RubyGems - inspec - Versions diffs - 2.1.21 → 2.1.30 - Mend

inspec 2.1.21 → 2.1.30

Files changed (502) hide show

checksums.yaml +4 -4
data/.rubocop.yml +101 -101
data/CHANGELOG.md +3062 -3045
data/Gemfile +56 -56
data/LICENSE +14 -14
data/MAINTAINERS.md +33 -33
data/MAINTAINERS.toml +52 -52
data/README.md +447 -447
data/Rakefile +322 -322
data/bin/inspec +12 -12
data/docs/.gitignore +2 -2
data/docs/README.md +40 -40
data/docs/dsl_inspec.md +258 -258
data/docs/dsl_resource.md +100 -100
data/docs/glossary.md +99 -99
data/docs/habitat.md +191 -191
data/docs/inspec_and_friends.md +114 -114
data/docs/matchers.md +169 -169
data/docs/migration.md +293 -293
data/docs/platforms.md +118 -118
data/docs/plugin_kitchen_inspec.md +50 -50
data/docs/profiles.md +376 -376
data/docs/reporters.md +105 -105
data/docs/resources/aide_conf.md.erb +75 -75
data/docs/resources/apache.md.erb +67 -67
data/docs/resources/apache_conf.md.erb +68 -68
data/docs/resources/apt.md.erb +71 -71
data/docs/resources/audit_policy.md.erb +47 -47
data/docs/resources/auditd.md.erb +79 -79
data/docs/resources/auditd_conf.md.erb +68 -68
data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
data/docs/resources/aws_config_delivery_channel.md +79 -79
data/docs/resources/aws_config_recorder.md.erb +71 -71
data/docs/resources/aws_ec2_instance.md.erb +106 -106
data/docs/resources/aws_iam_access_key.md.erb +123 -123
data/docs/resources/aws_iam_access_keys.md.erb +198 -198
data/docs/resources/aws_iam_group.md.erb +46 -46
data/docs/resources/aws_iam_groups.md.erb +43 -43
data/docs/resources/aws_iam_password_policy.md.erb +76 -76
data/docs/resources/aws_iam_policies.md.erb +82 -82
data/docs/resources/aws_iam_policy.md.erb +144 -144
data/docs/resources/aws_iam_role.md.erb +63 -63
data/docs/resources/aws_iam_root_user.md.erb +70 -58
data/docs/resources/aws_iam_user.md.erb +64 -64
data/docs/resources/aws_iam_users.md.erb +89 -89
data/docs/resources/aws_kms_key.md.erb +171 -171
data/docs/resources/aws_kms_keys.md.erb +84 -84
data/docs/resources/aws_rds_instance.md.erb +60 -60
data/docs/resources/aws_route_table.md.erb +47 -47
data/docs/resources/aws_route_tables.md.erb +49 -0
data/docs/resources/aws_s3_bucket.md.erb +134 -134
data/docs/resources/aws_s3_bucket_object.md.erb +83 -83
data/docs/resources/aws_s3_buckets.md.erb +53 -0
data/docs/resources/aws_security_group.md.erb +151 -151
data/docs/resources/aws_security_groups.md.erb +91 -91
data/docs/resources/aws_sns_subscription.md.erb +124 -124
data/docs/resources/aws_sns_topic.md.erb +63 -63
data/docs/resources/aws_sns_topics.md.erb +52 -52
data/docs/resources/aws_subnet.md.erb +134 -134
data/docs/resources/aws_subnets.md.erb +126 -126
data/docs/resources/aws_vpc.md.erb +120 -120
data/docs/resources/aws_vpcs.md.erb +48 -48
data/docs/resources/azure_generic_resource.md.erb +171 -171
data/docs/resources/azure_resource_group.md.erb +284 -284
data/docs/resources/azure_virtual_machine.md.erb +347 -347
data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
data/docs/resources/bash.md.erb +75 -75
data/docs/resources/bond.md.erb +90 -90
data/docs/resources/bridge.md.erb +57 -57
data/docs/resources/bsd_service.md.erb +67 -67
data/docs/resources/chocolatey_package.md.erb +58 -0
data/docs/resources/command.md.erb +138 -138
data/docs/resources/cpan.md.erb +79 -79
data/docs/resources/cran.md.erb +64 -64
data/docs/resources/crontab.md.erb +89 -89
data/docs/resources/csv.md.erb +54 -54
data/docs/resources/dh_params.md.erb +205 -205
data/docs/resources/directory.md.erb +30 -30
data/docs/resources/docker.md.erb +219 -219
data/docs/resources/docker_container.md.erb +103 -103
data/docs/resources/docker_image.md.erb +94 -94
data/docs/resources/docker_service.md.erb +114 -114
data/docs/resources/elasticsearch.md.erb +242 -242
data/docs/resources/etc_fstab.md.erb +125 -125
data/docs/resources/etc_group.md.erb +75 -75
data/docs/resources/etc_hosts.md.erb +78 -78
data/docs/resources/etc_hosts_allow.md.erb +74 -74
data/docs/resources/etc_hosts_deny.md.erb +74 -74
data/docs/resources/file.md.erb +526 -526
data/docs/resources/filesystem.md.erb +41 -41
data/docs/resources/firewalld.md.erb +107 -107
data/docs/resources/gem.md.erb +79 -79
data/docs/resources/group.md.erb +61 -61
data/docs/resources/grub_conf.md.erb +101 -101
data/docs/resources/host.md.erb +86 -86
data/docs/resources/http.md.erb +196 -196
data/docs/resources/iis_app.md.erb +122 -122
data/docs/resources/iis_site.md.erb +135 -135
