inspec 2.1.81 → 2.1.83

Sign up to get free protection for your applications and to get access to all the features.
Files changed (507) hide show
  1. checksums.yaml +5 -5
  2. data/.rubocop.yml +101 -101
  3. data/CHANGELOG.md +3183 -3177
  4. data/Gemfile +56 -56
  5. data/LICENSE +14 -14
  6. data/MAINTAINERS.md +33 -33
  7. data/MAINTAINERS.toml +52 -52
  8. data/README.md +453 -453
  9. data/Rakefile +349 -349
  10. data/bin/inspec +12 -12
  11. data/docs/.gitignore +2 -2
  12. data/docs/README.md +41 -40
  13. data/docs/dev/control-eval.md +61 -61
  14. data/docs/dsl_inspec.md +258 -258
  15. data/docs/dsl_resource.md +100 -100
  16. data/docs/glossary.md +99 -99
  17. data/docs/habitat.md +191 -191
  18. data/docs/inspec_and_friends.md +114 -114
  19. data/docs/matchers.md +169 -169
  20. data/docs/migration.md +293 -293
  21. data/docs/platforms.md +118 -118
  22. data/docs/plugin_kitchen_inspec.md +50 -50
  23. data/docs/profiles.md +378 -378
  24. data/docs/reporters.md +105 -105
  25. data/docs/resources/aide_conf.md.erb +75 -75
  26. data/docs/resources/apache.md.erb +67 -67
  27. data/docs/resources/apache_conf.md.erb +68 -68
  28. data/docs/resources/apt.md.erb +71 -71
  29. data/docs/resources/audit_policy.md.erb +47 -47
  30. data/docs/resources/auditd.md.erb +79 -79
  31. data/docs/resources/auditd_conf.md.erb +68 -68
  32. data/docs/resources/aws_cloudtrail_trail.md.erb +155 -155
  33. data/docs/resources/aws_cloudtrail_trails.md.erb +86 -86
  34. data/docs/resources/aws_cloudwatch_alarm.md.erb +91 -91
  35. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +154 -154
  36. data/docs/resources/aws_config_delivery_channel.md.erb +101 -101
  37. data/docs/resources/aws_config_recorder.md.erb +86 -86
  38. data/docs/resources/aws_ec2_instance.md.erb +112 -112
  39. data/docs/resources/aws_ec2_instances.md.erb +79 -79
  40. data/docs/resources/aws_iam_access_key.md.erb +129 -129
  41. data/docs/resources/aws_iam_access_keys.md.erb +204 -204
  42. data/docs/resources/aws_iam_group.md.erb +64 -64
  43. data/docs/resources/aws_iam_groups.md.erb +49 -49
  44. data/docs/resources/aws_iam_password_policy.md.erb +82 -82
  45. data/docs/resources/aws_iam_policies.md.erb +87 -87
  46. data/docs/resources/aws_iam_policy.md.erb +245 -245
  47. data/docs/resources/aws_iam_role.md.erb +69 -69
  48. data/docs/resources/aws_iam_root_user.md.erb +76 -76
  49. data/docs/resources/aws_iam_user.md.erb +120 -120
  50. data/docs/resources/aws_iam_users.md.erb +279 -279
  51. data/docs/resources/aws_kms_key.md.erb +177 -177
  52. data/docs/resources/aws_kms_keys.md.erb +89 -89
  53. data/docs/resources/aws_rds_instance.md.erb +66 -66
  54. data/docs/resources/aws_route_table.md.erb +53 -53
  55. data/docs/resources/aws_route_tables.md.erb +55 -55
  56. data/docs/resources/aws_s3_bucket.md.erb +146 -146
  57. data/docs/resources/aws_s3_bucket_object.md.erb +89 -89
  58. data/docs/resources/aws_s3_buckets.md.erb +59 -59
  59. data/docs/resources/aws_security_group.md.erb +296 -296
  60. data/docs/resources/aws_security_groups.md.erb +97 -97
  61. data/docs/resources/aws_sns_subscription.md.erb +130 -130
  62. data/docs/resources/aws_sns_topic.md.erb +69 -69
  63. data/docs/resources/aws_sns_topics.md.erb +58 -58
  64. data/docs/resources/aws_subnet.md.erb +140 -140
  65. data/docs/resources/aws_subnets.md.erb +132 -132
  66. data/docs/resources/aws_vpc.md.erb +125 -125
  67. data/docs/resources/aws_vpcs.md.erb +125 -125
  68. data/docs/resources/azure_generic_resource.md.erb +171 -171
  69. data/docs/resources/azure_resource_group.md.erb +284 -284
