inspec 2.1.21 → 2.1.30
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +3062 -3045
- data/Gemfile +56 -56
- data/LICENSE +14 -14
- data/MAINTAINERS.md +33 -33
- data/MAINTAINERS.toml +52 -52
- data/README.md +447 -447
- data/Rakefile +322 -322
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +40 -40
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +100 -100
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +114 -114
- data/docs/matchers.md +169 -169
- data/docs/migration.md +293 -293
- data/docs/platforms.md +118 -118
- data/docs/plugin_kitchen_inspec.md +50 -50
- data/docs/profiles.md +376 -376
- data/docs/reporters.md +105 -105
- data/docs/resources/aide_conf.md.erb +75 -75
- data/docs/resources/apache.md.erb +67 -67
- data/docs/resources/apache_conf.md.erb +68 -68
- data/docs/resources/apt.md.erb +71 -71
- data/docs/resources/audit_policy.md.erb +47 -47
- data/docs/resources/auditd.md.erb +79 -79
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
- data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
- data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
- data/docs/resources/aws_config_delivery_channel.md +79 -79
- data/docs/resources/aws_config_recorder.md.erb +71 -71
- data/docs/resources/aws_ec2_instance.md.erb +106 -106
- data/docs/resources/aws_iam_access_key.md.erb +123 -123
- data/docs/resources/aws_iam_access_keys.md.erb +198 -198
- data/docs/resources/aws_iam_group.md.erb +46 -46
- data/docs/resources/aws_iam_groups.md.erb +43 -43
- data/docs/resources/aws_iam_password_policy.md.erb +76 -76
- data/docs/resources/aws_iam_policies.md.erb +82 -82
- data/docs/resources/aws_iam_policy.md.erb +144 -144
- data/docs/resources/aws_iam_role.md.erb +63 -63
- data/docs/resources/aws_iam_root_user.md.erb +70 -58
- data/docs/resources/aws_iam_user.md.erb +64 -64
- data/docs/resources/aws_iam_users.md.erb +89 -89
- data/docs/resources/aws_kms_key.md.erb +171 -171
- data/docs/resources/aws_kms_keys.md.erb +84 -84
- data/docs/resources/aws_rds_instance.md.erb +60 -60
- data/docs/resources/aws_route_table.md.erb +47 -47
- data/docs/resources/aws_route_tables.md.erb +49 -0
- data/docs/resources/aws_s3_bucket.md.erb +134 -134
- data/docs/resources/aws_s3_bucket_object.md.erb +83 -83
- data/docs/resources/aws_s3_buckets.md.erb +53 -0
- data/docs/resources/aws_security_group.md.erb +151 -151
- data/docs/resources/aws_security_groups.md.erb +91 -91
- data/docs/resources/aws_sns_subscription.md.erb +124 -124
- data/docs/resources/aws_sns_topic.md.erb +63 -63
- data/docs/resources/aws_sns_topics.md.erb +52 -52
- data/docs/resources/aws_subnet.md.erb +134 -134
- data/docs/resources/aws_subnets.md.erb +126 -126
- data/docs/resources/aws_vpc.md.erb +120 -120
- data/docs/resources/aws_vpcs.md.erb +48 -48
- data/docs/resources/azure_generic_resource.md.erb +171 -171
- data/docs/resources/azure_resource_group.md.erb +284 -284
- data/docs/resources/azure_virtual_machine.md.erb +347 -347
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
- data/docs/resources/bash.md.erb +75 -75
- data/docs/resources/bond.md.erb +90 -90
- data/docs/resources/bridge.md.erb +57 -57
- data/docs/resources/bsd_service.md.erb +67 -67
- data/docs/resources/chocolatey_package.md.erb +58 -0
- data/docs/resources/command.md.erb +138 -138
- data/docs/resources/cpan.md.erb +79 -79
- data/docs/resources/cran.md.erb +64 -64
- data/docs/resources/crontab.md.erb +89 -89
- data/docs/resources/csv.md.erb +54 -54
- data/docs/resources/dh_params.md.erb +205 -205
- data/docs/resources/directory.md.erb +30 -30
- data/docs/resources/docker.md.erb +219 -219
- data/docs/resources/docker_container.md.erb +103 -103
- data/docs/resources/docker_image.md.erb +94 -94
- data/docs/resources/docker_service.md.erb +114 -114
- data/docs/resources/elasticsearch.md.erb +242 -242
- data/docs/resources/etc_fstab.md.erb +125 -125
- data/docs/resources/etc_group.md.erb +75 -75
- data/docs/resources/etc_hosts.md.erb +78 -78
- data/docs/resources/etc_hosts_allow.md.erb +74 -74
- data/docs/resources/etc_hosts_deny.md.erb +74 -74
- data/docs/resources/file.md.erb +526 -526
- data/docs/resources/filesystem.md.erb +41 -41
- data/docs/resources/firewalld.md.erb +107 -107
- data/docs/resources/gem.md.erb +79 -79
- data/docs/resources/group.md.erb +61 -61
- data/docs/resources/grub_conf.md.erb +101 -101
- data/docs/resources/host.md.erb +86 -86
- data/docs/resources/http.md.erb +196 -196
- data/docs/resources/iis_app.md.erb +122 -122
- data/docs/resources/iis_site.md.erb +135 -135
- data/docs/resources/inetd_conf.md.erb +94 -94
- data/docs/resources/ini.md.erb +76 -76
- data/docs/resources/interface.md.erb +58 -58
- data/docs/resources/iptables.md.erb +64 -64
- data/docs/resources/json.md.erb +63 -63
- data/docs/resources/kernel_module.md.erb +120 -120
- data/docs/resources/kernel_parameter.md.erb +53 -53
- data/docs/resources/key_rsa.md.erb +85 -85
- data/docs/resources/launchd_service.md.erb +57 -57