data/docs/resources/inetd_conf.md.erb +94 -94
data/docs/resources/ini.md.erb +76 -76
data/docs/resources/interface.md.erb +58 -58
data/docs/resources/iptables.md.erb +64 -64
data/docs/resources/json.md.erb +63 -63
data/docs/resources/kernel_module.md.erb +120 -120
data/docs/resources/kernel_parameter.md.erb +53 -53
data/docs/resources/key_rsa.md.erb +85 -85
data/docs/resources/launchd_service.md.erb +57 -57
data/docs/resources/limits_conf.md.erb +75 -75
data/docs/resources/login_defs.md.erb +71 -71
data/docs/resources/mount.md.erb +69 -69
data/docs/resources/mssql_session.md.erb +60 -60
data/docs/resources/mysql_conf.md.erb +99 -99
data/docs/resources/mysql_session.md.erb +74 -74
data/docs/resources/nginx.md.erb +79 -79
data/docs/resources/nginx_conf.md.erb +138 -138
data/docs/resources/npm.md.erb +60 -60
data/docs/resources/ntp_conf.md.erb +60 -60
data/docs/resources/oneget.md.erb +53 -53
data/docs/resources/oracledb_session.md.erb +52 -52
data/docs/resources/os.md.erb +141 -141
data/docs/resources/os_env.md.erb +78 -78
data/docs/resources/package.md.erb +120 -120
data/docs/resources/packages.md.erb +67 -67
data/docs/resources/parse_config.md.erb +103 -103
data/docs/resources/parse_config_file.md.erb +138 -138
data/docs/resources/passwd.md.erb +141 -141
data/docs/resources/pip.md.erb +67 -67
data/docs/resources/port.md.erb +137 -137
data/docs/resources/postgres_conf.md.erb +79 -79
data/docs/resources/postgres_hba_conf.md.erb +93 -93
data/docs/resources/postgres_ident_conf.md.erb +76 -76
data/docs/resources/postgres_session.md.erb +69 -69
data/docs/resources/powershell.md.erb +102 -102
data/docs/resources/processes.md.erb +109 -109
data/docs/resources/rabbitmq_config.md.erb +41 -41
data/docs/resources/registry_key.md.erb +158 -158
data/docs/resources/runit_service.md.erb +57 -57
data/docs/resources/security_policy.md.erb +47 -47
data/docs/resources/service.md.erb +121 -121
data/docs/resources/shadow.md.erb +146 -146
data/docs/resources/ssh_config.md.erb +73 -73
data/docs/resources/sshd_config.md.erb +83 -83
data/docs/resources/ssl.md.erb +119 -119
data/docs/resources/sys_info.md.erb +42 -42
data/docs/resources/systemd_service.md.erb +57 -57
data/docs/resources/sysv_service.md.erb +57 -57
data/docs/resources/upstart_service.md.erb +57 -57
data/docs/resources/user.md.erb +140 -140
data/docs/resources/users.md.erb +127 -127
data/docs/resources/vbscript.md.erb +55 -55
data/docs/resources/virtualization.md.erb +57 -57
data/docs/resources/windows_feature.md.erb +47 -47
data/docs/resources/windows_hotfix.md.erb +53 -53
data/docs/resources/windows_task.md.erb +95 -95
data/docs/resources/wmi.md.erb +81 -81
data/docs/resources/x509_certificate.md.erb +151 -151
data/docs/resources/xinetd_conf.md.erb +156 -156
data/docs/resources/xml.md.erb +85 -85
data/docs/resources/yaml.md.erb +69 -69
data/docs/resources/yum.md.erb +98 -98
data/docs/resources/zfs_dataset.md.erb +53 -53
data/docs/resources/zfs_pool.md.erb +47 -47
data/docs/ruby_usage.md +203 -203
data/docs/shared/matcher_be.md.erb +1 -1
data/docs/shared/matcher_cmp.md.erb +43 -43
data/docs/shared/matcher_eq.md.erb +3 -3
data/docs/shared/matcher_include.md.erb +1 -1
data/docs/shared/matcher_match.md.erb +1 -1
data/docs/shell.md +217 -217
data/examples/README.md +8 -8
data/examples/inheritance/README.md +65 -65
data/examples/inheritance/controls/example.rb +14 -14
data/examples/inheritance/inspec.yml +15 -15
data/examples/kitchen-ansible/.kitchen.yml +25 -25
data/examples/kitchen-ansible/Gemfile +19 -19
data/examples/kitchen-ansible/README.md +53 -53
data/examples/kitchen-ansible/files/nginx.repo +6 -6
data/examples/kitchen-ansible/tasks/main.yml +16 -16
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
data/examples/kitchen-chef/.kitchen.yml +20 -20
data/examples/kitchen-chef/Berksfile +3 -3
data/examples/kitchen-chef/Gemfile +19 -19
data/examples/kitchen-chef/README.md +27 -27
data/examples/kitchen-chef/metadata.rb +7 -7
data/examples/kitchen-chef/recipes/default.rb +6 -6
data/examples/kitchen-chef/recipes/nginx.rb +30 -30
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
data/examples/kitchen-puppet/.kitchen.yml +22 -22
data/examples/kitchen-puppet/Gemfile +20 -20
data/examples/kitchen-puppet/Puppetfile +25 -25
data/examples/kitchen-puppet/README.md +53 -53
data/examples/kitchen-puppet/manifests/site.pp +33 -33
data/examples/kitchen-puppet/metadata.json +11 -11
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
