inspec 2.1.21 → 2.1.30
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +3062 -3045
- data/Gemfile +56 -56
- data/LICENSE +14 -14
- data/MAINTAINERS.md +33 -33
- data/MAINTAINERS.toml +52 -52
- data/README.md +447 -447
- data/Rakefile +322 -322
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +40 -40
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +100 -100
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +114 -114
- data/docs/matchers.md +169 -169
- data/docs/migration.md +293 -293
- data/docs/platforms.md +118 -118
- data/docs/plugin_kitchen_inspec.md +50 -50
- data/docs/profiles.md +376 -376
- data/docs/reporters.md +105 -105
- data/docs/resources/aide_conf.md.erb +75 -75
- data/docs/resources/apache.md.erb +67 -67
- data/docs/resources/apache_conf.md.erb +68 -68
- data/docs/resources/apt.md.erb +71 -71
- data/docs/resources/audit_policy.md.erb +47 -47
- data/docs/resources/auditd.md.erb +79 -79
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
- data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
- data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
- data/docs/resources/aws_config_delivery_channel.md +79 -79
- data/docs/resources/aws_config_recorder.md.erb +71 -71
- data/docs/resources/aws_ec2_instance.md.erb +106 -106
- data/docs/resources/aws_iam_access_key.md.erb +123 -123
- data/docs/resources/aws_iam_access_keys.md.erb +198 -198
- data/docs/resources/aws_iam_group.md.erb +46 -46
- data/docs/resources/aws_iam_groups.md.erb +43 -43
- data/docs/resources/aws_iam_password_policy.md.erb +76 -76
- data/docs/resources/aws_iam_policies.md.erb +82 -82
- data/docs/resources/aws_iam_policy.md.erb +144 -144
- data/docs/resources/aws_iam_role.md.erb +63 -63
- data/docs/resources/aws_iam_root_user.md.erb +70 -58
- data/docs/resources/aws_iam_user.md.erb +64 -64
- data/docs/resources/aws_iam_users.md.erb +89 -89
- data/docs/resources/aws_kms_key.md.erb +171 -171
- data/docs/resources/aws_kms_keys.md.erb +84 -84
- data/docs/resources/aws_rds_instance.md.erb +60 -60
- data/docs/resources/aws_route_table.md.erb +47 -47
- data/docs/resources/aws_route_tables.md.erb +49 -0
- data/docs/resources/aws_s3_bucket.md.erb +134 -134
- data/docs/resources/aws_s3_bucket_object.md.erb +83 -83
- data/docs/resources/aws_s3_buckets.md.erb +53 -0
- data/docs/resources/aws_security_group.md.erb +151 -151
- data/docs/resources/aws_security_groups.md.erb +91 -91
- data/docs/resources/aws_sns_subscription.md.erb +124 -124
- data/docs/resources/aws_sns_topic.md.erb +63 -63
- data/docs/resources/aws_sns_topics.md.erb +52 -52
- data/docs/resources/aws_subnet.md.erb +134 -134
- data/docs/resources/aws_subnets.md.erb +126 -126
- data/docs/resources/aws_vpc.md.erb +120 -120
- data/docs/resources/aws_vpcs.md.erb +48 -48
- data/docs/resources/azure_generic_resource.md.erb +171 -171
- data/docs/resources/azure_resource_group.md.erb +284 -284
- data/docs/resources/azure_virtual_machine.md.erb +347 -347
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
- data/docs/resources/bash.md.erb +75 -75
- data/docs/resources/bond.md.erb +90 -90
- data/docs/resources/bridge.md.erb +57 -57
- data/docs/resources/bsd_service.md.erb +67 -67
- data/docs/resources/chocolatey_package.md.erb +58 -0
- data/docs/resources/command.md.erb +138 -138
- data/docs/resources/cpan.md.erb +79 -79
- data/docs/resources/cran.md.erb +64 -64
- data/docs/resources/crontab.md.erb +89 -89
- data/docs/resources/csv.md.erb +54 -54
- data/docs/resources/dh_params.md.erb +205 -205
- data/docs/resources/directory.md.erb +30 -30
- data/docs/resources/docker.md.erb +219 -219
- data/docs/resources/docker_container.md.erb +103 -103
- data/docs/resources/docker_image.md.erb +94 -94
- data/docs/resources/docker_service.md.erb +114 -114
- data/docs/resources/elasticsearch.md.erb +242 -242
- data/docs/resources/etc_fstab.md.erb +125 -125
- data/docs/resources/etc_group.md.erb +75 -75
- data/docs/resources/etc_hosts.md.erb +78 -78
- data/docs/resources/etc_hosts_allow.md.erb +74 -74
- data/docs/resources/etc_hosts_deny.md.erb +74 -74
- data/docs/resources/file.md.erb +526 -526
- data/docs/resources/filesystem.md.erb +41 -41
- data/docs/resources/firewalld.md.erb +107 -107
- data/docs/resources/gem.md.erb +79 -79
- data/docs/resources/group.md.erb +61 -61
- data/docs/resources/grub_conf.md.erb +101 -101
- data/docs/resources/host.md.erb +86 -86
- data/docs/resources/http.md.erb +196 -196
- data/docs/resources/iis_app.md.erb +122 -122
- data/docs/resources/iis_site.md.erb +135 -135