  70. data/docs/resources/azure_virtual_machine.md.erb +347 -347
  71. data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
  72. data/docs/resources/bash.md.erb +75 -75
  73. data/docs/resources/bond.md.erb +90 -90
  74. data/docs/resources/bridge.md.erb +57 -57
  75. data/docs/resources/bsd_service.md.erb +67 -67
  76. data/docs/resources/chocolatey_package.md.erb +58 -58
  77. data/docs/resources/command.md.erb +138 -138
  78. data/docs/resources/cpan.md.erb +79 -79
  79. data/docs/resources/cran.md.erb +64 -64
  80. data/docs/resources/crontab.md.erb +89 -89
  81. data/docs/resources/csv.md.erb +54 -54
  82. data/docs/resources/dh_params.md.erb +205 -205
  83. data/docs/resources/directory.md.erb +30 -30
  84. data/docs/resources/docker.md.erb +219 -219
  85. data/docs/resources/docker_container.md.erb +103 -103
  86. data/docs/resources/docker_image.md.erb +94 -94
  87. data/docs/resources/docker_service.md.erb +114 -114
  88. data/docs/resources/elasticsearch.md.erb +242 -242
  89. data/docs/resources/etc_fstab.md.erb +125 -125
  90. data/docs/resources/etc_group.md.erb +75 -75
  91. data/docs/resources/etc_hosts.md.erb +78 -78
  92. data/docs/resources/etc_hosts_allow.md.erb +74 -74
  93. data/docs/resources/etc_hosts_deny.md.erb +74 -74
  94. data/docs/resources/file.md.erb +526 -526
  95. data/docs/resources/filesystem.md.erb +41 -41
  96. data/docs/resources/firewalld.md.erb +107 -107
  97. data/docs/resources/gem.md.erb +79 -79
  98. data/docs/resources/group.md.erb +61 -61
  99. data/docs/resources/grub_conf.md.erb +101 -101
  100. data/docs/resources/host.md.erb +86 -86
  101. data/docs/resources/http.md.erb +197 -197
  102. data/docs/resources/iis_app.md.erb +122 -122
  103. data/docs/resources/iis_site.md.erb +135 -135
  104. data/docs/resources/inetd_conf.md.erb +94 -94
  105. data/docs/resources/ini.md.erb +76 -76
  106. data/docs/resources/interface.md.erb +58 -58
  107. data/docs/resources/iptables.md.erb +64 -64
  108. data/docs/resources/json.md.erb +63 -63
  109. data/docs/resources/kernel_module.md.erb +120 -120
  110. data/docs/resources/kernel_parameter.md.erb +53 -53
  111. data/docs/resources/key_rsa.md.erb +85 -85
  112. data/docs/resources/launchd_service.md.erb +57 -57
  113. data/docs/resources/limits_conf.md.erb +75 -75
  114. data/docs/resources/login_defs.md.erb +71 -71
  115. data/docs/resources/mount.md.erb +69 -69
  116. data/docs/resources/mssql_session.md.erb +60 -60
  117. data/docs/resources/mysql_conf.md.erb +99 -99
  118. data/docs/resources/mysql_session.md.erb +74 -74
  119. data/docs/resources/nginx.md.erb +79 -79
  120. data/docs/resources/nginx_conf.md.erb +138 -138
  121. data/docs/resources/npm.md.erb +60 -60
  122. data/docs/resources/ntp_conf.md.erb +60 -60
  123. data/docs/resources/oneget.md.erb +53 -53
  124. data/docs/resources/oracledb_session.md.erb +52 -52
  125. data/docs/resources/os.md.erb +141 -141
  126. data/docs/resources/os_env.md.erb +91 -91
  127. data/docs/resources/package.md.erb +120 -120
  128. data/docs/resources/packages.md.erb +67 -67
  129. data/docs/resources/parse_config.md.erb +103 -103
  130. data/docs/resources/parse_config_file.md.erb +138 -138
  131. data/docs/resources/passwd.md.erb +141 -141
  132. data/docs/resources/pip.md.erb +67 -67
  133. data/docs/resources/port.md.erb +137 -137
  134. data/docs/resources/postgres_conf.md.erb +79 -79
  135. data/docs/resources/postgres_hba_conf.md.erb +93 -93
  136. data/docs/resources/postgres_ident_conf.md.erb +76 -76
  137. data/docs/resources/postgres_session.md.erb +69 -69
  138. data/docs/resources/powershell.md.erb +102 -102
