inspec 2.1.21 → 2.1.30
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +3062 -3045
- data/Gemfile +56 -56
- data/LICENSE +14 -14
- data/MAINTAINERS.md +33 -33
- data/MAINTAINERS.toml +52 -52
- data/README.md +447 -447
- data/Rakefile +322 -322
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +40 -40
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +100 -100
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +114 -114
- data/docs/matchers.md +169 -169
- data/docs/migration.md +293 -293
- data/docs/platforms.md +118 -118
- data/docs/plugin_kitchen_inspec.md +50 -50
- data/docs/profiles.md +376 -376
- data/docs/reporters.md +105 -105
- data/docs/resources/aide_conf.md.erb +75 -75
- data/docs/resources/apache.md.erb +67 -67
- data/docs/resources/apache_conf.md.erb +68 -68
- data/docs/resources/apt.md.erb +71 -71
- data/docs/resources/audit_policy.md.erb +47 -47
- data/docs/resources/auditd.md.erb +79 -79
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
- data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
- data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
- data/docs/resources/aws_config_delivery_channel.md +79 -79
- data/docs/resources/aws_config_recorder.md.erb +71 -71
- data/docs/resources/aws_ec2_instance.md.erb +106 -106
- data/docs/resources/aws_iam_access_key.md.erb +123 -123
- data/docs/resources/aws_iam_access_keys.md.erb +198 -198
- data/docs/resources/aws_iam_group.md.erb +46 -46
- data/docs/resources/aws_iam_groups.md.erb +43 -43
- data/docs/resources/aws_iam_password_policy.md.erb +76 -76
- data/docs/resources/aws_iam_policies.md.erb +82 -82
- data/docs/resources/aws_iam_policy.md.erb +144 -144
- data/docs/resources/aws_iam_role.md.erb +63 -63
- data/docs/resources/aws_iam_root_user.md.erb +70 -58
- data/docs/resources/aws_iam_user.md.erb +64 -64
- data/docs/resources/aws_iam_users.md.erb +89 -89
- data/docs/resources/aws_kms_key.md.erb +171 -171
- data/docs/resources/aws_kms_keys.md.erb +84 -84
- data/docs/resources/aws_rds_instance.md.erb +60 -60
- data/docs/resources/aws_route_table.md.erb +47 -47
- data/docs/resources/aws_route_tables.md.erb +49 -0
- data/docs/resources/aws_s3_bucket.md.erb +134 -134
- data/docs/resources/aws_s3_bucket_object.md.erb +83 -83
- data/docs/resources/aws_s3_buckets.md.erb +53 -0
- data/docs/resources/aws_security_group.md.erb +151 -151
- data/docs/resources/aws_security_groups.md.erb +91 -91
- data/docs/resources/aws_sns_subscription.md.erb +124 -124
- data/docs/resources/aws_sns_topic.md.erb +63 -63
- data/docs/resources/aws_sns_topics.md.erb +52 -52
- data/docs/resources/aws_subnet.md.erb +134 -134
- data/docs/resources/aws_subnets.md.erb +126 -126
- data/docs/resources/aws_vpc.md.erb +120 -120
- data/docs/resources/aws_vpcs.md.erb +48 -48
- data/docs/resources/azure_generic_resource.md.erb +171 -171
- data/docs/resources/azure_resource_group.md.erb +284 -284
- data/docs/resources/azure_virtual_machine.md.erb +347 -347
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
- data/docs/resources/bash.md.erb +75 -75
- data/docs/resources/bond.md.erb +90 -90
- data/docs/resources/bridge.md.erb +57 -57
- data/docs/resources/bsd_service.md.erb +67 -67
- data/docs/resources/chocolatey_package.md.erb +58 -0
- data/docs/resources/command.md.erb +138 -138
- data/docs/resources/cpan.md.erb +79 -79
- data/docs/resources/cran.md.erb +64 -64
- data/docs/resources/crontab.md.erb +89 -89
- data/docs/resources/csv.md.erb +54 -54
- data/docs/resources/dh_params.md.erb +205 -205
- data/docs/resources/directory.md.erb +30 -30
- data/docs/resources/docker.md.erb +219 -219
- data/docs/resources/docker_container.md.erb +103 -103
- data/docs/resources/docker_image.md.erb +94 -94
- data/docs/resources/docker_service.md.erb +114 -114
- data/docs/resources/elasticsearch.md.erb +242 -242
- data/docs/resources/etc_fstab.md.erb +125 -125
- data/docs/resources/etc_group.md.erb +75 -75
- data/docs/resources/etc_hosts.md.erb +78 -78
- data/docs/resources/etc_hosts_allow.md.erb +74 -74
- data/docs/resources/etc_hosts_deny.md.erb +74 -74
- data/docs/resources/file.md.erb +526 -526
- data/docs/resources/filesystem.md.erb +41 -41
- data/docs/resources/firewalld.md.erb +107 -107
- data/docs/resources/gem.md.erb +79 -79
- data/docs/resources/group.md.erb +61 -61
- data/docs/resources/grub_conf.md.erb +101 -101
- data/docs/resources/host.md.erb +86 -86
- data/docs/resources/http.md.erb +196 -196
- data/docs/resources/iis_app.md.erb +122 -122
- data/docs/resources/iis_site.md.erb +135 -135
- data/docs/resources/inetd_conf.md.erb +94 -94
- data/docs/resources/ini.md.erb +76 -76
- data/docs/resources/interface.md.erb +58 -58