data/examples/meta-profile/README.md +37 -37
data/examples/meta-profile/controls/example.rb +13 -13
data/examples/meta-profile/inspec.yml +13 -13
data/examples/profile-attribute.yml +2 -2
data/examples/profile-attribute/README.md +14 -14
data/examples/profile-attribute/controls/example.rb +11 -11
data/examples/profile-attribute/inspec.yml +8 -8
data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
data/examples/profile-aws/inspec.yml +11 -11
data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
data/examples/profile-azure/inspec.yml +11 -11
data/examples/profile-sensitive/README.md +29 -29
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
data/examples/profile-sensitive/controls/sensitive.rb +9 -9
data/examples/profile-sensitive/inspec.yml +8 -8
data/examples/profile/README.md +48 -48
data/examples/profile/controls/example.rb +23 -23
data/examples/profile/controls/gordon.rb +36 -36
data/examples/profile/controls/meta.rb +34 -34
data/examples/profile/inspec.yml +10 -10
data/examples/profile/libraries/gordon_config.rb +59 -53
data/inspec.gemspec +47 -47
data/lib/bundles/README.md +3 -3
data/lib/bundles/inspec-artifact.rb +7 -7
data/lib/bundles/inspec-artifact/README.md +1 -1
data/lib/bundles/inspec-artifact/cli.rb +277 -277
data/lib/bundles/inspec-compliance.rb +16 -16
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
data/lib/bundles/inspec-compliance/README.md +185 -185
data/lib/bundles/inspec-compliance/api.rb +316 -316
data/lib/bundles/inspec-compliance/api/login.rb +152 -152
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
data/lib/bundles/inspec-compliance/cli.rb +254 -254
data/lib/bundles/inspec-compliance/configuration.rb +103 -103
data/lib/bundles/inspec-compliance/http.rb +86 -86
data/lib/bundles/inspec-compliance/support.rb +36 -36
data/lib/bundles/inspec-compliance/target.rb +98 -98
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
data/lib/bundles/inspec-habitat.rb +12 -12
data/lib/bundles/inspec-habitat/cli.rb +36 -36
data/lib/bundles/inspec-habitat/log.rb +10 -10
data/lib/bundles/inspec-habitat/profile.rb +391 -391
data/lib/bundles/inspec-init.rb +8 -8
data/lib/bundles/inspec-init/README.md +31 -31
data/lib/bundles/inspec-init/cli.rb +97 -97
data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
data/lib/bundles/inspec-supermarket.rb +13 -13
data/lib/bundles/inspec-supermarket/README.md +45 -45
data/lib/bundles/inspec-supermarket/api.rb +84 -84
data/lib/bundles/inspec-supermarket/cli.rb +73 -73
data/lib/bundles/inspec-supermarket/target.rb +34 -34
data/lib/fetchers/git.rb +163 -163
data/lib/fetchers/local.rb +74 -74
data/lib/fetchers/mock.rb +35 -35
data/lib/fetchers/url.rb +204 -204
data/lib/inspec.rb +24 -24
data/lib/inspec/archive/tar.rb +29 -29
data/lib/inspec/archive/zip.rb +19 -19
data/lib/inspec/backend.rb +93 -93
data/lib/inspec/base_cli.rb +363 -357
data/lib/inspec/cached_fetcher.rb +66 -66
data/lib/inspec/cli.rb +292 -292
data/lib/inspec/completions/bash.sh.erb +45 -45
data/lib/inspec/completions/fish.sh.erb +34 -34
data/lib/inspec/completions/zsh.sh.erb +61 -61
data/lib/inspec/control_eval_context.rb +179 -179
data/lib/inspec/dependencies/cache.rb +72 -72
data/lib/inspec/dependencies/dependency_set.rb +92 -92
data/lib/inspec/dependencies/lockfile.rb +115 -115
data/lib/inspec/dependencies/requirement.rb +123 -123
data/lib/inspec/dependencies/resolver.rb +86 -86
data/lib/inspec/describe.rb +27 -27
data/lib/inspec/dsl.rb +66 -66
data/lib/inspec/dsl_shared.rb +33 -33
data/lib/inspec/env_printer.rb +157 -157
data/lib/inspec/errors.rb +14 -13
data/lib/inspec/exceptions.rb +12 -12
data/lib/inspec/expect.rb +45 -45
data/lib/inspec/fetcher.rb +45 -45
data/lib/inspec/file_provider.rb +275 -275
data/lib/inspec/formatters.rb +3 -3
data/lib/inspec/formatters/base.rb +259 -250
data/lib/inspec/formatters/json_rspec.rb +20 -20
data/lib/inspec/formatters/show_progress.rb +12 -12
data/lib/inspec/library_eval_context.rb +58 -58
data/lib/inspec/log.rb +11 -11
data/lib/inspec/metadata.rb +247 -247
data/lib/inspec/method_source.rb +24 -24
data/lib/inspec/objects.rb +14 -14
data/lib/inspec/objects/attribute.rb +65 -65
data/lib/inspec/objects/control.rb +61 -61
data/lib/inspec/objects/describe.rb +92 -92
data/lib/inspec/objects/each_loop.rb +36 -36
data/lib/inspec/objects/list.rb +15 -15
data/lib/inspec/objects/or_test.rb +40 -40
data/lib/inspec/objects/ruby_helper.rb +15 -15
data/lib/inspec/objects/tag.rb +27 -27