- data/docs/resources/inetd_conf.md.erb +94 -94
- data/docs/resources/ini.md.erb +76 -76
- data/docs/resources/interface.md.erb +58 -58
- data/docs/resources/iptables.md.erb +64 -64
- data/docs/resources/json.md.erb +63 -63
- data/docs/resources/kernel_module.md.erb +120 -120
- data/docs/resources/kernel_parameter.md.erb +53 -53
- data/docs/resources/key_rsa.md.erb +85 -85
- data/docs/resources/launchd_service.md.erb +57 -57
- data/docs/resources/limits_conf.md.erb +75 -75
- data/docs/resources/login_defs.md.erb +71 -71
- data/docs/resources/mount.md.erb +69 -69
- data/docs/resources/mssql_session.md.erb +60 -60
- data/docs/resources/mysql_conf.md.erb +99 -99
- data/docs/resources/mysql_session.md.erb +74 -74
- data/docs/resources/nginx.md.erb +79 -79
- data/docs/resources/nginx_conf.md.erb +138 -138
- data/docs/resources/npm.md.erb +60 -60
- data/docs/resources/ntp_conf.md.erb +60 -60
- data/docs/resources/oneget.md.erb +53 -53
- data/docs/resources/oracledb_session.md.erb +52 -52
- data/docs/resources/os.md.erb +141 -141
- data/docs/resources/os_env.md.erb +78 -78
- data/docs/resources/package.md.erb +120 -120
- data/docs/resources/packages.md.erb +67 -67
- data/docs/resources/parse_config.md.erb +103 -103
- data/docs/resources/parse_config_file.md.erb +138 -138
- data/docs/resources/passwd.md.erb +141 -141
- data/docs/resources/pip.md.erb +67 -67
- data/docs/resources/port.md.erb +137 -137
- data/docs/resources/postgres_conf.md.erb +79 -79
- data/docs/resources/postgres_hba_conf.md.erb +93 -93
- data/docs/resources/postgres_ident_conf.md.erb +76 -76
- data/docs/resources/postgres_session.md.erb +69 -69
- data/docs/resources/powershell.md.erb +102 -102
- data/docs/resources/processes.md.erb +109 -109
- data/docs/resources/rabbitmq_config.md.erb +41 -41
- data/docs/resources/registry_key.md.erb +158 -158
- data/docs/resources/runit_service.md.erb +57 -57
- data/docs/resources/security_policy.md.erb +47 -47
- data/docs/resources/service.md.erb +121 -121
- data/docs/resources/shadow.md.erb +146 -146
- data/docs/resources/ssh_config.md.erb +73 -73
- data/docs/resources/sshd_config.md.erb +83 -83
- data/docs/resources/ssl.md.erb +119 -119
- data/docs/resources/sys_info.md.erb +42 -42
- data/docs/resources/systemd_service.md.erb +57 -57
- data/docs/resources/sysv_service.md.erb +57 -57
- data/docs/resources/upstart_service.md.erb +57 -57
- data/docs/resources/user.md.erb +140 -140
- data/docs/resources/users.md.erb +127 -127
- data/docs/resources/vbscript.md.erb +55 -55
- data/docs/resources/virtualization.md.erb +57 -57
- data/docs/resources/windows_feature.md.erb +47 -47
- data/docs/resources/windows_hotfix.md.erb +53 -53
- data/docs/resources/windows_task.md.erb +95 -95
- data/docs/resources/wmi.md.erb +81 -81
- data/docs/resources/x509_certificate.md.erb +151 -151
- data/docs/resources/xinetd_conf.md.erb +156 -156
- data/docs/resources/xml.md.erb +85 -85
- data/docs/resources/yaml.md.erb +69 -69
- data/docs/resources/yum.md.erb +98 -98
- data/docs/resources/zfs_dataset.md.erb +53 -53
- data/docs/resources/zfs_pool.md.erb +47 -47
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +217 -217
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +22 -22
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
- data/examples/profile-aws/inspec.yml +11 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
- data/examples/profile-azure/inspec.yml +11 -11
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +59 -53
- data/inspec.gemspec +47 -47
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +185 -185
- data/lib/bundles/inspec-compliance/api.rb +316 -316
- data/lib/bundles/inspec-compliance/api/login.rb +152 -152
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +254 -254
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +86 -86
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +98 -98
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +391 -391
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +73 -73
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +204 -204
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +93 -93
- data/lib/inspec/base_cli.rb +363 -357
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +292 -292
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +14 -13
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +259 -250
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +247 -247
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +65 -65
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +135 -135