- data/docs/resources/iptables.md.erb +64 -64
- data/docs/resources/json.md.erb +63 -63
- data/docs/resources/kernel_module.md.erb +120 -120
- data/docs/resources/kernel_parameter.md.erb +53 -53
- data/docs/resources/key_rsa.md.erb +85 -85
- data/docs/resources/launchd_service.md.erb +57 -57
- data/docs/resources/limits_conf.md.erb +75 -75
- data/docs/resources/login_defs.md.erb +71 -71
- data/docs/resources/mount.md.erb +69 -69
- data/docs/resources/mssql_session.md.erb +60 -60
- data/docs/resources/mysql_conf.md.erb +99 -99
- data/docs/resources/mysql_session.md.erb +74 -74
- data/docs/resources/nginx.md.erb +79 -79
- data/docs/resources/nginx_conf.md.erb +138 -138
- data/docs/resources/npm.md.erb +60 -60
- data/docs/resources/ntp_conf.md.erb +60 -60
- data/docs/resources/oneget.md.erb +53 -53
- data/docs/resources/oracledb_session.md.erb +52 -52
- data/docs/resources/os.md.erb +141 -141
- data/docs/resources/os_env.md.erb +78 -78
- data/docs/resources/package.md.erb +120 -120
- data/docs/resources/packages.md.erb +67 -67
- data/docs/resources/parse_config.md.erb +103 -103
- data/docs/resources/parse_config_file.md.erb +138 -138
- data/docs/resources/passwd.md.erb +141 -141
- data/docs/resources/pip.md.erb +67 -67
- data/docs/resources/port.md.erb +137 -137
- data/docs/resources/postgres_conf.md.erb +79 -79
- data/docs/resources/postgres_hba_conf.md.erb +93 -93
- data/docs/resources/postgres_ident_conf.md.erb +76 -76
- data/docs/resources/postgres_session.md.erb +69 -69
- data/docs/resources/powershell.md.erb +102 -102
- data/docs/resources/processes.md.erb +109 -109
- data/docs/resources/rabbitmq_config.md.erb +41 -41
- data/docs/resources/registry_key.md.erb +158 -158
- data/docs/resources/runit_service.md.erb +57 -57
- data/docs/resources/security_policy.md.erb +47 -47
- data/docs/resources/service.md.erb +121 -121
- data/docs/resources/shadow.md.erb +146 -146
- data/docs/resources/ssh_config.md.erb +73 -73
- data/docs/resources/sshd_config.md.erb +83 -83
- data/docs/resources/ssl.md.erb +119 -119
- data/docs/resources/sys_info.md.erb +42 -42
- data/docs/resources/systemd_service.md.erb +57 -57
- data/docs/resources/sysv_service.md.erb +57 -57
- data/docs/resources/upstart_service.md.erb +57 -57
- data/docs/resources/user.md.erb +140 -140
- data/docs/resources/users.md.erb +127 -127
- data/docs/resources/vbscript.md.erb +55 -55
- data/docs/resources/virtualization.md.erb +57 -57
- data/docs/resources/windows_feature.md.erb +47 -47
- data/docs/resources/windows_hotfix.md.erb +53 -53
- data/docs/resources/windows_task.md.erb +95 -95
- data/docs/resources/wmi.md.erb +81 -81
- data/docs/resources/x509_certificate.md.erb +151 -151
- data/docs/resources/xinetd_conf.md.erb +156 -156
- data/docs/resources/xml.md.erb +85 -85
- data/docs/resources/yaml.md.erb +69 -69
- data/docs/resources/yum.md.erb +98 -98
- data/docs/resources/zfs_dataset.md.erb +53 -53
- data/docs/resources/zfs_pool.md.erb +47 -47
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +217 -217
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +22 -22
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
- data/examples/profile-aws/inspec.yml +11 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
- data/examples/profile-azure/inspec.yml +11 -11
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +59 -53
- data/inspec.gemspec +47 -47
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +185 -185
- data/lib/bundles/inspec-compliance/api.rb +316 -316
- data/lib/bundles/inspec-compliance/api/login.rb +152 -152
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +254 -254
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +86 -86
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +98 -98
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +391 -391
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +73 -73
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +204 -204
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +93 -93
- data/lib/inspec/base_cli.rb +363 -357
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +292 -292
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +14 -13
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +259 -250
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +247 -247
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +65 -65
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +135 -135
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +513 -513
- data/lib/inspec/profile_context.rb +208 -208
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +60 -54
- data/lib/inspec/reporters/automate.rb +76 -0
