35 -35
  254. data/lib/fetchers/url.rb +204 -204
  255. data/lib/inspec.rb +24 -24
  256. data/lib/inspec/archive/tar.rb +29 -29
  257. data/lib/inspec/archive/zip.rb +19 -19
  258. data/lib/inspec/backend.rb +93 -93
  259. data/lib/inspec/base_cli.rb +357 -355
  260. data/lib/inspec/cached_fetcher.rb +66 -66
  261. data/lib/inspec/cli.rb +292 -292
  262. data/lib/inspec/completions/bash.sh.erb +45 -45
  263. data/lib/inspec/completions/fish.sh.erb +34 -34
  264. data/lib/inspec/completions/zsh.sh.erb +61 -61
  265. data/lib/inspec/control_eval_context.rb +179 -179
  266. data/lib/inspec/dependencies/cache.rb +72 -72
  267. data/lib/inspec/dependencies/dependency_set.rb +92 -92
  268. data/lib/inspec/dependencies/lockfile.rb +115 -115
  269. data/lib/inspec/dependencies/requirement.rb +123 -123
  270. data/lib/inspec/dependencies/resolver.rb +86 -86
  271. data/lib/inspec/describe.rb +27 -27
  272. data/lib/inspec/dsl.rb +66 -66
  273. data/lib/inspec/dsl_shared.rb +33 -33
  274. data/lib/inspec/env_printer.rb +157 -157
  275. data/lib/inspec/errors.rb +13 -13
  276. data/lib/inspec/exceptions.rb +12 -12
  277. data/lib/inspec/expect.rb +45 -45
  278. data/lib/inspec/fetcher.rb +45 -45
  279. data/lib/inspec/file_provider.rb +275 -275
  280. data/lib/inspec/formatters.rb +3 -3
  281. data/lib/inspec/formatters/base.rb +250 -250
  282. data/lib/inspec/formatters/json_rspec.rb +20 -20
  283. data/lib/inspec/formatters/show_progress.rb +12 -12
  284. data/lib/inspec/library_eval_context.rb +58 -58
  285. data/lib/inspec/log.rb +11 -11
  286. data/lib/inspec/metadata.rb +247 -247
  287. data/lib/inspec/method_source.rb +24 -24
  288. data/lib/inspec/objects.rb +14 -14
  289. data/lib/inspec/objects/attribute.rb +65 -65
  290. data/lib/inspec/objects/control.rb +61 -61
  291. data/lib/inspec/objects/describe.rb +92 -92
  292. data/lib/inspec/objects/each_loop.rb +36 -36
  293. data/lib/inspec/objects/list.rb +15 -15
  294. data/lib/inspec/objects/or_test.rb +40 -40
  295. data/lib/inspec/objects/ruby_helper.rb +15 -15
  296. data/lib/inspec/objects/tag.rb +27 -27
  297. data/lib/inspec/objects/test.rb +87 -87
  298. data/lib/inspec/objects/value.rb +27 -27
  299. data/lib/inspec/plugins.rb +60 -60
  300. data/lib/inspec/plugins/cli.rb +24 -24
  301. data/lib/inspec/plugins/fetcher.rb +86 -86
  302. data/lib/inspec/plugins/resource.rb +135 -135
  303. data/lib/inspec/plugins/secret.rb +15 -15
  304. data/lib/inspec/plugins/source_reader.rb +40 -40
  305. data/lib/inspec/polyfill.rb +12 -12
  306. data/lib/inspec/profile.rb +510 -510
  307. data/lib/inspec/profile_context.rb +207 -207
  308. data/lib/inspec/profile_vendor.rb +66 -66
  309. data/lib/inspec/reporters.rb +54 -54
  310. data/lib/inspec/reporters/base.rb +24 -24
  311. data/lib/inspec/reporters/cli.rb +356 -356
  312. data/lib/inspec/reporters/json.rb +116 -116
  313. data/lib/inspec/reporters/json_min.rb +48 -48
  314. data/lib/inspec/reporters/junit.rb +77 -77
  315. data/lib/inspec/require_loader.rb +33 -33
  316. data/lib/inspec/resource.rb +186 -186
  317. data/lib/inspec/rule.rb +266 -266
  318. data/lib/inspec/runner.rb +345 -345
  319. data/lib/inspec/runner_mock.rb +41 -41
  320. data/lib/inspec/runner_rspec.rb +175 -175
  321. data/lib/inspec/runtime_profile.rb +26 -26
  322. data/lib/inspec/schema.rb +213 -213
  323. data/lib/inspec/secrets.rb +19 -19
  324. data/lib/inspec/secrets/yaml.rb +30 -30
  325. data/lib/inspec/shell.rb +220 -220
  326. data/lib/inspec/shell_detector.rb +90 -90
  327. data/lib/inspec/source_reader.rb +29 -29
  328. data/lib/inspec/version.rb +8 -8
  329. data/lib/matchers/matchers.rb +339 -339
  330. data/lib/resource_support/aws.rb +44 -41
  331. data/lib/resource_support/aws/aws_backend_base.rb +12 -12
  332. data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
  333. data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
  334. data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