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +513 -513
- data/lib/inspec/profile_context.rb +208 -208
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +60 -54
- data/lib/inspec/reporters/automate.rb +76 -0
- data/lib/inspec/reporters/base.rb +25 -24
- data/lib/inspec/reporters/cli.rb +356 -356
- data/lib/inspec/reporters/json.rb +116 -116
- data/lib/inspec/reporters/json_min.rb +48 -48
- data/lib/inspec/reporters/junit.rb +77 -77
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +187 -186
- data/lib/inspec/rule.rb +266 -266
- data/lib/inspec/runner.rb +345 -345
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +175 -175
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +213 -213
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +220 -220
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +339 -339
- data/lib/resource_support/aws.rb +49 -47
- data/lib/resource_support/aws/aws_backend_base.rb +12 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
- data/lib/resources/aide_conf.rb +151 -151
- data/lib/resources/apache.rb +48 -48
- data/lib/resources/apache_conf.rb +149 -149
- data/lib/resources/apt.rb +149 -149
- data/lib/resources/audit_policy.rb +63 -63
- data/lib/resources/auditd.rb +231 -231
- data/lib/resources/auditd_conf.rb +46 -46
- data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
- data/lib/resources/aws/aws_config_delivery_channel.rb +76 -76
- data/lib/resources/aws/aws_config_recorder.rb +98 -98
- data/lib/resources/aws/aws_ec2_instance.rb +157 -157
- data/lib/resources/aws/aws_iam_access_key.rb +106 -106
- data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
- data/lib/resources/aws/aws_iam_group.rb +56 -56
- data/lib/resources/aws/aws_iam_groups.rb +52 -52
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
- data/lib/resources/aws/aws_iam_policies.rb +53 -53
- data/lib/resources/aws/aws_iam_policy.rb +125 -125
- data/lib/resources/aws/aws_iam_role.rb +51 -51
- data/lib/resources/aws/aws_iam_root_user.rb +78 -60
- data/lib/resources/aws/aws_iam_user.rb +111 -111
- data/lib/resources/aws/aws_iam_users.rb +108 -108
- data/lib/resources/aws/aws_kms_key.rb +96 -96
- data/lib/resources/aws/aws_kms_keys.rb +53 -53
- data/lib/resources/aws/aws_rds_instance.rb +71 -71
- data/lib/resources/aws/aws_route_table.rb +63 -63
- data/lib/resources/aws/aws_route_tables.rb +60 -0
- data/lib/resources/aws/aws_s3_bucket.rb +115 -115
- data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
- data/lib/resources/aws/aws_s3_buckets.rb +51 -0
- data/lib/resources/aws/aws_security_group.rb +93 -93
- data/lib/resources/aws/aws_security_groups.rb +68 -68
- data/lib/resources/aws/aws_sns_subscription.rb +78 -78
- data/lib/resources/aws/aws_sns_topic.rb +53 -53
- data/lib/resources/aws/aws_sns_topics.rb +56 -56
- data/lib/resources/aws/aws_subnet.rb +88 -88
- data/lib/resources/aws/aws_subnets.rb +53 -53
- data/lib/resources/aws/aws_vpc.rb +69 -69
- data/lib/resources/aws/aws_vpcs.rb +45 -45
- data/lib/resources/azure/azure_backend.rb +377 -377
- data/lib/resources/azure/azure_generic_resource.rb +59 -59
- data/lib/resources/azure/azure_resource_group.rb +152 -152
- data/lib/resources/azure/azure_virtual_machine.rb +264 -264
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
- data/lib/resources/bash.rb +35 -35
- data/lib/resources/bond.rb +69 -69
- data/lib/resources/bridge.rb +122 -122
- data/lib/resources/chocolatey_package.rb +78 -0
- data/lib/resources/command.rb +73 -73
- data/lib/resources/cpan.rb +58 -58
- data/lib/resources/cran.rb +64 -64
- data/lib/resources/crontab.rb +169 -169
- data/lib/resources/csv.rb +56 -56
- data/lib/resources/dh_params.rb +77 -77
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +236 -236
- data/lib/resources/docker_container.rb +89 -89
- data/lib/resources/docker_image.rb +83 -83
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +90 -90
- data/lib/resources/elasticsearch.rb +169 -169
- data/lib/resources/etc_fstab.rb +94 -94
- data/lib/resources/etc_group.rb +152 -152
- data/lib/resources/etc_hosts.rb +66 -66
- data/lib/resources/etc_hosts_allow_deny.rb +112 -112
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +143 -143
- data/lib/resources/gem.rb +70 -70
- data/lib/resources/groups.rb +215 -215
- data/lib/resources/grub_conf.rb +227 -227
- data/lib/resources/host.rb +306 -306
- data/lib/resources/http.rb +253 -253
- data/lib/resources/iis_app.rb +101 -101
- data/lib/resources/iis_site.rb +148 -148
- data/lib/resources/inetd_conf.rb +54 -54