- data/docs/resources/limits_conf.md.erb +75 -75
- data/docs/resources/login_defs.md.erb +71 -71
- data/docs/resources/mount.md.erb +69 -69
- data/docs/resources/mssql_session.md.erb +60 -60
- data/docs/resources/mysql_conf.md.erb +99 -99
- data/docs/resources/mysql_session.md.erb +74 -74
- data/docs/resources/nginx.md.erb +79 -79
- data/docs/resources/nginx_conf.md.erb +138 -138
- data/docs/resources/npm.md.erb +60 -60
- data/docs/resources/ntp_conf.md.erb +60 -60
- data/docs/resources/oneget.md.erb +53 -53
- data/docs/resources/oracledb_session.md.erb +52 -52
- data/docs/resources/os.md.erb +141 -141
- data/docs/resources/os_env.md.erb +78 -78
- data/docs/resources/package.md.erb +120 -120
- data/docs/resources/packages.md.erb +67 -67
- data/docs/resources/parse_config.md.erb +103 -103
- data/docs/resources/parse_config_file.md.erb +138 -138
- data/docs/resources/passwd.md.erb +141 -141
- data/docs/resources/pip.md.erb +67 -67
- data/docs/resources/port.md.erb +137 -137
- data/docs/resources/postgres_conf.md.erb +79 -79
- data/docs/resources/postgres_hba_conf.md.erb +93 -93
- data/docs/resources/postgres_ident_conf.md.erb +76 -76
- data/docs/resources/postgres_session.md.erb +69 -69
- data/docs/resources/powershell.md.erb +102 -102
- data/docs/resources/processes.md.erb +109 -109
- data/docs/resources/rabbitmq_config.md.erb +41 -41
- data/docs/resources/registry_key.md.erb +158 -158
- data/docs/resources/runit_service.md.erb +57 -57
- data/docs/resources/security_policy.md.erb +47 -47
- data/docs/resources/service.md.erb +121 -121
- data/docs/resources/shadow.md.erb +146 -146
- data/docs/resources/ssh_config.md.erb +73 -73
- data/docs/resources/sshd_config.md.erb +83 -83
- data/docs/resources/ssl.md.erb +119 -119
- data/docs/resources/sys_info.md.erb +42 -42
- data/docs/resources/systemd_service.md.erb +57 -57
- data/docs/resources/sysv_service.md.erb +57 -57
- data/docs/resources/upstart_service.md.erb +57 -57
- data/docs/resources/user.md.erb +140 -140
- data/docs/resources/users.md.erb +127 -127
- data/docs/resources/vbscript.md.erb +55 -55
- data/docs/resources/virtualization.md.erb +57 -57
- data/docs/resources/windows_feature.md.erb +47 -47
- data/docs/resources/windows_hotfix.md.erb +53 -53
- data/docs/resources/windows_task.md.erb +95 -95
- data/docs/resources/wmi.md.erb +81 -81
- data/docs/resources/x509_certificate.md.erb +151 -151
- data/docs/resources/xinetd_conf.md.erb +156 -156
- data/docs/resources/xml.md.erb +85 -85
- data/docs/resources/yaml.md.erb +69 -69
- data/docs/resources/yum.md.erb +98 -98
- data/docs/resources/zfs_dataset.md.erb +53 -53
- data/docs/resources/zfs_pool.md.erb +47 -47
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +217 -217
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +22 -22
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
- data/examples/profile-aws/inspec.yml +11 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
- data/examples/profile-azure/inspec.yml +11 -11
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +59 -53
- data/inspec.gemspec +47 -47
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +185 -185
- data/lib/bundles/inspec-compliance/api.rb +316 -316
- data/lib/bundles/inspec-compliance/api/login.rb +152 -152
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +254 -254
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +86 -86
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +98 -98
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +391 -391
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +73 -73
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +204 -204
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +93 -93
- data/lib/inspec/base_cli.rb +363 -357
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +292 -292
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +14 -13
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +259 -250
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +247 -247
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +65 -65
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +135 -135
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +513 -513
- data/lib/inspec/profile_context.rb +208 -208
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +60 -54
- data/lib/inspec/reporters/automate.rb +76 -0
- data/lib/inspec/reporters/base.rb +25 -24
- data/lib/inspec/reporters/cli.rb +356 -356
- data/lib/inspec/reporters/json.rb +116 -116
- data/lib/inspec/reporters/json_min.rb +48 -48
- data/lib/inspec/reporters/junit.rb +77 -77
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +187 -186
- data/lib/inspec/rule.rb +266 -266
- data/lib/inspec/runner.rb +345 -345
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +175 -175
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +213 -213
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +220 -220
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +339 -339
- data/lib/resource_support/aws.rb +49 -47