  335. data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
  336. data/lib/resources/aide_conf.rb +151 -159
  337. data/lib/resources/apache.rb +48 -48
  338. data/lib/resources/apache_conf.rb +149 -156
  339. data/lib/resources/apt.rb +149 -149
  340. data/lib/resources/audit_policy.rb +63 -63
  341. data/lib/resources/auditd.rb +231 -231
  342. data/lib/resources/auditd_conf.rb +46 -55
  343. data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
  344. data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
  345. data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
  346. data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
  347. data/lib/resources/aws/aws_config_recorder.rb +98 -98
  348. data/lib/resources/aws/aws_ec2_instance.rb +157 -157
  349. data/lib/resources/aws/aws_iam_access_key.rb +106 -106
  350. data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
  351. data/lib/resources/aws/aws_iam_group.rb +56 -56
  352. data/lib/resources/aws/aws_iam_groups.rb +52 -52
  353. data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
  354. data/lib/resources/aws/aws_iam_policies.rb +53 -53
  355. data/lib/resources/aws/aws_iam_policy.rb +125 -125
  356. data/lib/resources/aws/aws_iam_role.rb +51 -51
  357. data/lib/resources/aws/aws_iam_root_user.rb +60 -60
  358. data/lib/resources/aws/aws_iam_user.rb +111 -111
  359. data/lib/resources/aws/aws_iam_users.rb +108 -108
  360. data/lib/resources/aws/aws_kms_keys.rb +53 -53
  361. data/lib/resources/aws/aws_route_table.rb +61 -61
  362. data/lib/resources/aws/aws_s3_bucket.rb +115 -115
  363. data/lib/resources/aws/aws_s3_bucket_object.rb +82 -0
  364. data/lib/resources/aws/aws_security_group.rb +93 -93
  365. data/lib/resources/aws/aws_security_groups.rb +68 -68
  366. data/lib/resources/aws/aws_sns_subscription.rb +78 -0
  367. data/lib/resources/aws/aws_sns_topic.rb +53 -53
  368. data/lib/resources/aws/aws_sns_topics.rb +56 -0
  369. data/lib/resources/aws/aws_subnet.rb +88 -88
  370. data/lib/resources/aws/aws_subnets.rb +53 -53
  371. data/lib/resources/aws/aws_vpc.rb +69 -69
  372. data/lib/resources/aws/aws_vpcs.rb +45 -45
  373. data/lib/resources/azure/azure_backend.rb +377 -377
  374. data/lib/resources/azure/azure_generic_resource.rb +59 -59
  375. data/lib/resources/azure/azure_resource_group.rb +152 -152
  376. data/lib/resources/azure/azure_virtual_machine.rb +264 -264
  377. data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -136
  378. data/lib/resources/bash.rb +35 -35
  379. data/lib/resources/bond.rb +69 -68
  380. data/lib/resources/bridge.rb +122 -122
  381. data/lib/resources/command.rb +73 -73
  382. data/lib/resources/cpan.rb +58 -58
  383. data/lib/resources/cran.rb +64 -64
  384. data/lib/resources/crontab.rb +169 -169
  385. data/lib/resources/csv.rb +56 -60
  386. data/lib/resources/dh_params.rb +77 -82
  387. data/lib/resources/directory.rb +25 -25
  388. data/lib/resources/docker.rb +236 -236
  389. data/lib/resources/docker_container.rb +89 -89
  390. data/lib/resources/docker_image.rb +83 -83
  391. data/lib/resources/docker_object.rb +57 -57
  392. data/lib/resources/docker_service.rb +90 -90
  393. data/lib/resources/elasticsearch.rb +169 -169
  394. data/lib/resources/etc_fstab.rb +94 -101
  395. data/lib/resources/etc_group.rb +152 -152
  396. data/lib/resources/etc_hosts.rb +66 -82
  397. data/lib/resources/etc_hosts_allow_deny.rb +112 -122
  398. data/lib/resources/file.rb +298 -298
  399. data/lib/resources/filesystem.rb +31 -31
  400. data/lib/resources/firewalld.rb +143 -143
  401. data/lib/resources/gem.rb +70 -70
  402. data/lib/resources/groups.rb +215 -215
  403. data/lib/resources/grub_conf.rb +227 -237
  404. data/lib/resources/host.rb +306 -306
  405. data/lib/resources/http.rb +251 -251
  406. data/lib/resources/iis_app.rb +101 -101
  407. data/lib/resources/iis_site.rb +148 -148
  408. data/lib/resources/inetd_conf.rb +54 -62
  409. data/lib/resources/ini.rb +29 -29