- data/lib/inspec/reporters/base.rb +25 -24
- data/lib/inspec/reporters/cli.rb +356 -356
- data/lib/inspec/reporters/json.rb +116 -116
- data/lib/inspec/reporters/json_min.rb +48 -48
- data/lib/inspec/reporters/junit.rb +77 -77
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +187 -186
- data/lib/inspec/rule.rb +266 -266
- data/lib/inspec/runner.rb +345 -345
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +175 -175
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +213 -213
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +220 -220
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +339 -339
- data/lib/resource_support/aws.rb +49 -47
- data/lib/resource_support/aws/aws_backend_base.rb +12 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
- data/lib/resources/aide_conf.rb +151 -151
- data/lib/resources/apache.rb +48 -48
- data/lib/resources/apache_conf.rb +149 -149
- data/lib/resources/apt.rb +149 -149
- data/lib/resources/audit_policy.rb +63 -63
- data/lib/resources/auditd.rb +231 -231
- data/lib/resources/auditd_conf.rb +46 -46
- data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
- data/lib/resources/aws/aws_config_delivery_channel.rb +76 -76
- data/lib/resources/aws/aws_config_recorder.rb +98 -98
- data/lib/resources/aws/aws_ec2_instance.rb +157 -157
- data/lib/resources/aws/aws_iam_access_key.rb +106 -106
- data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
- data/lib/resources/aws/aws_iam_group.rb +56 -56
- data/lib/resources/aws/aws_iam_groups.rb +52 -52
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
- data/lib/resources/aws/aws_iam_policies.rb +53 -53
- data/lib/resources/aws/aws_iam_policy.rb +125 -125
- data/lib/resources/aws/aws_iam_role.rb +51 -51
- data/lib/resources/aws/aws_iam_root_user.rb +78 -60
- data/lib/resources/aws/aws_iam_user.rb +111 -111
- data/lib/resources/aws/aws_iam_users.rb +108 -108
- data/lib/resources/aws/aws_kms_key.rb +96 -96
- data/lib/resources/aws/aws_kms_keys.rb +53 -53
- data/lib/resources/aws/aws_rds_instance.rb +71 -71
- data/lib/resources/aws/aws_route_table.rb +63 -63
- data/lib/resources/aws/aws_route_tables.rb +60 -0
- data/lib/resources/aws/aws_s3_bucket.rb +115 -115
- data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
- data/lib/resources/aws/aws_s3_buckets.rb +51 -0
- data/lib/resources/aws/aws_security_group.rb +93 -93
- data/lib/resources/aws/aws_security_groups.rb +68 -68
- data/lib/resources/aws/aws_sns_subscription.rb +78 -78
- data/lib/resources/aws/aws_sns_topic.rb +53 -53
- data/lib/resources/aws/aws_sns_topics.rb +56 -56
- data/lib/resources/aws/aws_subnet.rb +88 -88
- data/lib/resources/aws/aws_subnets.rb +53 -53
- data/lib/resources/aws/aws_vpc.rb +69 -69
- data/lib/resources/aws/aws_vpcs.rb +45 -45
- data/lib/resources/azure/azure_backend.rb +377 -377
- data/lib/resources/azure/azure_generic_resource.rb +59 -59
- data/lib/resources/azure/azure_resource_group.rb +152 -152
- data/lib/resources/azure/azure_virtual_machine.rb +264 -264
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
- data/lib/resources/bash.rb +35 -35
- data/lib/resources/bond.rb +69 -69
- data/lib/resources/bridge.rb +122 -122
- data/lib/resources/chocolatey_package.rb +78 -0
- data/lib/resources/command.rb +73 -73
- data/lib/resources/cpan.rb +58 -58
- data/lib/resources/cran.rb +64 -64
- data/lib/resources/crontab.rb +169 -169
- data/lib/resources/csv.rb +56 -56
- data/lib/resources/dh_params.rb +77 -77
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +236 -236
- data/lib/resources/docker_container.rb +89 -89
- data/lib/resources/docker_image.rb +83 -83
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +90 -90
- data/lib/resources/elasticsearch.rb +169 -169
- data/lib/resources/etc_fstab.rb +94 -94
- data/lib/resources/etc_group.rb +152 -152
- data/lib/resources/etc_hosts.rb +66 -66
- data/lib/resources/etc_hosts_allow_deny.rb +112 -112
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +143 -143
- data/lib/resources/gem.rb +70 -70
- data/lib/resources/groups.rb +215 -215
- data/lib/resources/grub_conf.rb +227 -227
- data/lib/resources/host.rb +306 -306
- data/lib/resources/http.rb +253 -253
- data/lib/resources/iis_app.rb +101 -101
- data/lib/resources/iis_site.rb +148 -148
- data/lib/resources/inetd_conf.rb +54 -54
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +129 -129
- data/lib/resources/iptables.rb +80 -80
- data/lib/resources/json.rb +107 -107
- data/lib/resources/kernel_module.rb +107 -107
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +61 -61
- data/lib/resources/limits_conf.rb +46 -46
- data/lib/resources/login_def.rb +57 -57
- data/lib/resources/mount.rb +88 -88