data/lib/inspec/objects/test.rb +87 -87
data/lib/inspec/objects/value.rb +27 -27
data/lib/inspec/plugins.rb +60 -60
data/lib/inspec/plugins/cli.rb +24 -24
data/lib/inspec/plugins/fetcher.rb +86 -86
data/lib/inspec/plugins/resource.rb +135 -135
data/lib/inspec/plugins/secret.rb +15 -15
data/lib/inspec/plugins/source_reader.rb +40 -40
data/lib/inspec/polyfill.rb +12 -12
data/lib/inspec/profile.rb +513 -513
data/lib/inspec/profile_context.rb +208 -208
data/lib/inspec/profile_vendor.rb +66 -66
data/lib/inspec/reporters.rb +60 -54
data/lib/inspec/reporters/automate.rb +76 -0
data/lib/inspec/reporters/base.rb +25 -24
data/lib/inspec/reporters/cli.rb +356 -356
data/lib/inspec/reporters/json.rb +116 -116
data/lib/inspec/reporters/json_min.rb +48 -48
data/lib/inspec/reporters/junit.rb +77 -77
data/lib/inspec/require_loader.rb +33 -33
data/lib/inspec/resource.rb +187 -186
data/lib/inspec/rule.rb +266 -266
data/lib/inspec/runner.rb +345 -345
data/lib/inspec/runner_mock.rb +41 -41
data/lib/inspec/runner_rspec.rb +175 -175
data/lib/inspec/runtime_profile.rb +26 -26
data/lib/inspec/schema.rb +213 -213
data/lib/inspec/secrets.rb +19 -19
data/lib/inspec/secrets/yaml.rb +30 -30
data/lib/inspec/shell.rb +220 -220
data/lib/inspec/shell_detector.rb +90 -90
data/lib/inspec/source_reader.rb +29 -29
data/lib/inspec/version.rb +8 -8
data/lib/matchers/matchers.rb +339 -339
data/lib/resource_support/aws.rb +49 -47
data/lib/resource_support/aws/aws_backend_base.rb +12 -12
data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
data/lib/resources/aide_conf.rb +151 -151
data/lib/resources/apache.rb +48 -48
data/lib/resources/apache_conf.rb +149 -149
data/lib/resources/apt.rb +149 -149
data/lib/resources/audit_policy.rb +63 -63
data/lib/resources/auditd.rb +231 -231
data/lib/resources/auditd_conf.rb +46 -46
data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
data/lib/resources/aws/aws_config_delivery_channel.rb +76 -76
data/lib/resources/aws/aws_config_recorder.rb +98 -98
data/lib/resources/aws/aws_ec2_instance.rb +157 -157
data/lib/resources/aws/aws_iam_access_key.rb +106 -106
data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
data/lib/resources/aws/aws_iam_group.rb +56 -56
data/lib/resources/aws/aws_iam_groups.rb +52 -52
data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
data/lib/resources/aws/aws_iam_policies.rb +53 -53
data/lib/resources/aws/aws_iam_policy.rb +125 -125
data/lib/resources/aws/aws_iam_role.rb +51 -51
data/lib/resources/aws/aws_iam_root_user.rb +78 -60
data/lib/resources/aws/aws_iam_user.rb +111 -111
data/lib/resources/aws/aws_iam_users.rb +108 -108
data/lib/resources/aws/aws_kms_key.rb +96 -96
data/lib/resources/aws/aws_kms_keys.rb +53 -53
data/lib/resources/aws/aws_rds_instance.rb +71 -71
data/lib/resources/aws/aws_route_table.rb +63 -63
data/lib/resources/aws/aws_route_tables.rb +60 -0
data/lib/resources/aws/aws_s3_bucket.rb +115 -115
data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
data/lib/resources/aws/aws_s3_buckets.rb +51 -0
data/lib/resources/aws/aws_security_group.rb +93 -93
data/lib/resources/aws/aws_security_groups.rb +68 -68
data/lib/resources/aws/aws_sns_subscription.rb +78 -78
data/lib/resources/aws/aws_sns_topic.rb +53 -53
data/lib/resources/aws/aws_sns_topics.rb +56 -56
data/lib/resources/aws/aws_subnet.rb +88 -88
data/lib/resources/aws/aws_subnets.rb +53 -53
data/lib/resources/aws/aws_vpc.rb +69 -69
data/lib/resources/aws/aws_vpcs.rb +45 -45
data/lib/resources/azure/azure_backend.rb +377 -377
data/lib/resources/azure/azure_generic_resource.rb +59 -59
data/lib/resources/azure/azure_resource_group.rb +152 -152
data/lib/resources/azure/azure_virtual_machine.rb +264 -264
data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
data/lib/resources/bash.rb +35 -35
data/lib/resources/bond.rb +69 -69
data/lib/resources/bridge.rb +122 -122
data/lib/resources/chocolatey_package.rb +78 -0
data/lib/resources/command.rb +73 -73
data/lib/resources/cpan.rb +58 -58
data/lib/resources/cran.rb +64 -64
data/lib/resources/crontab.rb +169 -169
data/lib/resources/csv.rb +56 -56
data/lib/resources/dh_params.rb +77 -77
data/lib/resources/directory.rb +25 -25
data/lib/resources/docker.rb +236 -236
data/lib/resources/docker_container.rb +89 -89
data/lib/resources/docker_image.rb +83 -83
data/lib/resources/docker_object.rb +57 -57
data/lib/resources/docker_service.rb +90 -90
data/lib/resources/elasticsearch.rb +169 -169