  410. data/lib/resources/interface.rb +129 -129
  411. data/lib/resources/iptables.rb +80 -80
  412. data/lib/resources/json.rb +107 -117
  413. data/lib/resources/kernel_module.rb +107 -107
  414. data/lib/resources/kernel_parameter.rb +58 -58
  415. data/lib/resources/key_rsa.rb +61 -67
  416. data/lib/resources/limits_conf.rb +46 -55
  417. data/lib/resources/login_def.rb +57 -66
  418. data/lib/resources/mount.rb +88 -88
  419. data/lib/resources/mssql_session.rb +101 -101
  420. data/lib/resources/mysql.rb +81 -81
  421. data/lib/resources/mysql_conf.rb +127 -134
  422. data/lib/resources/mysql_session.rb +85 -85
  423. data/lib/resources/nginx.rb +96 -96
  424. data/lib/resources/nginx_conf.rb +226 -227
  425. data/lib/resources/npm.rb +48 -48
  426. data/lib/resources/ntp_conf.rb +51 -58
  427. data/lib/resources/oneget.rb +71 -71
  428. data/lib/resources/oracledb_session.rb +139 -139
  429. data/lib/resources/os.rb +36 -36
  430. data/lib/resources/os_env.rb +76 -76
  431. data/lib/resources/package.rb +370 -370
  432. data/lib/resources/packages.rb +111 -111
  433. data/lib/resources/parse_config.rb +112 -116
  434. data/lib/resources/passwd.rb +76 -74
  435. data/lib/resources/pip.rb +89 -89
  436. data/lib/resources/platform.rb +109 -109
  437. data/lib/resources/port.rb +771 -771
  438. data/lib/resources/postgres.rb +130 -130
  439. data/lib/resources/postgres_conf.rb +114 -121
  440. data/lib/resources/postgres_hba_conf.rb +90 -99
  441. data/lib/resources/postgres_ident_conf.rb +79 -76
  442. data/lib/resources/postgres_session.rb +71 -71
  443. data/lib/resources/powershell.rb +53 -53
  444. data/lib/resources/processes.rb +204 -204
  445. data/lib/resources/rabbitmq_conf.rb +51 -52
  446. data/lib/resources/registry_key.rb +296 -296
  447. data/lib/resources/security_policy.rb +180 -180
  448. data/lib/resources/service.rb +790 -789
  449. data/lib/resources/shadow.rb +149 -146
  450. data/lib/resources/ssh_conf.rb +97 -102
  451. data/lib/resources/ssl.rb +99 -99
  452. data/lib/resources/sys_info.rb +28 -28
  453. data/lib/resources/toml.rb +32 -32
  454. data/lib/resources/users.rb +654 -654
  455. data/lib/resources/vbscript.rb +68 -68
  456. data/lib/resources/virtualization.rb +247 -247
  457. data/lib/resources/windows_feature.rb +84 -84
  458. data/lib/resources/windows_hotfix.rb +35 -35
  459. data/lib/resources/windows_task.rb +102 -102
  460. data/lib/resources/wmi.rb +110 -110
  461. data/lib/resources/x509_certificate.rb +137 -143
  462. data/lib/resources/xinetd.rb +106 -111
  463. data/lib/resources/xml.rb +46 -46
  464. data/lib/resources/yaml.rb +43 -47
  465. data/lib/resources/yum.rb +180 -180
  466. data/lib/resources/zfs_dataset.rb +60 -60
  467. data/lib/resources/zfs_pool.rb +49 -49
  468. data/lib/source_readers/flat.rb +39 -39
  469. data/lib/source_readers/inspec.rb +75 -75
  470. data/lib/utils/command_wrapper.rb +27 -27
  471. data/lib/utils/convert.rb +12 -12
  472. data/lib/utils/database_helpers.rb +77 -77
  473. data/lib/utils/erlang_parser.rb +192 -192
  474. data/lib/utils/file_reader.rb +25 -0
  475. data/lib/utils/filter.rb +272 -272
  476. data/lib/utils/filter_array.rb +27 -27
  477. data/lib/utils/find_files.rb +44 -44
  478. data/lib/utils/hash.rb +41 -41
  479. data/lib/utils/json_log.rb +18 -18
  480. data/lib/utils/latest_version.rb +22 -22
  481. data/lib/utils/modulator.rb +12 -12
  482. data/lib/utils/nginx_parser.rb +85 -85
  483. data/lib/utils/object_traversal.rb +49 -49
  484. data/lib/utils/parser.rb +274 -274
  485. data/lib/utils/plugin_registry.rb +93 -93
  486. data/lib/utils/simpleconfig.rb +120 -120
  487. data/lib/utils/spdx.rb +13 -13
  488. data/lib/utils/spdx.txt +343 -343
  489. metadata +12 -5
@@ -1,151 +1,151 @@
1
- ---
2
- title: The x509_certificate Resource
3
- platform: os
4
- ---
5
-
6
- # x509_certificate
7
-
8
- Use the `x509_certificate` InSpec audit resource to test the fields and validity of an x.509 certificate.