  139. data/docs/resources/processes.md.erb +109 -109
  140. data/docs/resources/rabbitmq_config.md.erb +41 -41
  141. data/docs/resources/registry_key.md.erb +158 -158
  142. data/docs/resources/runit_service.md.erb +57 -57
  143. data/docs/resources/security_policy.md.erb +47 -47
  144. data/docs/resources/service.md.erb +121 -121
  145. data/docs/resources/shadow.md.erb +146 -146
  146. data/docs/resources/ssh_config.md.erb +73 -73
  147. data/docs/resources/sshd_config.md.erb +83 -83
  148. data/docs/resources/ssl.md.erb +119 -119
  149. data/docs/resources/sys_info.md.erb +42 -42
  150. data/docs/resources/systemd_service.md.erb +57 -57
  151. data/docs/resources/sysv_service.md.erb +57 -57
  152. data/docs/resources/upstart_service.md.erb +57 -57
  153. data/docs/resources/user.md.erb +140 -140
  154. data/docs/resources/users.md.erb +127 -127
  155. data/docs/resources/vbscript.md.erb +55 -55
  156. data/docs/resources/virtualization.md.erb +57 -57
  157. data/docs/resources/windows_feature.md.erb +47 -47
  158. data/docs/resources/windows_hotfix.md.erb +53 -53
  159. data/docs/resources/windows_task.md.erb +95 -95
  160. data/docs/resources/wmi.md.erb +81 -81
  161. data/docs/resources/x509_certificate.md.erb +151 -151
  162. data/docs/resources/xinetd_conf.md.erb +156 -156
  163. data/docs/resources/xml.md.erb +85 -85
  164. data/docs/resources/yaml.md.erb +69 -69
  165. data/docs/resources/yum.md.erb +98 -98
  166. data/docs/resources/zfs_dataset.md.erb +53 -53
  167. data/docs/resources/zfs_pool.md.erb +47 -47
  168. data/docs/ruby_usage.md +203 -203
  169. data/docs/shared/matcher_be.md.erb +1 -1
  170. data/docs/shared/matcher_cmp.md.erb +43 -43
  171. data/docs/shared/matcher_eq.md.erb +3 -3
  172. data/docs/shared/matcher_include.md.erb +1 -1
  173. data/docs/shared/matcher_match.md.erb +1 -1
  174. data/docs/shell.md +217 -217
  175. data/examples/README.md +8 -8
  176. data/examples/inheritance/README.md +65 -65
  177. data/examples/inheritance/controls/example.rb +14 -14
  178. data/examples/inheritance/inspec.yml +15 -15
  179. data/examples/kitchen-ansible/.kitchen.yml +25 -25
  180. data/examples/kitchen-ansible/Gemfile +19 -19
  181. data/examples/kitchen-ansible/README.md +53 -53
  182. data/examples/kitchen-ansible/files/nginx.repo +6 -6
  183. data/examples/kitchen-ansible/tasks/main.yml +16 -16
  184. data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
  185. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
  186. data/examples/kitchen-chef/.kitchen.yml +20 -20
  187. data/examples/kitchen-chef/Berksfile +3 -3
  188. data/examples/kitchen-chef/Gemfile +19 -19
  189. data/examples/kitchen-chef/README.md +27 -27
  190. data/examples/kitchen-chef/metadata.rb +7 -7
  191. data/examples/kitchen-chef/recipes/default.rb +6 -6
  192. data/examples/kitchen-chef/recipes/nginx.rb +30 -30
  193. data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
  194. data/examples/kitchen-puppet/.kitchen.yml +23 -23
  195. data/examples/kitchen-puppet/Gemfile +20 -20
  196. data/examples/kitchen-puppet/Puppetfile +25 -25
  197. data/examples/kitchen-puppet/README.md +53 -53
  198. data/examples/kitchen-puppet/manifests/site.pp +33 -33
  199. data/examples/kitchen-puppet/metadata.json +11 -11
  200. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
  201. data/examples/meta-profile/README.md +37 -37
  202. data/examples/meta-profile/controls/example.rb +13 -13
  203. data/examples/meta-profile/inspec.yml +13 -13
  204. data/examples/profile-attribute.yml +2 -2
  205. data/examples/profile-attribute/README.md +14 -14