- data/lib/resource_support/aws/aws_backend_base.rb +12 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
- data/lib/resources/aide_conf.rb +151 -151
- data/lib/resources/apache.rb +48 -48
- data/lib/resources/apache_conf.rb +149 -149
- data/lib/resources/apt.rb +149 -149
- data/lib/resources/audit_policy.rb +63 -63
- data/lib/resources/auditd.rb +231 -231
- data/lib/resources/auditd_conf.rb +46 -46
- data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
- data/lib/resources/aws/aws_config_delivery_channel.rb +76 -76
- data/lib/resources/aws/aws_config_recorder.rb +98 -98
- data/lib/resources/aws/aws_ec2_instance.rb +157 -157
- data/lib/resources/aws/aws_iam_access_key.rb +106 -106
- data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
- data/lib/resources/aws/aws_iam_group.rb +56 -56
- data/lib/resources/aws/aws_iam_groups.rb +52 -52
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
- data/lib/resources/aws/aws_iam_policies.rb +53 -53
- data/lib/resources/aws/aws_iam_policy.rb +125 -125
- data/lib/resources/aws/aws_iam_role.rb +51 -51
- data/lib/resources/aws/aws_iam_root_user.rb +78 -60
- data/lib/resources/aws/aws_iam_user.rb +111 -111
- data/lib/resources/aws/aws_iam_users.rb +108 -108
- data/lib/resources/aws/aws_kms_key.rb +96 -96
- data/lib/resources/aws/aws_kms_keys.rb +53 -53
- data/lib/resources/aws/aws_rds_instance.rb +71 -71
- data/lib/resources/aws/aws_route_table.rb +63 -63
- data/lib/resources/aws/aws_route_tables.rb +60 -0
- data/lib/resources/aws/aws_s3_bucket.rb +115 -115
- data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
- data/lib/resources/aws/aws_s3_buckets.rb +51 -0
- data/lib/resources/aws/aws_security_group.rb +93 -93
- data/lib/resources/aws/aws_security_groups.rb +68 -68
- data/lib/resources/aws/aws_sns_subscription.rb +78 -78
- data/lib/resources/aws/aws_sns_topic.rb +53 -53
- data/lib/resources/aws/aws_sns_topics.rb +56 -56
- data/lib/resources/aws/aws_subnet.rb +88 -88
- data/lib/resources/aws/aws_subnets.rb +53 -53
- data/lib/resources/aws/aws_vpc.rb +69 -69
- data/lib/resources/aws/aws_vpcs.rb +45 -45
- data/lib/resources/azure/azure_backend.rb +377 -377
- data/lib/resources/azure/azure_generic_resource.rb +59 -59
- data/lib/resources/azure/azure_resource_group.rb +152 -152
- data/lib/resources/azure/azure_virtual_machine.rb +264 -264
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
- data/lib/resources/bash.rb +35 -35
- data/lib/resources/bond.rb +69 -69
- data/lib/resources/bridge.rb +122 -122
- data/lib/resources/chocolatey_package.rb +78 -0
- data/lib/resources/command.rb +73 -73
- data/lib/resources/cpan.rb +58 -58
- data/lib/resources/cran.rb +64 -64
- data/lib/resources/crontab.rb +169 -169
- data/lib/resources/csv.rb +56 -56
- data/lib/resources/dh_params.rb +77 -77
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +236 -236
- data/lib/resources/docker_container.rb +89 -89
- data/lib/resources/docker_image.rb +83 -83
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +90 -90
- data/lib/resources/elasticsearch.rb +169 -169
- data/lib/resources/etc_fstab.rb +94 -94
- data/lib/resources/etc_group.rb +152 -152
- data/lib/resources/etc_hosts.rb +66 -66
- data/lib/resources/etc_hosts_allow_deny.rb +112 -112
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +143 -143
- data/lib/resources/gem.rb +70 -70
- data/lib/resources/groups.rb +215 -215
- data/lib/resources/grub_conf.rb +227 -227
- data/lib/resources/host.rb +306 -306
- data/lib/resources/http.rb +253 -253
- data/lib/resources/iis_app.rb +101 -101
- data/lib/resources/iis_site.rb +148 -148
- data/lib/resources/inetd_conf.rb +54 -54
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +129 -129
- data/lib/resources/iptables.rb +80 -80
- data/lib/resources/json.rb +107 -107
- data/lib/resources/kernel_module.rb +107 -107
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +61 -61
- data/lib/resources/limits_conf.rb +46 -46
- data/lib/resources/login_def.rb +57 -57
- data/lib/resources/mount.rb +88 -88
- data/lib/resources/mssql_session.rb +101 -101
- data/lib/resources/mysql.rb +82 -81
- data/lib/resources/mysql_conf.rb +127 -127
- data/lib/resources/mysql_session.rb +85 -85
- data/lib/resources/nginx.rb +96 -96
- data/lib/resources/nginx_conf.rb +226 -226
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +51 -51
- data/lib/resources/oneget.rb +71 -71
- data/lib/resources/oracledb_session.rb +139 -139
- data/lib/resources/os.rb +36 -36
- data/lib/resources/os_env.rb +75 -75
- data/lib/resources/package.rb +370 -370
- data/lib/resources/packages.rb +111 -111
- data/lib/resources/parse_config.rb +112 -112
- data/lib/resources/passwd.rb +76 -76
- data/lib/resources/pip.rb +130 -130
- data/lib/resources/platform.rb +109 -109
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +131 -130
- data/lib/resources/postgres_conf.rb +114 -114
- data/lib/resources/postgres_hba_conf.rb +90 -90
- data/lib/resources/postgres_ident_conf.rb +79 -79