9
-
10
- X.509 certificates use public/private key pairs to sign and encrypt documents
11
- or communications over a network. They may also be used for authentication.
12
-
13
- Examples include SSL certificates, S/MIME certificates and VPN authentication
14
- certificates.
15
-
16
- <br>
17
-
18
- ## Syntax
19
-
20
- An `x509_certificate` resource block declares a certificate `key file` to be tested.
21
-
22
- describe x509_certificate('mycertificate.pem') do
23
- its('validity_in_days') { should be > 30 }
24
- end
25
-
26
- <br>
27
-
28
- ## Properties
29
-
30
- ### subject.XX
31
-
32
- `subject` property makes it easier to access individual subject elements.
33
-
34
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
35
- its('subject.CN') { should eq "www.mywebsite.com" }
36
- end
37
-
38
- ### subject_dn (String)
39
-
40
- The `subject_dn` string returns the distinguished name of the subject field. It contains several fields separated by forward slashes. The field identifiers are the same ones used by OpenSSL to generate CSR's and certs. Use `subject.XX` instead to access the parsed version.
41
-
42
- e.g. `/C=US/L=Seattle/O=Chef Software Inc/OU=Chefs/CN=Richard Nixon`
43
-
44
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
45
- its('subject_dn') { should match "CN=www.mywebsite.com" }
46
- end
47
-
48
- ### issuer.XX
49
-
50
- `issuer` makes it easier to access individual issuer elements.
51
-
52
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
53
- its('issuer.CN') { should eq "Acme Trust CA" }
54
- end
55
-
56
- ### issuer_dn (String)
57
-
58
- The `issuer_dn` is the distinguished name from a CA (certificate authority) during the
59
- certificate signing process. It describes which authority is guaranteeing the
60
- identity of our certificate.
61
-
62
- e.g. `/C=US/L=Seattle/CN=Acme Trust CA/emailAddress=support@acmetrust.org`
63
-
64
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
65
- its('issuer_cn') { should match "CN=Acme Trust CA" }
66
- end
67
-
68
- ### public_key (String)
69
-
70
- The `public_key` property returns a base64 encoded public key in PEM format.
71
-
72
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
73
- its('public_key') { should match "-----BEGIN PUBLIC KEY-----\nblah blah blah..." }
74
- end
75
-
76
- ### key_length (Integer)
77
-
78
- The `key_length` property calculates the number of bits in the public key.
79
- More bits increase security, but at the cost of speed and in extreme cases, compatibility.
80
-
81
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
82
- its('key_length') { should be 2048 }
83
- end
84
-
85
- ### signature_algorithm (String)
86
-
87
- The `signature_algorithm` property describes which hash function was used by the CA to
88
- sign the certificate.
89
-
90
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
91
- its('signature_algorithm') { should be 'sha256WithRSAEncryption' }
92
- end
93
-
94
-
95
- ### validity_in_days (Float)
96
-
97
- The `validity_in_days` property can be used to check that certificates are not in
98
- danger of expiring soon.
99
-
100
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
101
- its('validity_in_days') { should be > 30 }
102
- end
103
-
104
- ### not_before and not_after (Time)
105
-
106
- The `not_before` and `not_after` properties expose the start and end dates of certificate
107
- validity. They are exposed as ruby Time class so that date arithmetic can be easily performed.