- data/lib/resources/mssql_session.rb +101 -101
- data/lib/resources/mysql.rb +82 -81
- data/lib/resources/mysql_conf.rb +127 -127
- data/lib/resources/mysql_session.rb +85 -85
- data/lib/resources/nginx.rb +96 -96
- data/lib/resources/nginx_conf.rb +226 -226
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +51 -51
- data/lib/resources/oneget.rb +71 -71
- data/lib/resources/oracledb_session.rb +139 -139
- data/lib/resources/os.rb +36 -36
- data/lib/resources/os_env.rb +75 -75
- data/lib/resources/package.rb +370 -370
- data/lib/resources/packages.rb +111 -111
- data/lib/resources/parse_config.rb +112 -112
- data/lib/resources/passwd.rb +76 -76
- data/lib/resources/pip.rb +130 -130
- data/lib/resources/platform.rb +109 -109
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +131 -130
- data/lib/resources/postgres_conf.rb +114 -114
- data/lib/resources/postgres_hba_conf.rb +90 -90
- data/lib/resources/postgres_ident_conf.rb +79 -79
- data/lib/resources/postgres_session.rb +71 -71
- data/lib/resources/powershell.rb +66 -66
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +51 -51
- data/lib/resources/registry_key.rb +297 -297
- data/lib/resources/security_policy.rb +180 -180
- data/lib/resources/service.rb +794 -790
- data/lib/resources/shadow.rb +149 -149
- data/lib/resources/ssh_conf.rb +97 -97
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +28 -28
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +654 -654
- data/lib/resources/vbscript.rb +68 -68
- data/lib/resources/virtualization.rb +247 -247
- data/lib/resources/windows_feature.rb +84 -84
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +102 -102
- data/lib/resources/wmi.rb +110 -110
- data/lib/resources/x509_certificate.rb +137 -137
- data/lib/resources/xinetd.rb +106 -106
- data/lib/resources/xml.rb +46 -46
- data/lib/resources/yaml.rb +43 -43
- data/lib/resources/yum.rb +180 -180
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/file_reader.rb +25 -25
- data/lib/utils/filter.rb +273 -273
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +44 -44
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +85 -85
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +120 -120
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +9 -2
@@ -1,47 +1,47 @@
|
|
1
|
-
---
|
2
|
-
title: About the windows_feature Resource
|
3
|
-
platform: windows
|
4
|
-
---
|
5
|
-
|
6
|
-
# windows_feature
|
7
|
-
|
8
|
-
Use the `windows_feature` InSpec audit resource to test features on Windows via the `Get-WindowsFeature` cmdlet.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Syntax
|
13
|
-
|
14
|
-
A `windows_feature` resource block declares the name of the Windows feature, tests if that feature is installed, and then returns information about that feature:
|
15
|
-
|
16
|
-
describe windows_feature('feature_name') do
|
17
|
-
it { should be_installed }
|
18
|
-
end
|
19
|
-
|
20
|
-
where
|
21
|
-
|
22
|
-
* `('feature_name')` must specify a Windows feature name, such as `DHCP Server` or `IIS-Webserver`
|
23
|
-
* `be_installed` is a valid matcher for this resource
|
24
|
-
|
25
|
-
<br>
|
26
|
-
|
27
|
-
## Examples
|
28
|
-
|
29
|
-
The following examples show how to use this InSpec audit resource.
|
30
|
-
|
31
|
-
### Test the DHCP Server feature
|
32
|
-
|
33
|
-
describe windows_feature('DHCP Server') do
|
34
|
-
it{ should be_installed }
|
35
|
-
end
|
36
|
-
|
37
|
-
<br>
|
38
|
-
|
39
|
-
## Matchers
|
40
|
-
|
41
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
42
|
-
|
43
|
-
### be_installed
|
44
|
-
|
45
|
-
The `be_installed` matcher tests if the named Windows feature is installed:
|
46
|
-
|
47
|
-
it { should be_installed }
|
1
|
+
---
|
2
|
+
title: About the windows_feature Resource
|
3
|
+
platform: windows
|
4
|
+
---
|
5
|
+
|
6
|
+
# windows_feature
|
7
|
+
|
8
|
+
Use the `windows_feature` InSpec audit resource to test features on Windows via the `Get-WindowsFeature` cmdlet.
|
9
|
+
|
10
|
+
<br>
|
11
|
+
|
12
|
+
## Syntax
|
13
|
+
|
14
|
+
A `windows_feature` resource block declares the name of the Windows feature, tests if that feature is installed, and then returns information about that feature:
|
15
|
+
|
16
|
+
describe windows_feature('feature_name') do
|
17
|
+
it { should be_installed }
|
18
|
+
end
|
19
|
+
|
20
|
+
where
|
21
|
+
|
22
|
+
* `('feature_name')` must specify a Windows feature name, such as `DHCP Server` or `IIS-Webserver`
|
23
|
+
* `be_installed` is a valid matcher for this resource
|
24
|
+
|
25
|
+
<br>
|
26
|
+
|
27
|
+
## Examples
|
28
|
+
|
29
|
+
The following examples show how to use this InSpec audit resource.