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +129 -129
- data/lib/resources/iptables.rb +80 -80
- data/lib/resources/json.rb +107 -107
- data/lib/resources/kernel_module.rb +107 -107
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +61 -61
- data/lib/resources/limits_conf.rb +46 -46
- data/lib/resources/login_def.rb +57 -57
- data/lib/resources/mount.rb +88 -88
- data/lib/resources/mssql_session.rb +101 -101
- data/lib/resources/mysql.rb +82 -81
- data/lib/resources/mysql_conf.rb +127 -127
- data/lib/resources/mysql_session.rb +85 -85
- data/lib/resources/nginx.rb +96 -96
- data/lib/resources/nginx_conf.rb +226 -226
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +51 -51
- data/lib/resources/oneget.rb +71 -71
- data/lib/resources/oracledb_session.rb +139 -139
- data/lib/resources/os.rb +36 -36
- data/lib/resources/os_env.rb +75 -75
- data/lib/resources/package.rb +370 -370
- data/lib/resources/packages.rb +111 -111
- data/lib/resources/parse_config.rb +112 -112
- data/lib/resources/passwd.rb +76 -76
- data/lib/resources/pip.rb +130 -130
- data/lib/resources/platform.rb +109 -109
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +131 -130
- data/lib/resources/postgres_conf.rb +114 -114
- data/lib/resources/postgres_hba_conf.rb +90 -90
- data/lib/resources/postgres_ident_conf.rb +79 -79
- data/lib/resources/postgres_session.rb +71 -71
- data/lib/resources/powershell.rb +66 -66
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +51 -51
- data/lib/resources/registry_key.rb +297 -297
- data/lib/resources/security_policy.rb +180 -180
- data/lib/resources/service.rb +794 -790
- data/lib/resources/shadow.rb +149 -149
- data/lib/resources/ssh_conf.rb +97 -97
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +28 -28
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +654 -654
- data/lib/resources/vbscript.rb +68 -68
- data/lib/resources/virtualization.rb +247 -247
- data/lib/resources/windows_feature.rb +84 -84
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +102 -102
- data/lib/resources/wmi.rb +110 -110
- data/lib/resources/x509_certificate.rb +137 -137
- data/lib/resources/xinetd.rb +106 -106
- data/lib/resources/xml.rb +46 -46
- data/lib/resources/yaml.rb +43 -43
- data/lib/resources/yum.rb +180 -180
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/file_reader.rb +25 -25
- data/lib/utils/filter.rb +273 -273
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +44 -44
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +85 -85
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +120 -120
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +9 -2
data/docs/resources/group.md.erb
CHANGED
@@ -1,61 +1,61 @@
|
|
1
|
-
---
|
2
|
-
title: About the group Resource
|
3
|
-
platform: os
|
4
|
-
---
|
5
|
-
|
6
|
-
# group
|
7
|
-
|
8
|
-
Use the `group` InSpec audit resource to test groups on the system.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Syntax
|
13
|
-
|
14
|
-
A `group` resource block declares a group, and then the details to be tested, such as if the group is a local group, the group identifier, or if the group exists:
|
15
|
-
|
16
|
-
describe group('group_name') do
|
17
|
-
it { should exist }
|
18
|
-
its('gid') { should eq 0 }
|
19
|
-
end
|
20
|
-
|
21
|
-
where
|
22
|
-
|
23
|
-
* `'group_name'` must specify the name of a group on the system
|
24
|
-
* `exist` and `'gid'` are valid matchers for this resource
|
25
|
-
|
26
|
-
<br>
|
27
|
-
|
28
|
-
## Examples
|
29
|
-
|
30
|
-
The following examples show how to use this InSpec audit resource.
|
31
|
-
|
32
|
-
### Test the group identifier for the root group
|
33
|
-
|
34
|
-
describe group('root') do
|
35
|
-
it { should exist }
|
36
|
-
its('gid') { should eq 0 }
|
37
|
-
end
|
38
|
-
|
39
|
-
<br>
|
40
|
-
|
41
|
-
## Matchers
|
42
|
-
|
43
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
44
|
-
|
45
|
-
### be_local
|
46
|
-
|
47
|
-
The `be_local` matcher tests if the group is a local group:
|
48
|
-
|
49
|
-
it { should be_local }
|
50
|
-
|
51
|
-
### exist
|
52
|
-
|
53
|
-
The `exist` matcher tests if the named user exists:
|
54
|
-
|
55
|
-
it { should exist }
|
56
|
-
|
57
|
-
### gid
|
58
|
-
|
59
|
-
The `gid` matcher tests the named group identifier:
|
60
|
-
|
61
|
-
its('gid') { should eq 1234 }
|
1
|
+
---
|
2
|
+
title: About the group Resource
|
3
|
+
platform: os
|
4
|
+
---
|
5
|
+
|
6
|
+
# group
|
7
|
+
|
8
|
+
Use the `group` InSpec audit resource to test groups on the system.