108
-
109
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
110
- its('not_before') { should be <= Time.utc.now }
111
- its('not_after') { should be >= Time.utc.now }
112
- end
113
-
114
- ### serial (Integer)
115
-
116
- The `serial` property exposes the serial number of the certificate. The serial number is set by the CA during the signing process and should be unique within that CA.
117
-
118
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
119
- its('serial') { should eq 9623283588743302433 }
120
- end
121
-
122
- ### version (Integer)
123
-
124
- The `version` property exposes the certificate version.
125
-
126
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
127
- its('version') { should eq 2 }
128
- end
129
-
130
- ### extensions (Hash)
131
-
132
- The `extensions` hash property is mainly used to determine what the certificate can be used for.
133
-
134
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
135
- # Check what extension categories we have
136
- its('extensions') { should include 'keyUsage' }
137
- its('extensions') { should include 'extendedKeyUsage' }
138
- its('extensions') { should include 'subjectAltName' }
139
-
140
- # Check examples of basic 'keyUsage'
141
- its('extensions.keyUsage') { should include 'Digital Signature' }
142
- its('extensions.keyUsage') { should include 'Non Repudiation' }
143
- its('extensions.keyUsage') { should include 'Data Encipherment' }
144
-
145
- # Check examples of newer 'extendedKeyUsage'
146
- its('extensions.extendedKeyUsage') { should include 'TLS Web Server Authentication' }
147
- its('extensions.extendedKeyUsage') { should include 'Code Signing' }
148
-
149
- # Check examples of 'subjectAltName'
150
- its('extensions.subjectAltName') { should include 'email:support@chef.io' }
151
- end
1
+ ---
2
+ title: The x509_certificate Resource
3
+ platform: os
4
+ ---
5
+
6
+ # x509_certificate
7
+
8
+ Use the `x509_certificate` InSpec audit resource to test the fields and validity of an x.509 certificate.
9
+
10
+ X.509 certificates use public/private key pairs to sign and encrypt documents
11
+ or communications over a network. They may also be used for authentication.
12
+
13
+ Examples include SSL certificates, S/MIME certificates and VPN authentication
14
+ certificates.
15
+
16
+ <br>
17
+
18
+ ## Syntax
19
+
20
+ An `x509_certificate` resource block declares a certificate `key file` to be tested.
21
+
22
+ describe x509_certificate('mycertificate.pem') do
23
+ its('validity_in_days') { should be > 30 }
24
+ end
25
+
26
+ <br>
27
+
28
+ ## Properties
29
+
30
+ ### subject.XX
31
+
32
+ `subject` property makes it easier to access individual subject elements.
33
+
34
+ describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
35
+ its('subject.CN') { should eq "www.mywebsite.com" }
36
+ end
37
+
38
+ ### subject_dn (String)
39
+
40
+ The `subject_dn` string returns the distinguished name of the subject field. It contains several fields separated by forward slashes. The field identifiers are the same ones used by OpenSSL to generate CSR's and certs. Use `subject.XX` instead to access the parsed version.
41
+
42
+ e.g. `/C=US/L=Seattle/O=Chef Software Inc/OU=Chefs/CN=Richard Nixon`
43
+
44
+ describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
45
+ its('subject_dn') { should match "CN=www.mywebsite.com" }
46
+ end
47
+
48
+ ### issuer.XX
49
+
50
+ `issuer` makes it easier to access individual issuer elements.
51
+
52
+ describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
53
+ its('issuer.CN') { should eq "Acme Trust CA" }
54
+ end
55
+
56
+ ### issuer_dn (String)
57
+
58
+ The `issuer_dn` is the distinguished name from a CA (certificate authority) during the
59
+ certificate signing process. It describes which authority is guaranteeing the
60
+ identity of our certificate.
61
+
62
+ e.g. `/C=US/L=Seattle/CN=Acme Trust CA/emailAddress=support@acmetrust.org`
63
+
64
+ describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
65
+ its('issuer_cn') { should match "CN=Acme Trust CA" }
66
+ end
67
+
68
+ ### public_key (String)
69
+
70
+ The `public_key` property returns a base64 encoded public key in PEM format.
71
+
72
+ describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
73
+ its('public_key') { should match "-----BEGIN PUBLIC KEY-----\nblah blah blah..." }
74
+ end
75
+
76
+ ### key_length (Integer)
77
+
78
+ The `key_length` property calculates the number of bits in the public key.
79
+ More bits increase security, but at the cost of speed and in extreme cases, compatibility.