- data/lib/resources/postgres_session.rb +71 -71
- data/lib/resources/powershell.rb +66 -66
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +51 -51
- data/lib/resources/registry_key.rb +297 -297
- data/lib/resources/security_policy.rb +180 -180
- data/lib/resources/service.rb +794 -790
- data/lib/resources/shadow.rb +149 -149
- data/lib/resources/ssh_conf.rb +97 -97
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +28 -28
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +654 -654
- data/lib/resources/vbscript.rb +68 -68
- data/lib/resources/virtualization.rb +247 -247
- data/lib/resources/windows_feature.rb +84 -84
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +102 -102
- data/lib/resources/wmi.rb +110 -110
- data/lib/resources/x509_certificate.rb +137 -137
- data/lib/resources/xinetd.rb +106 -106
- data/lib/resources/xml.rb +46 -46
- data/lib/resources/yaml.rb +43 -43
- data/lib/resources/yum.rb +180 -180
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/file_reader.rb +25 -25
- data/lib/utils/filter.rb +273 -273
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +44 -44
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +85 -85
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +120 -120
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +9 -2
@@ -1,63 +1,63 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
# copyright: 2015, Vulcano Security GmbH
|
3
|
-
|
4
|
-
# Advanced Auditing:
|
5
|
-
# As soon as you start applying Advanced Audit Configuration Policy, legacy policies will be completely ignored.
|
6
|
-
# reference: https://technet.microsoft.com/en-us/library/cc753632.aspx
|
7
|
-
# use:
|
8
|
-
# - list all categories: Auditpol /list /subcategory:* /r
|
9
|
-
# - list parameters: Auditpol /get /category:"System" /subcategory:"IPsec Driver"
|
10
|
-
# - list specific parameter: Auditpol /get /subcategory:"IPsec Driver"
|
11
|
-
#
|
12
|
-
# @link: http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx
|
13
|
-
#
|
14
|
-
# Valid values are:
|
15
|
-
#
|
16
|
-
# - "No Auditing"
|
17
|
-
# - "Not Specified"
|
18
|
-
# - "Success"
|
19
|
-
# - "Success and Failure"
|
20
|
-
# - "Failure"
|
21
|
-
#
|
22
|
-
# Further information is available at: https://msdn.microsoft.com/en-us/library/dd973859.aspx
|
23
|
-
|
24
|
-
module Inspec::Resources
|
25
|
-
class AuditPolicy < Inspec.resource(1)
|
26
|
-
name 'audit_policy'
|
27
|
-
supports platform: 'windows'
|
28
|
-
desc 'Use the audit_policy InSpec audit resource to test auditing policies on the Microsoft Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to No Auditing, Not Specified, Success, Success and Failure, or Failure.'
|
29
|
-
example "
|
30
|
-
describe audit_policy do
|
31
|
-
its('parameter') { should eq 'value' }
|
32
|
-
end
|
33
|
-
"
|
34
|
-
|
35
|
-
def method_missing(method)
|
36
|
-
key = method.to_s
|
37
|
-
|
38
|
-
# expected result:
|
39
|
-
# Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
|
40
|
-
# WIN-MB8NINQ388J,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,
|
41
|
-
result ||= inspec.command("Auditpol /get /subcategory:'#{key}' /r").stdout
|
42
|
-
|
43
|
-
# find line
|
44
|
-
target = nil
|
45
|
-
result.each_line do |s|
|
46
|
-
target = s.strip if s =~ /\b.*#{key}.*\b/
|
47
|
-
end
|
48
|
-
|
49
|
-
# extract value
|
50
|
-
values = nil
|
51
|
-
unless target.nil?
|
52
|
-
# split csv values and return value
|
53
|
-
values = target.split(',')[4]
|
54
|
-
end
|
55
|
-
|
56
|
-
values
|
57
|
-
end
|
58
|
-
|
59
|
-
def to_s
|
60
|
-
'Audit Policy'
|
61
|
-
end
|
62
|
-
end
|
63
|
-
end
|
1
|
+
# encoding: utf-8
|
2
|
+
# copyright: 2015, Vulcano Security GmbH
|
3
|
+
|
4
|
+
# Advanced Auditing:
|
5
|
+
# As soon as you start applying Advanced Audit Configuration Policy, legacy policies will be completely ignored.
|
6
|
+
# reference: https://technet.microsoft.com/en-us/library/cc753632.aspx
|
7
|
+
# use:
|
8
|
+
# - list all categories: Auditpol /list /subcategory:* /r
|
9
|
+
# - list parameters: Auditpol /get /category:"System" /subcategory:"IPsec Driver"
|
10
|
+
# - list specific parameter: Auditpol /get /subcategory:"IPsec Driver"
|
11
|
+
#
|
12
|
+
# @link: http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx
|
13
|
+
#
|
14
|
+
# Valid values are:
|
15
|
+
#
|
16
|
+
# - "No Auditing"
|
17
|
+
# - "Not Specified"
|
18
|
+
# - "Success"
|
19
|
+
# - "Success and Failure"
|
20
|
+
# - "Failure"
|
21
|
+
#
|
22
|
+
# Further information is available at: https://msdn.microsoft.com/en-us/library/dd973859.aspx
|
23
|
+
|
24
|
+
module Inspec::Resources
|
25
|
+
class AuditPolicy < Inspec.resource(1)
|
26
|
+
name 'audit_policy'
|
27
|
+
supports platform: 'windows'
|
28
|
+
desc 'Use the audit_policy InSpec audit resource to test auditing policies on the Microsoft Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to No Auditing, Not Specified, Success, Success and Failure, or Failure.'