data/lib/resources/etc_fstab.rb +94 -94
data/lib/resources/etc_group.rb +152 -152
data/lib/resources/etc_hosts.rb +66 -66
data/lib/resources/etc_hosts_allow_deny.rb +112 -112
data/lib/resources/file.rb +298 -298
data/lib/resources/filesystem.rb +31 -31
data/lib/resources/firewalld.rb +143 -143
data/lib/resources/gem.rb +70 -70
data/lib/resources/groups.rb +215 -215
data/lib/resources/grub_conf.rb +227 -227
data/lib/resources/host.rb +306 -306
data/lib/resources/http.rb +253 -253
data/lib/resources/iis_app.rb +101 -101
data/lib/resources/iis_site.rb +148 -148
data/lib/resources/inetd_conf.rb +54 -54
data/lib/resources/ini.rb +29 -29
data/lib/resources/interface.rb +129 -129
data/lib/resources/iptables.rb +80 -80
data/lib/resources/json.rb +107 -107
data/lib/resources/kernel_module.rb +107 -107
data/lib/resources/kernel_parameter.rb +58 -58
data/lib/resources/key_rsa.rb +61 -61
data/lib/resources/limits_conf.rb +46 -46
data/lib/resources/login_def.rb +57 -57
data/lib/resources/mount.rb +88 -88
data/lib/resources/mssql_session.rb +101 -101
data/lib/resources/mysql.rb +82 -81
data/lib/resources/mysql_conf.rb +127 -127
data/lib/resources/mysql_session.rb +85 -85
data/lib/resources/nginx.rb +96 -96
data/lib/resources/nginx_conf.rb +226 -226
data/lib/resources/npm.rb +48 -48
data/lib/resources/ntp_conf.rb +51 -51
data/lib/resources/oneget.rb +71 -71
data/lib/resources/oracledb_session.rb +139 -139
data/lib/resources/os.rb +36 -36
data/lib/resources/os_env.rb +75 -75
data/lib/resources/package.rb +370 -370
data/lib/resources/packages.rb +111 -111
data/lib/resources/parse_config.rb +112 -112
data/lib/resources/passwd.rb +76 -76
data/lib/resources/pip.rb +130 -130
data/lib/resources/platform.rb +109 -109
data/lib/resources/port.rb +771 -771
data/lib/resources/postgres.rb +131 -130
data/lib/resources/postgres_conf.rb +114 -114
data/lib/resources/postgres_hba_conf.rb +90 -90
data/lib/resources/postgres_ident_conf.rb +79 -79
data/lib/resources/postgres_session.rb +71 -71
data/lib/resources/powershell.rb +66 -66
data/lib/resources/processes.rb +204 -204
data/lib/resources/rabbitmq_conf.rb +51 -51
data/lib/resources/registry_key.rb +297 -297
data/lib/resources/security_policy.rb +180 -180
data/lib/resources/service.rb +794 -790
data/lib/resources/shadow.rb +149 -149
data/lib/resources/ssh_conf.rb +97 -97
data/lib/resources/ssl.rb +99 -99
data/lib/resources/sys_info.rb +28 -28
data/lib/resources/toml.rb +32 -32
data/lib/resources/users.rb +654 -654
data/lib/resources/vbscript.rb +68 -68
data/lib/resources/virtualization.rb +247 -247
data/lib/resources/windows_feature.rb +84 -84
data/lib/resources/windows_hotfix.rb +35 -35
data/lib/resources/windows_task.rb +102 -102
data/lib/resources/wmi.rb +110 -110
data/lib/resources/x509_certificate.rb +137 -137
data/lib/resources/xinetd.rb +106 -106
data/lib/resources/xml.rb +46 -46
data/lib/resources/yaml.rb +43 -43
data/lib/resources/yum.rb +180 -180
data/lib/resources/zfs_dataset.rb +60 -60
data/lib/resources/zfs_pool.rb +49 -49
data/lib/source_readers/flat.rb +39 -39
data/lib/source_readers/inspec.rb +75 -75
data/lib/utils/command_wrapper.rb +27 -27
data/lib/utils/convert.rb +12 -12
data/lib/utils/database_helpers.rb +77 -77
data/lib/utils/erlang_parser.rb +192 -192
data/lib/utils/file_reader.rb +25 -25
data/lib/utils/filter.rb +273 -273
data/lib/utils/filter_array.rb +27 -27
data/lib/utils/find_files.rb +44 -44
data/lib/utils/hash.rb +41 -41
data/lib/utils/json_log.rb +18 -18
data/lib/utils/latest_version.rb +22 -22
data/lib/utils/modulator.rb +12 -12
data/lib/utils/nginx_parser.rb +85 -85
data/lib/utils/object_traversal.rb +49 -49
data/lib/utils/parser.rb +274 -274
data/lib/utils/plugin_registry.rb +93 -93
data/lib/utils/simpleconfig.rb +120 -120
data/lib/utils/spdx.rb +13 -13
data/lib/utils/spdx.txt +343 -343
metadata +9 -2

data/docs/resources/x509_certificate.md.erb CHANGED Viewed

@@ -1,151 +1,151 @@
----
-title: The x509_certificate Resource
-platform: os
----
-# x509_certificate
-Use the `x509_certificate` InSpec audit resource to test the fields and validity of an x.509 certificate.
-X.509 certificates use public/private key pairs to sign and encrypt documents
-or communications over a network. They may also be used for authentication.
-Examples include SSL certificates, S/MIME certificates and VPN authentication
-certificates.
-<br>
-## Syntax
-An `x509_certificate` resource block declares a certificate `key file` to be tested.