80
+
81
+ describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
82
+ its('key_length') { should be 2048 }
83
+ end
84
+
85
+ ### signature_algorithm (String)
86
+
87
+ The `signature_algorithm` property describes which hash function was used by the CA to
88
+ sign the certificate.
89
+
90
+ describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
91
+ its('signature_algorithm') { should be 'sha256WithRSAEncryption' }
92
+ end
93
+
94
+
95
+ ### validity_in_days (Float)
96
+
97
+ The `validity_in_days` property can be used to check that certificates are not in
98
+ danger of expiring soon.
99
+
100
+ describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
101
+ its('validity_in_days') { should be > 30 }
102
+ end
103
+
104
+ ### not_before and not_after (Time)
105
+
106
+ The `not_before` and `not_after` properties expose the start and end dates of certificate
107
+ validity. They are exposed as ruby Time class so that date arithmetic can be easily performed.
108
+
109
+ describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
110
+ its('not_before') { should be <= Time.utc.now }
111
+ its('not_after') { should be >= Time.utc.now }
112
+ end
113
+
114
+ ### serial (Integer)
115
+
116
+ The `serial` property exposes the serial number of the certificate. The serial number is set by the CA during the signing process and should be unique within that CA.
117
+
118
+ describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
119
+ its('serial') { should eq 9623283588743302433 }
120
+ end
121
+
122
+ ### version (Integer)
123
+
124
+ The `version` property exposes the certificate version.
125
+
126
+ describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
127
+ its('version') { should eq 2 }
128
+ end
129
+
130
+ ### extensions (Hash)
131
+
132
+ The `extensions` hash property is mainly used to determine what the certificate can be used for.
133
+
134
+ describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
135
+ # Check what extension categories we have
136
+ its('extensions') { should include 'keyUsage' }
137
+ its('extensions') { should include 'extendedKeyUsage' }
138
+ its('extensions') { should include 'subjectAltName' }
139
+
140
+ # Check examples of basic 'keyUsage'
141
+ its('extensions.keyUsage') { should include 'Digital Signature' }
142
+ its('extensions.keyUsage') { should include 'Non Repudiation' }
143
+ its('extensions.keyUsage') { should include 'Data Encipherment' }
144
+
145
+ # Check examples of newer 'extendedKeyUsage'
146
+ its('extensions.extendedKeyUsage') { should include 'TLS Web Server Authentication' }
147
+ its('extensions.extendedKeyUsage') { should include 'Code Signing' }
148
+
149
+ # Check examples of 'subjectAltName'
150
+ its('extensions.subjectAltName') { should include 'email:support@chef.io' }
151
+ end
@@ -1,156 +1,156 @@
1
- ---
2
- title: About the xinetd_conf Resource
3
- platform: linux
4
- ---
5
-
6
- # xinetd_conf
7
-
8
- Use the `xinetd_conf` InSpec audit resource to test services under `/etc/xinet.d` on Linux and Unix platforms. xinetd---the extended Internet service daemon---listens on all ports, and then loads the appropriate program based on a request. The `xinetd.conf` file is typically located at `/etc/xinetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.
9
-
10
- <br>
11
-
12
- ## Syntax
13
-
14
- An `xinetd_conf` resource block declares settings found in a `xinetd.conf` file for the named service:
15
-
16
- describe xinetd_conf('service_name') do
17
- it { should be_enabled } # or be_disabled
18
- its('setting') { should eq 'value' }
19
- end
20
-
21
- where
22
-
23
- * `'service_name'` is a service located under `/etc/xinet.d`
24
- * `('setting')` is a setting in the `xinetd.conf` file
25
- * `should eq 'value'` is the value that is expected
26
-
27
- <br>
28
-
29
- ## Examples
30
-
31
- The following examples show how to use this InSpec audit resource.
32
-
33
- ### Test a socket_type
34
-
35
- The network socket type: `dgram` (a datagram-based service), `raw` (a service that requires direct access to an IP address), `stream` (a stream-based service), or `seqpacket` (a service that requires a sequenced packet).
36
-
37
- describe xinetd_conf.services('service_name') do
38
- its('socket_types') { should include 'dgram' }
39
- end
40
-
41
- ### Test a service type
42
-
43
- The type of service: `INTERNAL` (a service provided by xinetd), `RPC` (an RPC-based service), `TCPMUX` (a service that is started on a well-known TPCMUX port), or `UNLISTED` (a service that is not listed in a standard system file location).