|
29
|
+
example "
|
30
|
+
describe audit_policy do
|
31
|
+
its('parameter') { should eq 'value' }
|
32
|
+
end
|
33
|
+
"
|
34
|
+
|
35
|
+
def method_missing(method)
|
36
|
+
key = method.to_s
|
37
|
+
|
38
|
+
# expected result:
|
39
|
+
# Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
|
40
|
+
# WIN-MB8NINQ388J,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,
|
41
|
+
result ||= inspec.command("Auditpol /get /subcategory:'#{key}' /r").stdout
|
42
|
+
|
43
|
+
# find line
|
44
|
+
target = nil
|
45
|
+
result.each_line do |s|
|
46
|
+
target = s.strip if s =~ /\b.*#{key}.*\b/
|
47
|
+
end
|
48
|
+
|
49
|
+
# extract value
|
50
|
+
values = nil
|
51
|
+
unless target.nil?
|
52
|
+
# split csv values and return value
|
53
|
+
values = target.split(',')[4]
|
54
|
+
end
|
55
|
+
|
56
|
+
values
|
57
|
+
end
|
58
|
+
|
59
|
+
def to_s
|
60
|
+
'Audit Policy'
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
data/lib/resources/auditd.rb
CHANGED
@@ -1,231 +1,231 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
|
3
|
-
require 'forwardable'
|
4
|
-
require 'utils/filter_array'
|
5
|
-
require 'utils/filter'
|
6
|
-
require 'utils/parser'
|
7
|
-
|
8
|
-
module Inspec::Resources
|
9
|
-
class AuditDaemon < Inspec.resource(1)
|
10
|
-
extend Forwardable
|
11
|
-
attr_accessor :lines
|
12
|
-
attr_reader :params
|
13
|
-
|
14
|
-
name 'auditd'
|
15
|
-
supports platform: 'unix'
|
16
|
-
desc 'Use the auditd InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command.'
|
17
|
-
example "
|
18
|
-
describe auditd.syscall('chown').where {arch == 'b32'} do
|
19
|
-
its('action') { should eq ['always'] }
|
20
|
-
its('list') { should eq ['exit'] }
|
21
|
-
end
|
22
|
-
|
23
|
-
describe auditd.where {key == 'privileged'} do
|
24
|
-
its('permissions') { should include ['x'] }
|
25
|
-
end
|
26
|
-
|
27
|
-
describe auditd do
|
28
|
-
its('lines') { should include %r(-w /etc/ssh/sshd_config) }
|
29
|
-
end
|
30
|
-
"
|
31
|
-
|
32
|
-
def initialize
|
33
|
-
@content = inspec.command('/sbin/auditctl -l').stdout.chomp
|
34
|
-
@params = []
|
35
|
-
|
36
|
-
if @content =~ /^LIST_RULES:/
|
37
|
-
return skip_resource 'The version of audit is outdated. The `auditd` resource supports versions of audit >= 2.3.'
|
38
|
-
end
|
39
|
-
parse_content
|
40
|
-
end
|
41
|
-
|
42
|
-
filter = FilterTable.create
|
43
|
-
filter.add_accessor(:where)
|
44
|
-
.add_accessor(:entries)
|
45
|
-
.add(:file, field: 'file')
|
46
|
-
.add(:list, field: 'list')
|
47
|
-
.add(:action, field: 'action')
|
48
|
-
.add(:fields, field: 'fields')
|
49
|
-
.add(:fields_nokey, field: 'fields_nokey')
|
50
|
-
.add(:syscall, field: 'syscall')
|
51
|
-
.add(:key, field: 'key')
|
52
|
-
.add(:arch, field: 'arch')
|
53
|
-
.add(:path, field: 'path')
|
54
|
-
.add(:permissions, field: 'permissions')
|
55
|
-
.add(:exit, field: 'exit')
|
56
|
-
|
57
|
-
filter.connect(self, :params)
|
58
|
-
|
59
|
-
def status(name = nil)
|
60
|
-
@status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp
|
61
|
-
@status_params ||= Hash[@status_content.scan(/^([^ ]+) (.*)$/)]
|
62
|
-
|
63
|
-
return @status_params[name] if name
|
64
|
-
@status_params
|
65
|
-
end
|
66
|
-
|
67
|
-
def parse_content
|
68
|
-
@lines = @content.lines.map(&:chomp)
|
69
|
-
|
70
|
-
lines.each do |line|
|
71
|
-
if is_file_syscall_syntax?(line)
|
72
|
-
file_syscall_syntax_rules_for(line)
|
73
|
-
end
|
74
|
-
|
75
|
-
if is_syscall?(line)
|
76
|
-
syscall_rules_for(line)
|
77
|
-
|
78
|
-
elsif is_file?(line)
|
79
|
-