-    describe x509_certificate('mycertificate.pem') do
-      its('validity_in_days') { should be > 30 }
-    end
-<br>
-## Properties
-### subject.XX
-`subject` property makes it easier to access individual subject elements.
-    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
-      its('subject.CN') { should eq "www.mywebsite.com" }
-    end
-### subject_dn (String)
-The `subject_dn` string returns the distinguished name of the subject field. It contains several fields separated by forward slashes. The field identifiers are the same ones used by OpenSSL to generate CSR's and certs. Use `subject.XX` instead to access the parsed version.
-e.g. `/C=US/L=Seattle/O=Chef Software Inc/OU=Chefs/CN=Richard Nixon`
-    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
-      its('subject_dn') { should match "CN=www.mywebsite.com" }
-    end
-### issuer.XX
-`issuer` makes it easier to access individual issuer elements.
-    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
-      its('issuer.CN') { should eq "Acme Trust CA" }
-    end
-### issuer_dn (String)
-The `issuer_dn` is the distinguished name from a CA (certificate authority) during the
-certificate signing process. It describes which authority is guaranteeing the
-identity of our certificate.
-e.g. `/C=US/L=Seattle/CN=Acme Trust CA/emailAddress=support@acmetrust.org`
-    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
-      its('issuer_cn') { should match "CN=Acme Trust CA" }
-    end
-### public_key (String)
-The `public_key` property returns a base64 encoded public key in PEM format.
-    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
-      its('public_key') { should match "-----BEGIN PUBLIC KEY-----\nblah blah blah..." }
-    end
-### key_length (Integer)
-The `key_length` property calculates the number of bits in the public key.
-More bits increase security, but at the cost of speed and in extreme cases, compatibility.
-    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
-      its('key_length') { should be 2048 }
-    end
-### signature_algorithm (String)
-The `signature_algorithm` property describes which hash function was used by the CA to
-sign the certificate.
-    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
-      its('signature_algorithm') { should be 'sha256WithRSAEncryption' }
-    end
-### validity_in_days (Float)
-The `validity_in_days` property can be used to check that certificates are not in
-danger of expiring soon.
-    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
-      its('validity_in_days') { should be > 30 }
-    end
-### not_before and not_after (Time)
-The `not_before` and `not_after` properties expose the start and end dates of certificate
-validity. They are exposed as ruby Time class so that date arithmetic can be easily performed.
-    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
-      its('not_before') { should be <= Time.utc.now }
-      its('not_after')  { should be >= Time.utc.now }
-    end
-### serial (Integer)
-The `serial` property exposes the serial number of the certificate. The serial number is set by the CA during the signing process and should be unique within that CA.
-    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
-      its('serial') { should eq 9623283588743302433 }
-    end
-### version (Integer)
-The `version` property exposes the certificate version.
-    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
-      its('version') { should eq 2 }
-    end
-### extensions (Hash)
-The `extensions` hash property is mainly used to determine what the certificate can be used for.
-    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
-      # Check what extension categories we have
-      its('extensions') { should include 'keyUsage' }
-      its('extensions') { should include 'extendedKeyUsage' }
-      its('extensions') { should include 'subjectAltName' }
-      # Check examples of basic 'keyUsage'
-      its('extensions.keyUsage') { should include 'Digital Signature' }
-      its('extensions.keyUsage') { should include 'Non Repudiation' }
-      its('extensions.keyUsage') { should include 'Data Encipherment' }
-      # Check examples of newer 'extendedKeyUsage'
-      its('extensions.extendedKeyUsage') { should include 'TLS Web Server Authentication' }
-      its('extensions.extendedKeyUsage') { should include 'Code Signing' }
-      # Check examples of 'subjectAltName'
-      its('extensions.subjectAltName') { should include 'email:support@chef.io' }
-    end
+---
+title: The x509_certificate Resource
+platform: os
+---
+# x509_certificate
+Use the `x509_certificate` InSpec audit resource to test the fields and validity of an x.509 certificate.
+X.509 certificates use public/private key pairs to sign and encrypt documents
+or communications over a network. They may also be used for authentication.
+Examples include SSL certificates, S/MIME certificates and VPN authentication
+certificates.
+<br>
+## Syntax
+An `x509_certificate` resource block declares a certificate `key file` to be tested.
+    describe x509_certificate('mycertificate.pem') do
+      its('validity_in_days') { should be > 30 }
+    end
+<br>
+## Properties
+### subject.XX
+`subject` property makes it easier to access individual subject elements.
+    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
+      its('subject.CN') { should eq "www.mywebsite.com" }
+    end
+### subject_dn (String)
+The `subject_dn` string returns the distinguished name of the subject field. It contains several fields separated by forward slashes. The field identifiers are the same ones used by OpenSSL to generate CSR's and certs. Use `subject.XX` instead to access the parsed version.
+e.g. `/C=US/L=Seattle/O=Chef Software Inc/OU=Chefs/CN=Richard Nixon`
+    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
+      its('subject_dn') { should match "CN=www.mywebsite.com" }
+    end
+### issuer.XX
+`issuer` makes it easier to access individual issuer elements.
+    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
+      its('issuer.CN') { should eq "Acme Trust CA" }
+    end
+### issuer_dn (String)
+The `issuer_dn` is the distinguished name from a CA (certificate authority) during the
+certificate signing process. It describes which authority is guaranteeing the
+identity of our certificate.
+e.g. `/C=US/L=Seattle/CN=Acme Trust CA/emailAddress=support@acmetrust.org`
+    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
+      its('issuer_cn') { should match "CN=Acme Trust CA" }
+    end
+### public_key (String)
+The `public_key` property returns a base64 encoded public key in PEM format.