|
9
|
+
|
10
|
+
<br>
|
11
|
+
|
12
|
+
## Syntax
|
13
|
+
|
14
|
+
A `group` resource block declares a group, and then the details to be tested, such as if the group is a local group, the group identifier, or if the group exists:
|
15
|
+
|
16
|
+
describe group('group_name') do
|
17
|
+
it { should exist }
|
18
|
+
its('gid') { should eq 0 }
|
19
|
+
end
|
20
|
+
|
21
|
+
where
|
22
|
+
|
23
|
+
* `'group_name'` must specify the name of a group on the system
|
24
|
+
* `exist` and `'gid'` are valid matchers for this resource
|
25
|
+
|
26
|
+
<br>
|
27
|
+
|
28
|
+
## Examples
|
29
|
+
|
30
|
+
The following examples show how to use this InSpec audit resource.
|
31
|
+
|
32
|
+
### Test the group identifier for the root group
|
33
|
+
|
34
|
+
describe group('root') do
|
35
|
+
it { should exist }
|
36
|
+
its('gid') { should eq 0 }
|
37
|
+
end
|
38
|
+
|
39
|
+
<br>
|
40
|
+
|
41
|
+
## Matchers
|
42
|
+
|
43
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
44
|
+
|
45
|
+
### be_local
|
46
|
+
|
47
|
+
The `be_local` matcher tests if the group is a local group:
|
48
|
+
|
49
|
+
it { should be_local }
|
50
|
+
|
51
|
+
### exist
|
52
|
+
|
53
|
+
The `exist` matcher tests if the named user exists:
|
54
|
+
|
55
|
+
it { should exist }
|
56
|
+
|
57
|
+
### gid
|
58
|
+
|
59
|
+
The `gid` matcher tests the named group identifier:
|
60
|
+
|
61
|
+
its('gid') { should eq 1234 }
|
@@ -1,101 +1,101 @@
|
|
1
|
-
---
|
2
|
-
title: About the grub_conf Resource
|
3
|
-
platform: linux
|
4
|
-
---
|
5
|
-
|
6
|
-
# grub_conf
|
7
|
-
|
8
|
-
Grub is a boot loader on the Linux platform used to load and then transfer control to an operating system kernel, after which that kernel initializes the rest of the operating system. Use the `grub_conf` InSpec audit resource to test boot loader configuration settings that are defined in the `grub.conf` configuration file.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Syntax
|
13
|
-
|
14
|
-
A `grub_conf` resource block declares a list of settings in a `grub.conf` file:
|
15
|
-
|
16
|
-
describe grub_conf('path', 'kernel') do
|
17
|
-
its('setting') { should eq 'value' }
|
18
|
-
end
|
19
|
-
|
20
|
-
or:
|
21
|
-
|
22
|
-
describe grub_conf('path') do
|
23
|
-
its('default') { should eq '0' } #
|
24
|
-
its('setting') { should eq 'value' }
|
25
|
-
end
|
26
|
-
|
27
|
-
where
|
28
|
-
|
29
|
-
* `'service_name'` is a service listed in the `grub.conf` file
|
30
|
-
* `'path'` is the path to the `grub.conf` file
|
31
|
-
* `'kernel'` specifies the default kernel (by using `'default'`) or a specific kernel; `'default'` defines the position in the list of kernels at which the default kernel is defined, i.e. `should eq '0'` for the first kernel listed or `'path', 'default'` to use the default kernel as specified in the `grub.conf` file
|
32
|
-
* `'value'` is the value that is expected
|
33
|
-
|
34
|
-
<br>
|
35
|
-
|
36
|
-
## Examples
|
37
|
-
|
38
|
-
The following examples show how to use this InSpec audit resource.
|
39
|
-
|
40
|
-
### Test a grub.conf file
|
41
|
-
|
42
|
-
A Grub configuration file located at `/etc/grub.conf` is similar to the following:
|
43
|
-
|
44
|
-
# grub.conf generated by anaconda
|
45
|
-
#
|
46
|
-
# Note: You do not need to rerun grub after making changes to this file
|
47
|
-
# NOTICE: You have a /boot partition. This means that
|
48
|
-
# all kernel and initrd paths are relative to /boot/, eg.
|
49
|
-
# root (hd0,0)
|
50
|
-
# kernel /vmlinuz-version ro root=/dev/hda6
|
51
|
-
# initrd /initrd-version.img
|
52
|
-
#boot=/dev/hda
|
53
|
-
default=0
|
54
|
-
timeout=10
|
55
|
-
splashimage=(hd0,0)/grub/splash.xpm.gz
|
56
|
-
title Red Hat Enterprise Linux ES (2.6.32-573.7.1.el6.x86_64)
|
57
|
-
root (hd0,0)
|
58
|
-
kernel /vmlinuz-2.6.32-573.7.1.el6.x86_64 ro root=/dev/hda6
|
59
|
-
initrd /initrd-2.6.32-573.7.1.el6.x86_64.img
|
60
|
-
title Red Hat Enterprise Linux ES (2.6.32-358.14.1.el6.x86_64)
|
61
|
-
root (hd0,0)
|
62
|
-
kernel /vmlinuz-2.6.32-358.14.1.el6.x86_64 ro root=/dev/hda6 ramdisk_size=400000
|
63
|
-
initrd /initrd-2.6.32-358.14.1.el6.x86_64.img
|
64
|
-
|
65
|
-
This file defines two versions of RedHat Enterprise Linux, with version `2.6.32-573.7.1.el6.x86_64` specified as the default.