  206. data/examples/profile-attribute/controls/example.rb +11 -11
  207. data/examples/profile-attribute/inspec.yml +8 -8
  208. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
  209. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
  210. data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
  211. data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
  212. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
  213. data/examples/profile-aws/inspec.yml +11 -11
  214. data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
  215. data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
  216. data/examples/profile-azure/inspec.yml +11 -11
  217. data/examples/profile-sensitive/README.md +29 -29
  218. data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
  219. data/examples/profile-sensitive/controls/sensitive.rb +9 -9
  220. data/examples/profile-sensitive/inspec.yml +8 -8
  221. data/examples/profile/README.md +48 -48
  222. data/examples/profile/controls/example.rb +23 -23
  223. data/examples/profile/controls/gordon.rb +36 -36
  224. data/examples/profile/controls/meta.rb +34 -34
  225. data/examples/profile/inspec.yml +10 -10
  226. data/examples/profile/libraries/gordon_config.rb +59 -59
  227. data/inspec.gemspec +49 -49
  228. data/lib/bundles/README.md +3 -3
  229. data/lib/bundles/inspec-artifact.rb +7 -7
  230. data/lib/bundles/inspec-artifact/README.md +1 -1
  231. data/lib/bundles/inspec-artifact/cli.rb +277 -277
  232. data/lib/bundles/inspec-compliance.rb +16 -16
  233. data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
  234. data/lib/bundles/inspec-compliance/README.md +193 -193
  235. data/lib/bundles/inspec-compliance/api.rb +360 -360
  236. data/lib/bundles/inspec-compliance/api/login.rb +193 -193
  237. data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
  238. data/lib/bundles/inspec-compliance/cli.rb +260 -260
  239. data/lib/bundles/inspec-compliance/configuration.rb +103 -103
  240. data/lib/bundles/inspec-compliance/http.rb +125 -125
  241. data/lib/bundles/inspec-compliance/support.rb +36 -36
  242. data/lib/bundles/inspec-compliance/target.rb +112 -112
  243. data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
  244. data/lib/bundles/inspec-habitat.rb +12 -12
  245. data/lib/bundles/inspec-habitat/cli.rb +36 -36
  246. data/lib/bundles/inspec-habitat/log.rb +10 -10
  247. data/lib/bundles/inspec-habitat/profile.rb +391 -391
  248. data/lib/bundles/inspec-init.rb +8 -8
  249. data/lib/bundles/inspec-init/README.md +31 -31
  250. data/lib/bundles/inspec-init/cli.rb +97 -97
  251. data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
  252. data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
  253. data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
  254. data/lib/bundles/inspec-supermarket.rb +13 -13
  255. data/lib/bundles/inspec-supermarket/README.md +45 -45
  256. data/lib/bundles/inspec-supermarket/api.rb +84 -84
  257. data/lib/bundles/inspec-supermarket/cli.rb +73 -73
  258. data/lib/bundles/inspec-supermarket/target.rb +34 -34
  259. data/lib/fetchers/git.rb +163 -163
  260. data/lib/fetchers/local.rb +74 -74
  261. data/lib/fetchers/mock.rb +35 -35
  262. data/lib/fetchers/url.rb +247 -247
  263. data/lib/inspec.rb +24 -24
  264. data/lib/inspec/archive/tar.rb +29 -29
  265. data/lib/inspec/archive/zip.rb +19 -19
  266. data/lib/inspec/backend.rb +93 -93
  267. data/lib/inspec/base_cli.rb +368 -368
  268. data/lib/inspec/cached_fetcher.rb +66 -66
  269. data/lib/inspec/cli.rb +292 -292
  270. data/lib/inspec/completions/bash.sh.erb +45 -45