file_rules_for(line)
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
83
|
-
|
84
|
-
def file_syscall_syntax_rules_for(line)
|
85
|
-
file = file_syscall_syntax_for(line)
|
86
|
-
action, list = action_list_for(line)
|
87
|
-
fields = rule_fields_for(line)
|
88
|
-
key_field, fields_nokey = remove_key_from(fields)
|
89
|
-
key = key_in(key_field.join(''))
|
90
|
-
perms = perms_in(fields)
|
91
|
-
|
92
|
-
@params.push(
|
93
|
-
{
|
94
|
-
'file' => file,
|
95
|
-
'list' => list,
|
96
|
-
'action' => action,
|
97
|
-
'fields' => fields,
|
98
|
-
'permissions' => perms,
|
99
|
-
'key' => key,
|
100
|
-
'fields_nokey' => fields_nokey,
|
101
|
-
},
|
102
|
-
)
|
103
|
-
end
|
104
|
-
|
105
|
-
def syscall_rules_for(line)
|
106
|
-
syscalls = syscalls_for(line)
|
107
|
-
action, list = action_list_for(line)
|
108
|
-
fields = rule_fields_for(line)
|
109
|
-
key_field, fields_nokey = remove_key_from(fields)
|
110
|
-
key = key_in(key_field.join(''))
|
111
|
-
arch = arch_in(fields)
|
112
|
-
path = path_in(fields)
|
113
|
-
perms = perms_in(fields)
|
114
|
-
exit_field = exit_in(fields)
|
115
|
-
|
116
|
-
syscalls.each do |s|
|
117
|
-
@params.push(
|
118
|
-
{
|
119
|
-
'syscall' => s,
|
120
|
-
'list' => list,
|
121
|
-
'action' => action,
|
122
|
-
'fields' => fields,
|
123
|
-
'key' => key,
|
124
|
-
'arch' => arch,
|
125
|
-
'path' => path,
|
126
|
-
'permissions' => perms,
|
127
|
-
'exit' => exit_field,
|
128
|
-
'fields_nokey' => fields_nokey,
|
129
|
-
},
|
130
|
-
)
|
131
|
-
end
|
132
|
-
end
|
133
|
-
|
134
|
-
def file_rules_for(line)
|
135
|
-
file = file_for(line)
|
136
|
-
perms = permissions_for(line)
|
137
|
-
key = key_for(line)
|
138
|
-
|
139
|
-
@params.push(
|
140
|
-
{
|
141
|
-
'file' => file,
|
142
|
-
'key' => key,
|
143
|
-
'permissions' => perms,
|
144
|
-
},
|
145
|
-
)
|
146
|
-
end
|
147
|
-
|
148
|
-
def to_s
|
149
|
-
'Auditd Rules'
|
150
|
-
end
|
151
|
-
|
152
|
-
private
|
153
|
-
|
154
|
-
def is_syscall?(line)
|
155
|
-
line.match(/-S /)
|
156
|
-
end
|
157
|
-
|
158
|
-
def is_file?(line)
|
159
|
-
line.match(/-w /)
|
160
|
-
end
|
161
|
-
|
162
|
-
def is_file_syscall_syntax?(line)
|
163
|
-
line.match(/-F path=/)
|
164
|
-
end
|
165
|
-
|
166
|
-
def syscalls_for(line)
|
167
|
-
line.scan(/-S ([^ ]+)\s?/).flatten.first.split(',')
|
168
|
-
end
|
169
|
-
|
170
|
-
def action_list_for(line)
|
171
|
-
line.scan(/-a ([^,]+),([^ ]+)\s?/).flatten
|
172
|
-
end
|
173
|
-
|
174
|
-
def key_for(line)
|
175
|
-
line.match(/-k ([^ ]+)\s?/)[1] if line.include?('-k ')
|
176
|
-
end
|
177
|
-
|
178
|
-
def file_for(line)
|
179
|
-
line.match(/-w ([^ ]+)\s?/)[1]
|
180
|
-
end
|
181
|
-
|
182
|
-
def file_syscall_syntax_for(line)
|
183
|
-
line.match(/-F path=(\S+)\s?/)[1]
|
184
|
-
end
|
185
|
-
|
186
|
-
def permissions_for(line)
|
187
|
-
line.match(/-p ([^ ]+)/)[1].scan(/\w/)
|
188
|
-
end
|
189
|
-
|
190
|
-
def rule_fields_for(line)
|
191
|
-
line.gsub(/-[aS] [^ ]+ /, '').split('-F ').map { |l| l.split(' ') }.flatten
|
192
|
-
end
|
193
|
-
|
194
|
-
def arch_in(fields)
|
195
|
-
fields.each do |field|
|
196
|
-
return field.match(/arch=(\S+)\s?/)[1] if field.start_with?('arch=')
|
197
|
-
end
|
198
|
-
nil
|
199
|
-
end
|
200
|
-
|
201
|
-
def perms_in(fields)
|
202
|
-
fields.each do |field|
|
203
|
-
return field.match(/perm=(\S+)\s?/)[1].scan(/\w/) if field.start_with?('perm=')
|
204
|
-
end
|
205
|
-
nil
|
206
|
-
end
|
207
|
-
|
208
|
-
def path_in(fields)
|
209
|
-
fields.each do |field|
|
210
|
-
return field.match(/path=(\S+)\s?/)[1] if field.start_with?('path=')