|
66
|
-
|
67
|
-
The following test verifies the kernel, ensures that kernel is the default kernel, its initial RAM disk (`initrd`), and the timeout:
|
68
|
-
|
69
|
-
describe grub_conf('/etc/grub.conf', 'default') do
|
70
|
-
its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
|
71
|
-
its('initrd') { should include '/initrd-2.6.32-573.7.1.el6.x86_64.img' }
|
72
|
-
its('default') { should_not eq '1' }
|
73
|
-
its('timeout') { should eq '10' }
|
74
|
-
end
|
75
|
-
|
76
|
-
The following test verifies the `ramdisk_size` for the non-default kernel:
|
77
|
-
|
78
|
-
describe grub_conf('/etc/grub.conf', 'Red Hat Enterprise Linux ES (2.6.32-358.14.1.el6.x86_64)') do
|
79
|
-
its('kernel') { should include 'ramdisk_size=400000' }
|
80
|
-
end
|
81
|
-
|
82
|
-
### Test a configuration file and boot configuration
|
83
|
-
|
84
|
-
describe grub_conf('/etc/grub.conf', 'default') do
|
85
|
-
its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
|
86
|
-
its('initrd') { should include '/initramfs-2.6.32-573.el6.x86_64.img=1' }
|
87
|
-
its('default') { should_not eq '1' }
|
88
|
-
its('timeout') { should eq '5' }
|
89
|
-
end
|
90
|
-
|
91
|
-
### Test a specific kernel
|
92
|
-
|
93
|
-
grub_conf('/etc/grub.conf', 'CentOS (2.6.32-573.12.1.el6.x86_64)') do
|
94
|
-
its('kernel') { should include 'audit=1' }
|
95
|
-
end
|
96
|
-
|
97
|
-
<br>
|
98
|
-
|
99
|
-
## Matchers
|
100
|
-
|
101
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
1
|
+
---
|
2
|
+
title: About the grub_conf Resource
|
3
|
+
platform: linux
|
4
|
+
---
|
5
|
+
|
6
|
+
# grub_conf
|
7
|
+
|
8
|
+
Grub is a boot loader on the Linux platform used to load and then transfer control to an operating system kernel, after which that kernel initializes the rest of the operating system. Use the `grub_conf` InSpec audit resource to test boot loader configuration settings that are defined in the `grub.conf` configuration file.
|
9
|
+
|
10
|
+
<br>
|
11
|
+
|
12
|
+
## Syntax
|
13
|
+
|
14
|
+
A `grub_conf` resource block declares a list of settings in a `grub.conf` file:
|
15
|
+
|
16
|
+
describe grub_conf('path', 'kernel') do
|
17
|
+
its('setting') { should eq 'value' }
|
18
|
+
end
|
19
|
+
|
20
|
+
or:
|
21
|
+
|
22
|
+
describe grub_conf('path') do
|
23
|
+
its('default') { should eq '0' } #
|
24
|
+
its('setting') { should eq 'value' }
|
25
|
+
end
|
26
|
+
|
27
|
+
where
|
28
|
+
|
29
|
+
* `'service_name'` is a service listed in the `grub.conf` file
|
30
|
+
* `'path'` is the path to the `grub.conf` file
|
31
|
+
* `'kernel'` specifies the default kernel (by using `'default'`) or a specific kernel; `'default'` defines the position in the list of kernels at which the default kernel is defined, i.e. `should eq '0'` for the first kernel listed or `'path', 'default'` to use the default kernel as specified in the `grub.conf` file
|
32
|
+
* `'value'` is the value that is expected
|
33
|
+
|
34
|
+
<br>
|
35
|
+
|
36
|
+
## Examples
|
37
|
+
|
38
|
+
The following examples show how to use this InSpec audit resource.
|
39
|
+
|
40
|
+
### Test a grub.conf file
|
41
|
+
|
42
|
+
A Grub configuration file located at `/etc/grub.conf` is similar to the following:
|
43
|
+
|
44
|
+
# grub.conf generated by anaconda
|
45
|
+
#
|
46
|
+
# Note: You do not need to rerun grub after making changes to this file
|
47
|
+
# NOTICE: You have a /boot partition. This means that
|
48
|
+
# all kernel and initrd paths are relative to /boot/, eg.
|
49
|
+
# root (hd0,0)
|
50
|
+
# kernel /vmlinuz-version ro root=/dev/hda6
|
51
|
+
# initrd /initrd-version.img
|
52
|
+
#boot=/dev/hda
|
53
|
+
default=0
|
54
|
+
timeout=10
|
55
|
+
splashimage=(hd0,0)/grub/splash.xpm.gz
|
56
|
+
title Red Hat Enterprise Linux ES (2.6.32-573.7.1.el6.x86_64)
|
57
|
+
root (hd0,0)
|
58
|
+
kernel /vmlinuz-2.6.32-573.7.1.el6.x86_64 ro root=/dev/hda6
|
59
|
+
initrd /initrd-2.6.32-573.7.1.el6.x86_64.img
|
60
|
+
title Red Hat Enterprise Linux ES (2.6.32-358.14.1.el6.x86_64)
|
61
|
+
root (hd0,0)
|
62
|
+
kernel /vmlinuz-2.6.32-358.14.1.el6.x86_64 ro root=/dev/hda6 ramdisk_size=400000
|
63
|
+
initrd /initrd-2.6.32-358.14.1.el6.x86_64.img
|
64
|
+
|
65
|
+
This file defines two versions of RedHat Enterprise Linux, with version `2.6.32-573.7.1.el6.x86_64` specified as the default.
|
66
|
+
|
67
|
+
The following test verifies the kernel, ensures that kernel is the default kernel, its initial RAM disk (`initrd`), and the timeout:
|
68
|
+
|
69
|
+
describe grub_conf('/etc/grub.conf', 'default') do
|
70
|
+
its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
|
71
|
+
its('initrd') { should include '/initrd-2.6.32-573.7.1.el6.x86_64.img' }
|
72
|
+
its('default') { should_not eq '1' }
|
73
|
+
its('timeout') { should eq '10' }
|
74
|
+
end
|
75
|
+
|
76
|
+
The following test verifies the `ramdisk_size` for the non-default kernel:
|
77
|
+
|
78
|
+
describe grub_conf('/etc/grub.conf', 'Red Hat Enterprise Linux ES (2.6.32-358.14.1.el6.x86_64)') do
|
79
|
+
its('kernel') { should include 'ramdisk_size=400000' }
|
80
|
+
end
|
81
|
+
|
82
|
+
### Test a configuration file and boot configuration
|
83
|
+
|
84
|
+
describe grub_conf('/etc/grub.conf', 'default') do
|
85
|
+
its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
|
86
|
+
its('initrd') { should include '/initramfs-2.6.32-573.el6.x86_64.img=1' }
|
87
|
+
its('default') { should_not eq '1' }
|
88
|
+
its('timeout') { should eq '5' }
|
89
|
+
end
|
90
|
+
|
91
|
+
### Test a specific kernel
|
92
|
+
|
93
|
+
grub_conf('/etc/grub.conf', 'CentOS (2.6.32-573.12.1.el6.x86_64)') do
|
94
|
+
its('kernel') { should include 'audit=1' }
|
95
|
+
end
|
96
|
+
|
97
|
+
<br>
|
98
|
+
|
99
|
+
## Matchers
|
100
|
+
|
101
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
data/docs/resources/host.md.erb
CHANGED
@@ -1,86 +1,86 @@
|
|
1
|
-
---
|
2
|
-
title: About the host Resource
|
3
|
-
platform: os
|
4
|
-
---
|
5
|
-
|
6
|
-
# host
|
7
|
-
|
8
|
-
Use the `host` InSpec audit resource to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Syntax
|
13
|
-
|
14
|
-
A `host` resource block declares a host name, and then (depending on what is to be tested) a port and/or a protocol:
|
15
|
-
|
16
|
-
describe host('example.com', port: 80, protocol: 'tcp') do
|
17
|
-
it { should be_reachable }
|
18
|
-
it { should be_resolvable }
|
19
|
-
its('ipaddress') { should include '12.34.56.78' }
|
20
|
-
end
|
21
|
-
|
22
|
-
where
|
23
|
-
|
24
|
-
* `host()` must specify a host name and may specify a port number and/or a protocol
|
25
|
-
* `'example.com'` is the host name
|
26
|
-
* `port:` is the port number
|
27
|
-
* `protocol: 'name'` is the Internet protocol: TCP (`protocol: 'tcp'`), UDP (`protocol: 'udp'` or ICMP (`protocol: 'icmp'`))
|
28
|
-
|
29
|
-
<br>
|
30
|
-
|
31
|
-
## Resource Properties
|
32
|
-
|
33
|
-
* `connection`, `ipaddress`, `protocol`, `socket`
|
34
|
-
|
35
|
-
<br>
|
36
|
-
|
37
|
-
## Resource Examples
|
38
|
-
|
39
|
-
The following examples show how to use this InSpec audit resource.