  271. data/lib/inspec/completions/fish.sh.erb +34 -34
  272. data/lib/inspec/completions/zsh.sh.erb +61 -61
  273. data/lib/inspec/control_eval_context.rb +179 -179
  274. data/lib/inspec/dependencies/cache.rb +72 -72
  275. data/lib/inspec/dependencies/dependency_set.rb +92 -92
  276. data/lib/inspec/dependencies/lockfile.rb +115 -115
  277. data/lib/inspec/dependencies/requirement.rb +123 -123
  278. data/lib/inspec/dependencies/resolver.rb +86 -86
  279. data/lib/inspec/describe.rb +27 -27
  280. data/lib/inspec/dsl.rb +66 -66
  281. data/lib/inspec/dsl_shared.rb +33 -33
  282. data/lib/inspec/env_printer.rb +157 -157
  283. data/lib/inspec/errors.rb +14 -14
  284. data/lib/inspec/exceptions.rb +12 -12
  285. data/lib/inspec/expect.rb +45 -45
  286. data/lib/inspec/fetcher.rb +45 -45
  287. data/lib/inspec/file_provider.rb +275 -275
  288. data/lib/inspec/formatters.rb +3 -3
  289. data/lib/inspec/formatters/base.rb +259 -259
  290. data/lib/inspec/formatters/json_rspec.rb +20 -20
  291. data/lib/inspec/formatters/show_progress.rb +12 -12
  292. data/lib/inspec/library_eval_context.rb +58 -58
  293. data/lib/inspec/log.rb +11 -11
  294. data/lib/inspec/metadata.rb +247 -247
  295. data/lib/inspec/method_source.rb +24 -24
  296. data/lib/inspec/objects.rb +14 -14
  297. data/lib/inspec/objects/attribute.rb +75 -75
  298. data/lib/inspec/objects/control.rb +61 -61
  299. data/lib/inspec/objects/describe.rb +92 -92
  300. data/lib/inspec/objects/each_loop.rb +36 -36
  301. data/lib/inspec/objects/list.rb +15 -15
  302. data/lib/inspec/objects/or_test.rb +40 -40
  303. data/lib/inspec/objects/ruby_helper.rb +15 -15
  304. data/lib/inspec/objects/tag.rb +27 -27
  305. data/lib/inspec/objects/test.rb +87 -87
  306. data/lib/inspec/objects/value.rb +27 -27
  307. data/lib/inspec/plugins.rb +60 -60
  308. data/lib/inspec/plugins/cli.rb +24 -24
  309. data/lib/inspec/plugins/fetcher.rb +86 -86
  310. data/lib/inspec/plugins/resource.rb +135 -135
  311. data/lib/inspec/plugins/secret.rb +15 -15
  312. data/lib/inspec/plugins/source_reader.rb +40 -40
  313. data/lib/inspec/polyfill.rb +12 -12
  314. data/lib/inspec/profile.rb +513 -513
  315. data/lib/inspec/profile_context.rb +208 -208
  316. data/lib/inspec/profile_vendor.rb +66 -66
  317. data/lib/inspec/reporters.rb +60 -60
  318. data/lib/inspec/reporters/automate.rb +76 -76
  319. data/lib/inspec/reporters/base.rb +25 -25
  320. data/lib/inspec/reporters/cli.rb +356 -356
  321. data/lib/inspec/reporters/json.rb +117 -117
  322. data/lib/inspec/reporters/json_min.rb +48 -48
  323. data/lib/inspec/reporters/junit.rb +78 -78
  324. data/lib/inspec/require_loader.rb +33 -33
  325. data/lib/inspec/resource.rb +190 -190
  326. data/lib/inspec/rule.rb +280 -280
  327. data/lib/inspec/runner.rb +345 -345
  328. data/lib/inspec/runner_mock.rb +41 -41
  329. data/lib/inspec/runner_rspec.rb +175 -175
  330. data/lib/inspec/runtime_profile.rb +26 -26
  331. data/lib/inspec/schema.rb +213 -213
  332. data/lib/inspec/secrets.rb +19 -19
  333. data/lib/inspec/secrets/yaml.rb +30 -30
  334. data/lib/inspec/shell.rb +220 -220
  335. data/lib/inspec/shell_detector.rb +90 -90
  336. data/lib/inspec/source_reader.rb +29 -29
  337. data/lib/inspec/version.rb +8 -8
  338. data/lib/matchers/matchers.rb +339 -339
  339. data/lib/resource_support/aws.rb +50 -50
  340. data/lib/resource_support/aws/aws_backend_base.rb +12 -12
  341. data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
  342. data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
  343. data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