+    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
+      its('public_key') { should match "-----BEGIN PUBLIC KEY-----\nblah blah blah..." }
+    end
+### key_length (Integer)
+The `key_length` property calculates the number of bits in the public key.
+More bits increase security, but at the cost of speed and in extreme cases, compatibility.
+    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
+      its('key_length') { should be 2048 }
+    end
+### signature_algorithm (String)
+The `signature_algorithm` property describes which hash function was used by the CA to
+sign the certificate.
+    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
+      its('signature_algorithm') { should be 'sha256WithRSAEncryption' }
+    end
+### validity_in_days (Float)
+The `validity_in_days` property can be used to check that certificates are not in
+danger of expiring soon.
+    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
+      its('validity_in_days') { should be > 30 }
+    end
+### not_before and not_after (Time)
+The `not_before` and `not_after` properties expose the start and end dates of certificate
+validity. They are exposed as ruby Time class so that date arithmetic can be easily performed.
+    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
+      its('not_before') { should be <= Time.utc.now }
+      its('not_after')  { should be >= Time.utc.now }
+    end
+### serial (Integer)
+The `serial` property exposes the serial number of the certificate. The serial number is set by the CA during the signing process and should be unique within that CA.
+    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
+      its('serial') { should eq 9623283588743302433 }
+    end
+### version (Integer)
+The `version` property exposes the certificate version.
+    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
+      its('version') { should eq 2 }
+    end
+### extensions (Hash)
+The `extensions` hash property is mainly used to determine what the certificate can be used for.
+    describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
+      # Check what extension categories we have
+      its('extensions') { should include 'keyUsage' }
+      its('extensions') { should include 'extendedKeyUsage' }
+      its('extensions') { should include 'subjectAltName' }
+      # Check examples of basic 'keyUsage'
+      its('extensions.keyUsage') { should include 'Digital Signature' }
+      its('extensions.keyUsage') { should include 'Non Repudiation' }
+      its('extensions.keyUsage') { should include 'Data Encipherment' }
+      # Check examples of newer 'extendedKeyUsage'
+      its('extensions.extendedKeyUsage') { should include 'TLS Web Server Authentication' }
+      its('extensions.extendedKeyUsage') { should include 'Code Signing' }
+      # Check examples of 'subjectAltName'
+      its('extensions.subjectAltName') { should include 'email:support@chef.io' }
+    end

data/docs/resources/xinetd_conf.md.erb CHANGED Viewed

@@ -1,156 +1,156 @@
----
-title: About the xinetd_conf Resource
-platform: linux
----
-# xinetd_conf
-Use the `xinetd_conf` InSpec audit resource to test services under `/etc/xinet.d` on Linux and Unix platforms. xinetd---the extended Internet service daemon---listens on all ports, and then loads the appropriate program based on a request. The `xinetd.conf` file is typically located at `/etc/xinetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.
-<br>
-## Syntax
-An `xinetd_conf` resource block declares settings found in a `xinetd.conf` file for the named service:
-    describe xinetd_conf('service_name') do
-      it { should be_enabled } # or be_disabled
-      its('setting') { should eq 'value' }
-    end
-where
-* `'service_name'` is a service located under `/etc/xinet.d`
-* `('setting')` is a setting in the `xinetd.conf` file
-* `should eq 'value'` is the value that is expected
-<br>
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Test a socket_type
-The network socket type: `dgram` (a datagram-based service), `raw` (a service that requires direct access to an IP address), `stream` (a stream-based service), or `seqpacket` (a service that requires a sequenced packet).
-    describe xinetd_conf.services('service_name') do
-       its('socket_types') { should include 'dgram' }
-    end
-### Test a service type
-The type of service: `INTERNAL` (a service provided by xinetd), `RPC` (an RPC-based service), `TCPMUX` (a service that is started on a well-known TCPMUX port), or `UNLISTED` (a service that is not listed in a standard system file location).
-    describe xinetd_conf.services('service_name') do
-       its('type') { should include 'RPC' }
-    end
-### Test the telnet service
-For example, a `telnet` file under `/etc/xinet.d` contains the following settings:
-    service telnet
-    {
-      disable         = yes
-      flags           = REUSE
-      socket_type     = stream
-      wait            = no
-      user            = root
-      server          = /usr/sbin/in.telnetd
-      log_on_failure  += USERID
-    }
-Some examples of tests that can be run against that file include:
-    describe xinetd_conf.services('telnet') do
-      it { should be_disabled }
-    end
-and
-    describe xinetd_conf.services('telnet') do
-      its('socket_type') { should include 'stream' }
-    end
-and
-    describe xinetd_conf.services('telnet') do
-      its('wait') { should eq 'no' }
-    end
-All three settings can be tested in the same block as well:
-    describe xinetd_conf.services('telnet') do
-      it { should be_disabled }
-      its('socket_type') { should include 'stream' }
-      its('wait') { should eq 'no' }
-    end
-<br>
-## Matchers
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-### be_enabled
-The `be_enabled` matcher tests if a service listed under `/etc/xinet.d` is enabled:
-    it { should be_enabled }
-### ids
-The `ids` matcher tests if the named service is located under `/etc/xinet.d`:
-    its('ids') { should include 'service_name' }
-For example:
-    its('ids') { should include 'chargen-stream chargen-dgram'}
-### services
-The `services` matcher tests if the named service is listed under `/etc/xinet.d`:
-    its('services') { should include 'service_name' }
-### socket_types
-The `socket_types` matcher tests if a service listed under `/etc/xinet.d` is configured to use the named socket type:
-    its('socket_types') { should eq 'socket' }
-where `socket` is one of `dgram`, `raw`, or `stream`. For a UDP-based service:
-    its('socket_types') { should eq 'dgram' }
-For a raw socket (such as a service using a non-standard protocol or a service that requires direct access to IP):
-    its('socket_types') { should eq 'raw' }
-For a TCP-based service:
-    its('socket_types') { should eq 'stream' }
-### types
-The `types` matcher tests the service type:
-    its('type') { should eq 'TYPE' }
-where `'TYPE'` is `INTERNAL` (for a service provided by xinetd), `RPC` (for a service based on remote procedure call), or `UNLISTED` (for services not under `/etc/services` or `/etc/rpc`).