|
30
|
+
|
31
|
+
### Test the DHCP Server feature
|
32
|
+
|
33
|
+
describe windows_feature('DHCP Server') do
|
34
|
+
it{ should be_installed }
|
35
|
+
end
|
36
|
+
|
37
|
+
<br>
|
38
|
+
|
39
|
+
## Matchers
|
40
|
+
|
41
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
42
|
+
|
43
|
+
### be_installed
|
44
|
+
|
45
|
+
The `be_installed` matcher tests if the named Windows feature is installed:
|
46
|
+
|
47
|
+
it { should be_installed }
|
@@ -1,53 +1,53 @@
|
|
1
|
-
---
|
2
|
-
title: About the windows_hotfix Resource
|
3
|
-
platform: windows
|
4
|
-
---
|
5
|
-
|
6
|
-
# windows_hotfix
|
7
|
-
|
8
|
-
Use the `windows_hotfix` InSpec audit resource to test if the hotfix has been installed on a Windows system.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Syntax
|
13
|
-
|
14
|
-
A `windows_hotfix` resource block declares a hotfix to validate:
|
15
|
-
|
16
|
-
describe windows_hotfix('name') do
|
17
|
-
it { should be_installed }
|
18
|
-
end
|
19
|
-
|
20
|
-
where
|
21
|
-
|
22
|
-
* `('name')` must specify the name of a hotfix, such as `'KB4012213'`
|
23
|
-
* `be_installed` is a valid matcher for this resource
|
24
|
-
|
25
|
-
<br>
|
26
|
-
|
27
|
-
## Examples
|
28
|
-
|
29
|
-
The following examples show how to use this InSpec audit resource.
|
30
|
-
|
31
|
-
### Test if KB4012213 is installed
|
32
|
-
|
33
|
-
describe windows_hotfix('KB4012213') do
|
34
|
-
it { should be_installed }
|
35
|
-
end
|
36
|
-
|
37
|
-
### Test that a hotfix is not installed
|
38
|
-
|
39
|
-
describe windows_hotfix('KB9999999') do
|
40
|
-
it { should_not be_installed }
|
41
|
-
end
|
42
|
-
|
43
|
-
<br>
|
44
|
-
|
45
|
-
## Matchers
|
46
|
-
|
47
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
48
|
-
|
49
|
-
### be_installed
|
50
|
-
|
51
|
-
The `be_installed` matcher tests if the named hotfix is installed on the system:
|
52
|
-
|
53
|
-
it { should be_installed }
|
1
|
+
---
|
2
|
+
title: About the windows_hotfix Resource
|
3
|
+
platform: windows
|
4
|
+
---
|
5
|
+
|
6
|
+
# windows_hotfix
|
7
|
+
|
8
|
+
Use the `windows_hotfix` InSpec audit resource to test if the hotfix has been installed on a Windows system.
|
9
|
+
|
10
|
+
<br>
|
11
|
+
|
12
|
+
## Syntax
|
13
|
+
|
14
|
+
A `windows_hotfix` resource block declares a hotfix to validate:
|
15
|
+
|
16
|
+
describe windows_hotfix('name') do
|
17
|
+
it { should be_installed }
|
18
|
+
end
|
19
|
+
|
20
|
+
where
|
21
|
+
|
22
|
+
* `('name')` must specify the name of a hotfix, such as `'KB4012213'`
|
23
|
+
* `be_installed` is a valid matcher for this resource
|
24
|
+
|
25
|
+
<br>
|
26
|
+
|
27
|
+
## Examples
|
28
|
+
|
29
|
+
The following examples show how to use this InSpec audit resource.
|
30
|
+
|
31
|
+
### Test if KB4012213 is installed
|
32
|
+
|
33
|
+
describe windows_hotfix('KB4012213') do
|
34
|
+
it { should be_installed }
|
35
|
+
end
|
36
|
+
|
37
|
+
### Test that a hotfix is not installed
|
38
|
+
|
39
|
+
describe windows_hotfix('KB9999999') do
|
40
|
+
it { should_not be_installed }
|
41
|
+
end
|
42
|
+
|
43
|
+
<br>
|
44
|
+
|
45
|
+
## Matchers
|
46
|
+
|
47
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
48
|
+
|
49
|
+
### be_installed
|
50
|
+
|
51
|
+
The `be_installed` matcher tests if the named hotfix is installed on the system:
|
52
|
+
|
53
|
+
it { should be_installed }
|
@@ -1,95 +1,95 @@
|
|
1
|
-
---
|
2
|
-
title: About the windows_task Resource
|
3
|
-
platform: windows
|
4
|
-
---
|
5
|
-
|
6
|
-
# windows_task
|
7
|
-
|
8
|
-
Use the `windows_task` InSpec audit resource to test a scheduled tasks configuration on a Windows platform.
|
9
|
-
Microsoft and application vendors use scheduled tasks to perform a variety of system maintenance tasks but system administrators can schedule their own.