|
211
|
-
end
|
212
|
-
nil
|
213
|
-
end
|
214
|
-
|
215
|
-
def exit_in(fields)
|
216
|
-
fields.each do |field|
|
217
|
-
return field.match(/exit=(\S+)\s?/)[1] if field.start_with?('exit=')
|
218
|
-
end
|
219
|
-
nil
|
220
|
-
end
|
221
|
-
|
222
|
-
def key_in(field)
|
223
|
-
_, v = field.split('=')
|
224
|
-
v
|
225
|
-
end
|
226
|
-
|
227
|
-
def remove_key_from(fields)
|
228
|
-
fields.partition { |x| x.start_with? 'key' }
|
229
|
-
end
|
230
|
-
end
|
231
|
-
end
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
require 'forwardable'
|
4
|
+
require 'utils/filter_array'
|
5
|
+
require 'utils/filter'
|
6
|
+
require 'utils/parser'
|
7
|
+
|
8
|
+
module Inspec::Resources
|
9
|
+
class AuditDaemon < Inspec.resource(1)
|
10
|
+
extend Forwardable
|
11
|
+
attr_accessor :lines
|
12
|
+
attr_reader :params
|
13
|
+
|
14
|
+
name 'auditd'
|
15
|
+
supports platform: 'unix'
|
16
|
+
desc 'Use the auditd InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command.'
|
17
|
+
example "
|
18
|
+
describe auditd.syscall('chown').where {arch == 'b32'} do
|
19
|
+
its('action') { should eq ['always'] }
|
20
|
+
its('list') { should eq ['exit'] }
|
21
|
+
end
|
22
|
+
|
23
|
+
describe auditd.where {key == 'privileged'} do
|
24
|
+
its('permissions') { should include ['x'] }
|
25
|
+
end
|
26
|
+
|
27
|
+
describe auditd do
|
28
|
+
its('lines') { should include %r(-w /etc/ssh/sshd_config) }
|
29
|
+
end
|
30
|
+
"
|
31
|
+
|
32
|
+
def initialize
|
33
|
+
@content = inspec.command('/sbin/auditctl -l').stdout.chomp
|
34
|
+
@params = []
|
35
|
+
|
36
|
+
if @content =~ /^LIST_RULES:/
|
37
|
+
return skip_resource 'The version of audit is outdated. The `auditd` resource supports versions of audit >= 2.3.'
|
38
|
+
end
|
39
|
+
parse_content
|
40
|
+
end
|
41
|
+
|
42
|
+
filter = FilterTable.create
|
43
|
+
filter.add_accessor(:where)
|
44
|
+
.add_accessor(:entries)
|
45
|
+
.add(:file, field: 'file')
|
46
|
+
.add(:list, field: 'list')
|
47
|
+
.add(:action, field: 'action')
|
48
|
+
.add(:fields, field: 'fields')
|
49
|
+
.add(:fields_nokey, field: 'fields_nokey')
|
50
|
+
.add(:syscall, field: 'syscall')
|
51
|
+
.add(:key, field: 'key')
|
52
|
+
.add(:arch, field: 'arch')
|
53
|
+
.add(:path, field: 'path')
|
54
|
+
.add(:permissions, field: 'permissions')
|
55
|
+
.add(:exit, field: 'exit')
|
56
|
+
|
57
|
+
filter.connect(self, :params)
|
58
|
+
|
59
|
+
def status(name = nil)
|
60
|
+
@status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp
|
61
|
+
@status_params ||= Hash[@status_content.scan(/^([^ ]+) (.*)$/)]
|
62
|
+
|
63
|
+
return @status_params[name] if name
|
64
|
+
@status_params
|
65
|
+
end
|
66
|
+
|
67
|
+
def parse_content
|
68
|
+
@lines = @content.lines.map(&:chomp)
|
69
|
+
|
70
|
+
lines.each do |line|
|
71
|
+
if is_file_syscall_syntax?(line)
|
72
|
+
file_syscall_syntax_rules_for(line)
|
73
|
+
end
|
74
|
+
|
75
|
+
if is_syscall?(line)
|
76
|
+
syscall_rules_for(line)
|
77
|
+
|
78
|
+
elsif is_file?(line)
|
79
|
+
file_rules_for(line)
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
def file_syscall_syntax_rules_for(line)
|
85
|
+
file = file_syscall_syntax_for(line)
|
86
|
+
action, list = action_list_for(line)
|
87
|
+
fields = rule_fields_for(line)
|
88
|
+
key_field, fields_nokey = remove_key_from(fields)
|
89
|
+
key = key_in(key_field.join(''))
|
90
|
+
perms = perms_in(fields)
|
91
|
+
|
92
|
+
@params.push(
|
93
|
+
{
|
94
|
+
'file' => file,
|
95
|
+
'list' => list,
|
96
|
+
'action' => action,