-### wait
-The `wait` matcher tests how a service handles incoming connections.
-For UDP (`dgram`) socket types the `wait` matcher should test for `yes`:
-    its('socket_types') { should eq 'dgram' }
-    its('wait') { should eq 'yes' }
-For TCP (`stream`) socket types the `wait` matcher should test for `no`:
-    its('socket_types') { should eq 'stream' }
-    its('wait') { should eq 'no' }
+---
+title: About the xinetd_conf Resource
+platform: linux
+---
+# xinetd_conf
+Use the `xinetd_conf` InSpec audit resource to test services under `/etc/xinet.d` on Linux and Unix platforms. xinetd---the extended Internet service daemon---listens on all ports, and then loads the appropriate program based on a request. The `xinetd.conf` file is typically located at `/etc/xinetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.
+<br>
+## Syntax
+An `xinetd_conf` resource block declares settings found in a `xinetd.conf` file for the named service:
+    describe xinetd_conf('service_name') do
+      it { should be_enabled } # or be_disabled
+      its('setting') { should eq 'value' }
+    end
+where
+* `'service_name'` is a service located under `/etc/xinet.d`
+* `('setting')` is a setting in the `xinetd.conf` file
+* `should eq 'value'` is the value that is expected
+<br>
+## Examples
+The following examples show how to use this InSpec audit resource.
+### Test a socket_type
+The network socket type: `dgram` (a datagram-based service), `raw` (a service that requires direct access to an IP address), `stream` (a stream-based service), or `seqpacket` (a service that requires a sequenced packet).
+    describe xinetd_conf.services('service_name') do
+       its('socket_types') { should include 'dgram' }
+    end
+### Test a service type
+The type of service: `INTERNAL` (a service provided by xinetd), `RPC` (an RPC-based service), `TCPMUX` (a service that is started on a well-known TCPMUX port), or `UNLISTED` (a service that is not listed in a standard system file location).
+    describe xinetd_conf.services('service_name') do
+       its('type') { should include 'RPC' }
+    end
+### Test the telnet service
+For example, a `telnet` file under `/etc/xinet.d` contains the following settings:
+    service telnet
+    {
+      disable         = yes
+      flags           = REUSE
+      socket_type     = stream
+      wait            = no
+      user            = root
+      server          = /usr/sbin/in.telnetd
+      log_on_failure  += USERID
+    }
+Some examples of tests that can be run against that file include:
+    describe xinetd_conf.services('telnet') do
+      it { should be_disabled }
+    end
+and
+    describe xinetd_conf.services('telnet') do
+      its('socket_type') { should include 'stream' }
+    end
+and
+    describe xinetd_conf.services('telnet') do
+      its('wait') { should eq 'no' }
+    end
+All three settings can be tested in the same block as well:
+    describe xinetd_conf.services('telnet') do
+      it { should be_disabled }
+      its('socket_type') { should include 'stream' }
+      its('wait') { should eq 'no' }
+    end
+<br>
+## Matchers
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### be_enabled
+The `be_enabled` matcher tests if a service listed under `/etc/xinet.d` is enabled:
+    it { should be_enabled }
+### ids
+The `ids` matcher tests if the named service is located under `/etc/xinet.d`:
+    its('ids') { should include 'service_name' }
+For example:
+    its('ids') { should include 'chargen-stream chargen-dgram'}
+### services
+The `services` matcher tests if the named service is listed under `/etc/xinet.d`:
+    its('services') { should include 'service_name' }
+### socket_types
+The `socket_types` matcher tests if a service listed under `/etc/xinet.d` is configured to use the named socket type:
+    its('socket_types') { should eq 'socket' }
+where `socket` is one of `dgram`, `raw`, or `stream`. For a UDP-based service:
+    its('socket_types') { should eq 'dgram' }
+For a raw socket (such as a service using a non-standard protocol or a service that requires direct access to IP):
+    its('socket_types') { should eq 'raw' }
+For a TCP-based service:
+    its('socket_types') { should eq 'stream' }
+### types
+The `types` matcher tests the service type:
+    its('type') { should eq 'TYPE' }
+where `'TYPE'` is `INTERNAL` (for a service provided by xinetd), `RPC` (for a service based on remote procedure call), or `UNLISTED` (for services not under `/etc/services` or `/etc/rpc`).
+### wait
+The `wait` matcher tests how a service handles incoming connections.
+For UDP (`dgram`) socket types the `wait` matcher should test for `yes`:
+    its('socket_types') { should eq 'dgram' }
+    its('wait') { should eq 'yes' }
+For TCP (`stream`) socket types the `wait` matcher should test for `no`:
+    its('socket_types') { should eq 'stream' }
+    its('wait') { should eq 'no' }