44
-
45
- describe xinetd_conf.services('service_name') do
46
- its('type') { should include 'RPC' }
47
- end
48
-
49
- ### Test the telnet service
50
-
51
- For example, a `telnet` file under `/etc/xinet.d` contains the following settings:
52
-
53
- service telnet
54
- {
55
- disable = yes
56
- flags = REUSE
57
- socket_type = stream
58
- wait = no
59
- user = root
60
- server = /usr/sbin/in.telnetd
61
- log_on_failure += USERID
62
- }
63
-
64
- Some examples of tests that can be run against that file include:
65
-
66
- describe xinetd_conf.services('telnet') do
67
- it { should be_disabled }
68
- end
69
-
70
- and
71
-
72
- describe xinetd_conf.services('telnet') do
73
- its('socket_type') { should include 'stream' }
74
- end
75
-
76
- and
77
-
78
- describe xinetd_conf.services('telnet') do
79
- its('wait') { should eq 'no' }
80
- end
81
-
82
- All three settings can be tested in the same block as well:
83
-
84
- describe xinetd_conf.services('telnet') do
85
- it { should be_disabled }
86
- its('socket_type') { should include 'stream' }
87
- its('wait') { should eq 'no' }
88
- end
89
-
90
- <br>
91
-
92
- ## Matchers
93
-
94
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
95
-
96
- ### be_enabed
97
-
98
- The `be_enabled` matcher tests if a service listed under `/etc/xinet.d` is enabled:
99
-
100
- it { should be_enabled }
101
-
102
- ### ids
103
-
104
- The `ids` matcher tests if the named service is located under `/etc/xinet.d`:
105
-
106
- its('ids') { should include 'service_name' }
107
-
108
- For example:
109
-
110
- its('ids') { should include 'chargen-stream chargen-dgram'}
111
-
112
- ### services
113
-
114
- The `services` matcher tests if the named service is listed under `/etc/xinet.d`:
115
-
116
- its('services') { should include 'service_name' }
117
-
118
- ### socket_types
119
-
120
- The `socket_types` matcher tests if a service listed under `/etc/xinet.d` is configured to use the named socket type:
121
-
122
- its('socket_types') { should eq 'socket' }
123
-
124
- where `socket` is one of `dgram`, `raw`, or `stream`. For a UDP-based service:
125
-
126
- its('socket_types') { should eq 'dgram' }
127
-
128
- For a raw socket (such as a service using a non-standard protocol or a service that requires direct access to IP):
129
-
130
- its('socket_types') { should eq 'raw' }
131
-
132
- For a TCP-based service:
133
-
134
- its('socket_types') { should eq 'stream' }
135
-
136
- ### types
137
-
138
- The `types` matcher tests the service type:
139
-
140
- its('type') { should eq 'TYPE' }
141
-
142
- where `'TYPE'` is `INTERNAL` (for a service provided by xinetd), `RPC` (for a service based on remote procedure call), or `UNLISTED` (for services not under `/etc/services` or `/etc/rpc`).
143
-
144
- ### wait
145
-
146
- The `wait` matcher tests how a service handles incoming connections.
147
-
148
- For UDP (`dgram`) socket types the `wait` matcher should test for `yes`:
149
-
150
- its('socket_types') { should eq 'dgram' }
151
- its('wait') { should eq 'yes' }
152
-
153
- For TCP (`stream`) socket types the `wait` matcher should test for `no`:
154
-
155
- its('socket_types') { should eq 'stream' }
156
- its('wait') { should eq 'no' }
1
+ ---
2
+ title: About the xinetd_conf Resource
3
+ platform: linux
4
+ ---
5
+
6
+ # xinetd_conf
7
+
8
+ Use the `xinetd_conf` InSpec audit resource to test services under `/etc/xinet.d` on Linux and Unix platforms. xinetd---the extended Internet service daemon---listens on all ports, and then loads the appropriate program based on a request. The `xinetd.conf` file is typically located at `/etc/xinetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.
9
+
10
+ <br>
11
+
12
+ ## Syntax
13
+
14
+ An `xinetd_conf` resource block declares settings found in a `xinetd.conf` file for the named service:
15
+
16
+ describe xinetd_conf('service_name') do
17
+ it { should be_enabled } # or be_disabled
18
+ its('setting') { should eq 'value' }
19
+ end
20
+
21
+ where
22
+
23
+ * `'service_name'` is a service located under `/etc/xinet.d`
24
+ * `('setting')` is a setting in the `xinetd.conf` file
25
+ * `should eq 'value'` is the value that is expected
26
+
27
+ <br>
28
+
29
+ ## Examples
30
+
31
+ The following examples show how to use this InSpec audit resource.