|
97
|
+
'fields' => fields,
|
98
|
+
'permissions' => perms,
|
99
|
+
'key' => key,
|
100
|
+
'fields_nokey' => fields_nokey,
|
101
|
+
},
|
102
|
+
)
|
103
|
+
end
|
104
|
+
|
105
|
+
def syscall_rules_for(line)
|
106
|
+
syscalls = syscalls_for(line)
|
107
|
+
action, list = action_list_for(line)
|
108
|
+
fields = rule_fields_for(line)
|
109
|
+
key_field, fields_nokey = remove_key_from(fields)
|
110
|
+
key = key_in(key_field.join(''))
|
111
|
+
arch = arch_in(fields)
|
112
|
+
path = path_in(fields)
|
113
|
+
perms = perms_in(fields)
|
114
|
+
exit_field = exit_in(fields)
|
115
|
+
|
116
|
+
syscalls.each do |s|
|
117
|
+
@params.push(
|
118
|
+
{
|
119
|
+
'syscall' => s,
|
120
|
+
'list' => list,
|
121
|
+
'action' => action,
|
122
|
+
'fields' => fields,
|
123
|
+
'key' => key,
|
124
|
+
'arch' => arch,
|
125
|
+
'path' => path,
|
126
|
+
'permissions' => perms,
|
127
|
+
'exit' => exit_field,
|
128
|
+
'fields_nokey' => fields_nokey,
|
129
|
+
},
|
130
|
+
)
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
def file_rules_for(line)
|
135
|
+
file = file_for(line)
|
136
|
+
perms = permissions_for(line)
|
137
|
+
key = key_for(line)
|
138
|
+
|
139
|
+
@params.push(
|
140
|
+
{
|
141
|
+
'file' => file,
|
142
|
+
'key' => key,
|
143
|
+
'permissions' => perms,
|
144
|
+
},
|
145
|
+
)
|
146
|
+
end
|
147
|
+
|
148
|
+
def to_s
|
149
|
+
'Auditd Rules'
|
150
|
+
end
|
151
|
+
|
152
|
+
private
|
153
|
+
|
154
|
+
def is_syscall?(line)
|
155
|
+
line.match(/-S /)
|
156
|
+
end
|
157
|
+
|
158
|
+
def is_file?(line)
|
159
|
+
line.match(/-w /)
|
160
|
+
end
|
161
|
+
|
162
|
+
def is_file_syscall_syntax?(line)
|
163
|
+
line.match(/-F path=/)
|
164
|
+
end
|
165
|
+
|
166
|
+
def syscalls_for(line)
|
167
|
+
line.scan(/-S ([^ ]+)\s?/).flatten.first.split(',')
|
168
|
+
end
|
169
|
+
|
170
|
+
def action_list_for(line)
|
171
|
+
line.scan(/-a ([^,]+),([^ ]+)\s?/).flatten
|
172
|
+
end
|
173
|
+
|
174
|
+
def key_for(line)
|
175
|
+
line.match(/-k ([^ ]+)\s?/)[1] if line.include?('-k ')
|
176
|
+
end
|
177
|
+
|
178
|
+
def file_for(line)
|
179
|
+
line.match(/-w ([^ ]+)\s?/)[1]
|
180
|
+
end
|
181
|
+
|
182
|
+
def file_syscall_syntax_for(line)
|
183
|
+
line.match(/-F path=(\S+)\s?/)[1]
|
184
|
+
end
|
185
|
+
|
186
|
+
def permissions_for(line)
|
187
|
+
line.match(/-p ([^ ]+)/)[1].scan(/\w/)
|
188
|
+
end
|
189
|
+
|
190
|
+
def rule_fields_for(line)
|
191
|
+
line.gsub(/-[aS] [^ ]+ /, '').split('-F ').map { |l| l.split(' ') }.flatten
|
192
|
+
end
|
193
|
+
|
194
|
+
def arch_in(fields)
|
195
|
+
fields.each do |field|
|
196
|
+
return field.match(/arch=(\S+)\s?/)[1] if field.start_with?('arch=')
|
197
|
+
end
|
198
|
+
nil
|
199
|
+
end
|
200
|
+
|
201
|
+
def perms_in(fields)
|
202
|
+
fields.each do |field|
|
203
|
+
return field.match(/perm=(\S+)\s?/)[1].scan(/\w/) if field.start_with?('perm=')
|
204
|
+
end
|
205
|
+
nil
|
206
|
+
end
|
207
|
+
|
208
|
+
def path_in(fields)
|
209
|
+
fields.each do |field|
|
210
|
+
return field.match(/path=(\S+)\s?/)[1] if field.start_with?('path=')
|
211
|
+
end
|
212
|
+
nil
|
213
|
+
end
|
214
|
+
|
215
|
+
def exit_in(fields)
|
216
|
+
fields.each do |field|
|
217
|
+
return field.match(/exit=(\S+)\s?/)[1] if field.start_with?('exit=')
|
218
|
+
end
|
219
|
+
nil
|
220
|
+
end
|
221
|
+
|
222
|
+
def key_in(field)
|
223
|
+
_, v = field.split('=')
|
224
|
+
v
|
225
|
+
end
|
226
|
+
|
227
|
+
def remove_key_from(fields)
|
228
|
+
fields.partition { |x| x.start_with? 'key' }
|
229
|
+
end
|
230
|
+
end
|
231
|
+
end
|