|
10
|
-
|
11
|
-
<br>
|
12
|
-
|
13
|
-
## Syntax
|
14
|
-
|
15
|
-
A `windows_task` resource block declares the name of the task (as its full path) and tests its configuration:
|
16
|
-
|
17
|
-
describe windows_task('task name uri') do
|
18
|
-
its('parameter') { should eq 'value' }
|
19
|
-
it { should be_enabled }
|
20
|
-
end
|
21
|
-
|
22
|
-
where
|
23
|
-
|
24
|
-
* `'parameter'` must be a valid parameter defined within this resource ie `logon_mode`, `last_result`, `task_to_run`, `run_as_user`
|
25
|
-
* `'value'` will be used to compare the value gather from your chosen parameter
|
26
|
-
* `'be_enabled'` is an example of a valid matcher that checks the state of a task, other examples are `exist` or `be_disabled`
|
27
|
-
|
28
|
-
<br>
|
29
|
-
|
30
|
-
## Examples
|
31
|
-
|
32
|
-
The following examples show how to use this InSpec resource.
|
33
|
-
|
34
|
-
### Tests that a task is enabled
|
35
|
-
|
36
|
-
```ruby
|
37
|
-
describe windows_task('\Microsoft\Windows\Time Synchronization\SynchronizeTime') do
|
38
|
-
it { should be_enabled }
|
39
|
-
end
|
40
|
-
```
|
41
|
-
|
42
|
-
### Tests that a task is disabled
|
43
|
-
|
44
|
-
```ruby
|
45
|
-
describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
|
46
|
-
it { should be_disabled }
|
47
|
-
end
|
48
|
-
```
|
49
|
-
|
50
|
-
### Tests the configuration parameters of a task
|
51
|
-
|
52
|
-
```ruby
|
53
|
-
describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
|
54
|
-
its('logon_mode') { should eq 'Interactive/Background' }
|
55
|
-
its('last_result') { should eq '1' }
|
56
|
-
its('task_to_run') { should cmp '%Windir%\system32\appidpolicyconverter.exe' }
|
57
|
-
its('run_as_user') { should eq 'LOCAL SERVICE' }
|
58
|
-
end
|
59
|
-
```
|
60
|
-
|
61
|
-
### Tests that a task is defined
|
62
|
-
|
63
|
-
```ruby
|
64
|
-
describe windows_task('\Microsoft\Windows\Defrag\ScheduledDefrag') do
|
65
|
-
it { should exist }
|
66
|
-
end
|
67
|
-
```
|
68
|
-
|
69
|
-
## Gathering Tasknames
|
70
|
-
|
71
|
-
Rather then use the GUI you can use the `schtasks.exe` to output a full list of tasks available on the system
|
72
|
-
|
73
|
-
`schtasks /query /FO list`
|
74
|
-
|
75
|
-
rather than use the `list` output you can use `CSV` if it is easier.
|
76
|
-
|
77
|
-
Please make sure you use the full TaskName (include the prefix `\`) within your control
|
78
|
-
|
79
|
-
```ruby
|
80
|
-
C:\>schtasks /query /FO list
|
81
|
-
...
|
82
|
-
Folder: \Microsoft\Windows\Diagnosis
|
83
|
-
HostName: XPS15
|
84
|
-
TaskName: \Microsoft\Windows\Diagnosis\Scheduled
|
85
|
-
Next Run Time: N/A
|
86
|
-
Status: Ready
|
87
|
-
Logon Mode: Interactive/Background
|
88
|
-
...
|
89
|
-
```
|
90
|
-
|
91
|
-
<br>
|
92
|
-
|
93
|
-
## Matchers
|
94
|
-
|
95
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
1
|
+
---
|
2
|
+
title: About the windows_task Resource
|
3
|
+
platform: windows
|
4
|
+
---
|
5
|
+
|
6
|
+
# windows_task
|
7
|
+
|
8
|
+
Use the `windows_task` InSpec audit resource to test a scheduled tasks configuration on a Windows platform.
|
9
|
+
Microsoft and application vendors use scheduled tasks to perform a variety of system maintenance tasks but system administrators can schedule their own.
|
10
|
+
|
11
|
+
<br>
|
12
|
+
|
13
|
+
## Syntax
|
14
|
+
|
15
|
+
A `windows_task` resource block declares the name of the task (as its full path) and tests its configuration:
|
16
|
+
|
17
|
+
describe windows_task('task name uri') do
|
18
|
+
its('parameter') { should eq 'value' }
|
19
|
+
it { should be_enabled }
|
20
|
+
end
|
21
|
+
|
22
|
+
where
|
23
|
+
|
24
|
+
* `'parameter'` must be a valid parameter defined within this resource ie `logon_mode`, `last_result`, `task_to_run`, `run_as_user`
|
25
|
+
* `'value'` will be used to compare the value gather from your chosen parameter
|
26
|
+
* `'be_enabled'` is an example of a valid matcher that checks the state of a task, other examples are `exist` or `be_disabled`
|
27
|
+
|
28
|
+
<br>
|
29
|
+
|
30
|
+
## Examples
|
31
|
+
|
32
|
+
The following examples show how to use this InSpec resource.