32
+
33
+ ### Test a socket_type
34
+
35
+ The network socket type: `dgram` (a datagram-based service), `raw` (a service that requires direct access to an IP address), `stream` (a stream-based service), or `seqpacket` (a service that requires a sequenced packet).
36
+
37
+ describe xinetd_conf.services('service_name') do
38
+ its('socket_types') { should include 'dgram' }
39
+ end
40
+
41
+ ### Test a service type
42
+
43
+ The type of service: `INTERNAL` (a service provided by xinetd), `RPC` (an RPC-based service), `TCPMUX` (a service that is started on a well-known TCPMUX port), or `UNLISTED` (a service that is not listed in a standard system file location).
44
+
45
+ describe xinetd_conf.services('service_name') do
46
+ its('type') { should include 'RPC' }
47
+ end
48
+
49
+ ### Test the telnet service
50
+
51
+ For example, a `telnet` file under `/etc/xinet.d` contains the following settings:
52
+
53
+ service telnet
54
+ {
55
+ disable = yes
56
+ flags = REUSE
57
+ socket_type = stream
58
+ wait = no
59
+ user = root
60
+ server = /usr/sbin/in.telnetd
61
+ log_on_failure += USERID
62
+ }
63
+
64
+ Some examples of tests that can be run against that file include:
65
+
66
+ describe xinetd_conf.services('telnet') do
67
+ it { should be_disabled }
68
+ end
69
+
70
+ and
71
+
72
+ describe xinetd_conf.services('telnet') do
73
+ its('socket_type') { should include 'stream' }
74
+ end
75
+
76
+ and
77
+
78
+ describe xinetd_conf.services('telnet') do
79
+ its('wait') { should eq 'no' }
80
+ end
81
+
82
+ All three settings can be tested in the same block as well:
83
+
84
+ describe xinetd_conf.services('telnet') do
85
+ it { should be_disabled }
86
+ its('socket_type') { should include 'stream' }
87
+ its('wait') { should eq 'no' }
88
+ end
89
+
90
+ <br>
91
+
92
+ ## Matchers
93
+
94
+ For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
95
+
96
+ ### be_enabled
97
+
98
+ The `be_enabled` matcher tests if a service listed under `/etc/xinet.d` is enabled:
99
+
100
+ it { should be_enabled }
101
+
102
+ ### ids
103
+
104
+ The `ids` matcher tests if the named service is located under `/etc/xinet.d`:
105
+
106
+ its('ids') { should include 'service_name' }
107
+
108
+ For example:
109
+
110
+ its('ids') { should include 'chargen-stream chargen-dgram'}
111
+
112
+ ### services
113
+
114
+ The `services` matcher tests if the named service is listed under `/etc/xinet.d`:
115
+
116
+ its('services') { should include 'service_name' }
117
+
118
+ ### socket_types
119
+
120
+ The `socket_types` matcher tests if a service listed under `/etc/xinet.d` is configured to use the named socket type:
121
+
122
+ its('socket_types') { should eq 'socket' }
123
+
124
+ where `socket` is one of `dgram`, `raw`, or `stream`. For a UDP-based service:
125
+
126
+ its('socket_types') { should eq 'dgram' }
127
+
128
+ For a raw socket (such as a service using a non-standard protocol or a service that requires direct access to IP):
129
+
130
+ its('socket_types') { should eq 'raw' }
131
+
132
+ For a TCP-based service:
133
+
134
+ its('socket_types') { should eq 'stream' }
135
+
136
+ ### types
137
+
138
+ The `types` matcher tests the service type:
139
+
140
+ its('type') { should eq 'TYPE' }
141
+
142
+ where `'TYPE'` is `INTERNAL` (for a service provided by xinetd), `RPC` (for a service based on remote procedure call), or `UNLISTED` (for services not under `/etc/services` or `/etc/rpc`).
143
+
144
+ ### wait
145
+
146
+ The `wait` matcher tests how a service handles incoming connections.
147
+
148
+ For UDP (`dgram`) socket types the `wait` matcher should test for `yes`:
149
+
150
+ its('socket_types') { should eq 'dgram' }
151
+ its('wait') { should eq 'yes' }
152
+
153
+ For TCP (`stream`) socket types the `wait` matcher should test for `no`:
154
+
155
+ its('socket_types') { should eq 'stream' }
156
+ its('wait') { should eq 'no' }