|
40
|
-
|
41
|
-
### ipaddress
|
42
|
-
|
43
|
-
The `ipaddress` matcher tests if a host name is resolvable to a specific IP address:
|
44
|
-
|
45
|
-
describe host('example.com') do
|
46
|
-
its('ipaddress') { should include '93.184.216.34' }
|
47
|
-
end
|
48
|
-
|
49
|
-
### Verify host name is reachable over a specific protocol and port number
|
50
|
-
|
51
|
-
describe host('example.com', port: 80, protocol: 'tcp') do
|
52
|
-
it { should be_reachable }
|
53
|
-
end
|
54
|
-
|
55
|
-
### Verify that a specific IP address can be resolved
|
56
|
-
|
57
|
-
describe host('example.com') do
|
58
|
-
it { should be_resolvable }
|
59
|
-
its('ipaddress') { should include '93.184.216.34' }
|
60
|
-
end
|
61
|
-
|
62
|
-
### Review the connection setup and socket contents when checking reachability
|
63
|
-
|
64
|
-
describe host('example.com', port: 12345, protocol: 'tcp') do
|
65
|
-
it { should be_reachable }
|
66
|
-
its('connection') { should_not match /connection refused/ }
|
67
|
-
its('socket') { should match /STATUS_OK/ }
|
68
|
-
end
|
69
|
-
|
70
|
-
<br>
|
71
|
-
|
72
|
-
## Matchers
|
73
|
-
|
74
|
-
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
75
|
-
|
76
|
-
### be_reachable
|
77
|
-
|
78
|
-
The `be_reachable` matcher tests if the host name is available:
|
79
|
-
|
80
|
-
it { should be_reachable }
|
81
|
-
|
82
|
-
### be_resolvable
|
83
|
-
|
84
|
-
The `be_resolvable` matcher tests for host name resolution, i.e. "resolvable to an IP address":
|
85
|
-
|
86
|
-
it { should be_resolvable }
|
1
|
+
---
|
2
|
+
title: About the host Resource
|
3
|
+
platform: os
|
4
|
+
---
|
5
|
+
|
6
|
+
# host
|
7
|
+
|
8
|
+
Use the `host` InSpec audit resource to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available.
|
9
|
+
|
10
|
+
<br>
|
11
|
+
|
12
|
+
## Syntax
|
13
|
+
|
14
|
+
A `host` resource block declares a host name, and then (depending on what is to be tested) a port and/or a protocol:
|
15
|
+
|
16
|
+
describe host('example.com', port: 80, protocol: 'tcp') do
|
17
|
+
it { should be_reachable }
|
18
|
+
it { should be_resolvable }
|
19
|
+
its('ipaddress') { should include '12.34.56.78' }
|
20
|
+
end
|
21
|
+
|
22
|
+
where
|
23
|
+
|
24
|
+
* `host()` must specify a host name and may specify a port number and/or a protocol
|
25
|
+
* `'example.com'` is the host name
|
26
|
+
* `port:` is the port number
|
27
|
+
* `protocol: 'name'` is the Internet protocol: TCP (`protocol: 'tcp'`), UDP (`protocol: 'udp'` or ICMP (`protocol: 'icmp'`))
|
28
|
+
|
29
|
+
<br>
|
30
|
+
|
31
|
+
## Resource Properties
|
32
|
+
|
33
|
+
* `connection`, `ipaddress`, `protocol`, `socket`
|
34
|
+
|
35
|
+
<br>
|
36
|
+
|
37
|
+
## Resource Examples
|
38
|
+
|
39
|
+
The following examples show how to use this InSpec audit resource.
|
40
|
+
|
41
|
+
### ipaddress
|
42
|
+
|
43
|
+
The `ipaddress` matcher tests if a host name is resolvable to a specific IP address:
|
44
|
+
|
45
|
+
describe host('example.com') do
|
46
|
+
its('ipaddress') { should include '93.184.216.34' }
|
47
|
+
end
|
48
|
+
|
49
|
+
### Verify host name is reachable over a specific protocol and port number
|
50
|
+
|
51
|
+
describe host('example.com', port: 80, protocol: 'tcp') do
|
52
|
+
it { should be_reachable }
|
53
|
+
end
|
54
|
+
|
55
|
+
### Verify that a specific IP address can be resolved
|
56
|
+
|
57
|
+
describe host('example.com') do
|
58
|
+
it { should be_resolvable }
|
59
|
+
its('ipaddress') { should include '93.184.216.34' }
|
60
|
+
end
|
61
|
+
|
62
|
+
### Review the connection setup and socket contents when checking reachability
|
63
|
+
|
64
|
+
describe host('example.com', port: 12345, protocol: 'tcp') do
|
65
|
+
it { should be_reachable }
|
66
|
+
its('connection') { should_not match /connection refused/ }
|
67
|
+
its('socket') { should match /STATUS_OK/ }
|
68
|
+
end
|
69
|
+
|
70
|
+
<br>
|
71
|
+
|
72
|
+
## Matchers
|
73
|
+
|
74
|
+
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
75
|
+
|
76
|
+
### be_reachable
|
77
|
+
|
78
|
+
The `be_reachable` matcher tests if the host name is available:
|
79
|
+
|
80
|
+
it { should be_reachable }
|
81
|
+
|
82
|
+
### be_resolvable
|
83
|
+
|
84
|
+
The `be_resolvable` matcher tests for host name resolution, i.e. "resolvable to an IP address":
|
85
|
+
|
86
|
+
it { should be_resolvable }
|