|
33
|
+
|
34
|
+
### Tests that a task is enabled
|
35
|
+
|
36
|
+
```ruby
|
37
|
+
describe windows_task('\Microsoft\Windows\Time Synchronization\SynchronizeTime') do
|
38
|
+
it { should be_enabled }
|
39
|
+
end
|
40
|
+
```
|
41
|
+
|
42
|
+
### Tests that a task is disabled
|
43
|
+
|
44
|
+
```ruby
|
45
|
+
describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
|
46
|
+
it { should be_disabled }
|
47
|
+
end
|
48
|
+
```
|
49
|
+
|
50
|
+
### Tests the configuration parameters of a task
|
51
|
+
|
52
|
+
```ruby
|
53
|
+
describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
|
54
|
+
its('logon_mode') { should eq 'Interactive/Background' }
|
55
|
+
its('last_result') { should eq '1' }
|
56
|
+
its('task_to_run') { should cmp '%Windir%\system32\appidpolicyconverter.exe' }
|
57
|
+
its('run_as_user') { should eq 'LOCAL SERVICE' }
|
58
|
+
end
|
59
|
+
```
|
60
|
+
|
61
|
+
### Tests that a task is defined
|
62
|
+
|
63
|
+
```ruby
|
64
|
+
describe windows_task('\Microsoft\Windows\Defrag\ScheduledDefrag') do
|
65
|
+
it { should exist }
|
66
|
+
end
|
67
|
+
```
|
68
|
+
|
69
|
+
## Gathering Tasknames
|
70
|
+
|
71
|
+
Rather then use the GUI you can use the `schtasks.exe` to output a full list of tasks available on the system
|
72
|
+
|
73
|
+
`schtasks /query /FO list`
|
74
|
+
|
75
|
+
rather than use the `list` output you can use `CSV` if it is easier.
|
76
|
+
|
77
|
+
Please make sure you use the full TaskName (include the prefix `\`) within your control
|
78
|
+
|
79
|
+
```ruby
|
80
|
+
C:\>schtasks /query /FO list
|
81
|
+
...
|
82
|
+
Folder: \Microsoft\Windows\Diagnosis
|
83
|
+
HostName: XPS15
|
84
|
+
TaskName: \Microsoft\Windows\Diagnosis\Scheduled
|
85
|
+
Next Run Time: N/A
|
86
|
+
Status: Ready
|
87
|
+
Logon Mode: Interactive/Background
|
88
|
+
...
|
89
|
+
```
|
90
|
+
|
91
|
+
<br>
|
92
|
+
|
93
|
+
## Matchers
|
94
|
+
|
95
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
data/docs/resources/wmi.md.erb
CHANGED
@@ -1,81 +1,81 @@
|
|
1
|
-
---
|
2
|
-
title: About the wmi Resource
|
3
|
-
platform: windows
|
4
|
-
---
|
5
|
-
|
6
|
-
# wmi
|
7
|
-
|
8
|
-
Use the `wmi` InSpec audit resource to test WMI settings on the Windows platform.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Syntax
|
13
|
-
|
14
|
-
A `wmi` resource block tests WMI settings on the Windows platform:
|
15
|
-
|
16
|
-
describe wmi({
|
17
|
-
class: 'class_name'
|
18
|
-
namespace: 'path\\to\\setting'
|
19
|
-
filter: 'filter'
|
20
|
-
query: 'query'
|
21
|
-
}) do
|
22
|
-
its('setting_name') { should eq '' }
|
23
|
-
end
|
24
|
-
|
25
|
-
where
|
26
|
-
|
27
|
-
* `class`, `namespace`, `filter`, and `query` comprise a Ruby Hash of the WMI object
|
28
|
-
* `('class')` is the WMI class to which the setting belongs, such as `win32_service`
|
29
|
-
* `('namespace')` is path to that object, such as `root\\cimv2`
|
30
|
-
* Use `('filter')` fine-tune the information defined by the WMI class, such as to find a specific service (`filter: "name like '%winrm%'")`, to find a specific setting (`filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'`), and so on
|
31
|
-
* Use `('query')` to run a query that returns data to be tested, such as `"SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"`
|
32
|
-
* `('setting_name')` is a setting in the WMI object to be tested, and then `should eq ''` is the expected value for that setting
|
33
|
-
|
34
|
-
For example, both of the following tests will verify if WinRM is present on the target node. The first tests if WinRM belongs to the list of services running under the `win32_service` class:
|
35
|
-
|
36
|
-
describe wmi({class: 'win32_service'}) do
|
37
|
-
its('DisplayName') { should include 'Windows Remote Management (WS-Management)'}
|
38
|
-
end
|
39
|
-
|
40
|
-
and the second uses a filter in the Ruby Hash to first identify WinRM, and then perform additional tests:
|
41
|
-
|
42
|
-
describe wmi({
|
43
|
-
class: 'win32_service',
|
44
|
-
filter: "name like '%winrm%'"
|
45
|
-
}) do
|
46
|
-
its('Status') { should cmp 'ok' }
|
47
|
-
its('State') { should cmp 'Running' }
|
48
|
-
its('ExitCode') { should cmp 0 }
|
49
|
-
its('DisplayName') { should eq 'Windows Remote Management (WS-Management)'}
|
50
|
-
end
|
51
|
-
|
52
|
-
<br>
|
53
|
-
|
54
|
-
## Examples
|
55
|
-
|
56
|
-
The following examples show how to use this InSpec audit resource.
|
57
|
-
|
58
|
-
### Test a password expiration policy
|
59
|
-
|
60
|
-
describe wmi({
|
61
|
-
class: 'RSOP_SecuritySettingNumeric',
|
62
|
-
namespace: 'root\\rsop\\computer',
|
63
|
-
filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
|
64
|
-
}) do
|
65
|
-
its('Setting') { should eq 1 }
|
66
|
-
end
|
67
|
-
|
68
|
-
### Test if an anonymous user can query the Local Security Authority (LSA)
|
69
|
-
|
70
|
-
describe wmi({
|
71
|
-
namespace: 'root\rsop\computer',
|
72
|
-
query: "SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"
|
73
|
-
}) do
|
74
|
-
its('Setting') { should eq false }
|
75
|
-
end
|
76
|
-
|
77
|
-
<br>
|
78
|
-
|
79
|
-
## Matchers
|
80
|
-
|
81
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
1
|
+
---
|
2
|
+
title: About the wmi Resource
|
3
|
+
platform: windows
|
4
|
+
---
|
5
|
+
|
6
|
+
# wmi
|
7
|
+
|
8
|
+
Use the `wmi` InSpec audit resource to test WMI settings on the Windows platform.
|
9
|
+
|
10
|
+
<br>
|
11
|
+
|
12
|
+
## Syntax
|
13
|
+
|
14
|
+
A `wmi` resource block tests WMI settings on the Windows platform:
|
15
|
+
|
16
|
+
describe wmi({
|
17
|
+
class: 'class_name'
|
18
|
+
namespace: 'path\\to\\setting'
|
19
|
+
filter: 'filter'
|
20
|
+
query: 'query'
|
21
|
+
}) do
|
22
|
+
its('setting_name') { should eq '' }
|
23
|
+
end
|
24
|
+
|
25
|
+
where
|
26
|
+
|
27
|
+
* `class`, `namespace`, `filter`, and `query` comprise a Ruby Hash of the WMI object
|
28
|
+
* `('class')` is the WMI class to which the setting belongs, such as `win32_service`
|
29
|
+
* `('namespace')` is path to that object, such as `root\\cimv2`
|
30
|
+
* Use `('filter')` fine-tune the information defined by the WMI class, such as to find a specific service (`filter: "name like '%winrm%'")`, to find a specific setting (`filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'`), and so on
|
31
|
+
* Use `('query')` to run a query that returns data to be tested, such as `"SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"`
|
32
|
+
* `('setting_name')` is a setting in the WMI object to be tested, and then `should eq ''` is the expected value for that setting
|
33
|
+
|
34
|
+
For example, both of the following tests will verify if WinRM is present on the target node. The first tests if WinRM belongs to the list of services running under the `win32_service` class:
|
35
|
+
|
36
|
+
describe wmi({class: 'win32_service'}) do
|
37
|
+
its('DisplayName') { should include 'Windows Remote Management (WS-Management)'}
|
38
|
+
end
|
39
|
+
|
40
|
+
and the second uses a filter in the Ruby Hash to first identify WinRM, and then perform additional tests:
|
41
|
+
|
42
|
+
describe wmi({
|
43
|
+
class: 'win32_service',
|
44
|
+
filter: "name like '%winrm%'"
|
45
|
+
}) do
|
46
|
+
its('Status') { should cmp 'ok' }
|
47
|
+
its('State') { should cmp 'Running' }
|
48
|
+
its('ExitCode') { should cmp 0 }
|
49
|
+
its('DisplayName') { should eq 'Windows Remote Management (WS-Management)'}
|
50
|
+
end
|
51
|
+
|
52
|
+
<br>
|
53
|
+
|
54
|
+
## Examples
|
55
|
+
|
56
|
+
The following examples show how to use this InSpec audit resource.
|
57
|
+
|
58
|
+
### Test a password expiration policy
|
59
|
+
|
60
|
+
describe wmi({
|
61
|
+
class: 'RSOP_SecuritySettingNumeric',
|
62
|
+
namespace: 'root\\rsop\\computer',
|
63
|
+
filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
|
64
|
+
}) do
|
65
|
+
its('Setting') { should eq 1 }
|
66
|
+
end
|
67
|
+
|
68
|
+
### Test if an anonymous user can query the Local Security Authority (LSA)
|
69
|
+
|
70
|
+
describe wmi({
|
71
|
+
namespace: 'root\rsop\computer',
|
72
|
+
query: "SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"
|
73
|
+
}) do
|
74
|
+
its('Setting') { should eq false }
|
75
|
+
end
|
76
|
+
|
77
|
+
<br>
|
78
|
+
|
79
|
+
## Matchers
|
80
|
+
|
81
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|