  344. data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
  345. data/lib/resources/aide_conf.rb +151 -151
  346. data/lib/resources/apache.rb +48 -48
  347. data/lib/resources/apache_conf.rb +149 -149
  348. data/lib/resources/apt.rb +149 -149
  349. data/lib/resources/audit_policy.rb +63 -63
  350. data/lib/resources/auditd.rb +231 -231
  351. data/lib/resources/auditd_conf.rb +46 -46
  352. data/lib/resources/aws/aws_cloudtrail_trail.rb +93 -93
  353. data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
  354. data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
  355. data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
  356. data/lib/resources/aws/aws_config_delivery_channel.rb +70 -70
  357. data/lib/resources/aws/aws_config_recorder.rb +93 -93
  358. data/lib/resources/aws/aws_ec2_instance.rb +157 -157
  359. data/lib/resources/aws/aws_ec2_instances.rb +64 -64
  360. data/lib/resources/aws/aws_iam_access_key.rb +106 -106
  361. data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
  362. data/lib/resources/aws/aws_iam_group.rb +58 -58
  363. data/lib/resources/aws/aws_iam_groups.rb +52 -52
  364. data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
  365. data/lib/resources/aws/aws_iam_policies.rb +53 -53
  366. data/lib/resources/aws/aws_iam_policy.rb +291 -291
  367. data/lib/resources/aws/aws_iam_role.rb +55 -55
  368. data/lib/resources/aws/aws_iam_root_user.rb +78 -78
  369. data/lib/resources/aws/aws_iam_user.rb +142 -142
  370. data/lib/resources/aws/aws_iam_users.rb +146 -146
  371. data/lib/resources/aws/aws_kms_key.rb +96 -96
  372. data/lib/resources/aws/aws_kms_keys.rb +53 -53
  373. data/lib/resources/aws/aws_rds_instance.rb +71 -71
  374. data/lib/resources/aws/aws_route_table.rb +63 -63
  375. data/lib/resources/aws/aws_route_tables.rb +60 -60
  376. data/lib/resources/aws/aws_s3_bucket.rb +137 -137
  377. data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
  378. data/lib/resources/aws/aws_s3_buckets.rb +51 -51
  379. data/lib/resources/aws/aws_security_group.rb +249 -249
  380. data/lib/resources/aws/aws_security_groups.rb +68 -68
  381. data/lib/resources/aws/aws_sns_subscription.rb +78 -78
  382. data/lib/resources/aws/aws_sns_topic.rb +53 -53
  383. data/lib/resources/aws/aws_sns_topics.rb +56 -56
  384. data/lib/resources/aws/aws_subnet.rb +88 -88
  385. data/lib/resources/aws/aws_subnets.rb +53 -53
  386. data/lib/resources/aws/aws_vpc.rb +73 -73
  387. data/lib/resources/aws/aws_vpcs.rb +52 -52
  388. data/lib/resources/azure/azure_backend.rb +377 -377
  389. data/lib/resources/azure/azure_generic_resource.rb +59 -59
  390. data/lib/resources/azure/azure_resource_group.rb +152 -152
  391. data/lib/resources/azure/azure_virtual_machine.rb +264 -264
  392. data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
  393. data/lib/resources/bash.rb +35 -35
  394. data/lib/resources/bond.rb +69 -69
  395. data/lib/resources/bridge.rb +122 -122
  396. data/lib/resources/chocolatey_package.rb +78 -78
  397. data/lib/resources/command.rb +73 -73
  398. data/lib/resources/cpan.rb +58 -58
  399. data/lib/resources/cran.rb +64 -64
  400. data/lib/resources/crontab.rb +169 -169
  401. data/lib/resources/csv.rb +56 -56
  402. data/lib/resources/dh_params.rb +77 -77
  403. data/lib/resources/directory.rb +25 -25
  404. data/lib/resources/docker.rb +236 -236
  405. data/lib/resources/docker_container.rb +89 -89
  406. data/lib/resources/docker_image.rb +83 -83
  407. data/lib/resources/docker_object.rb +57 -57
  408. data/lib/resources/docker_service.rb +90 -90
  409. data/lib/resources/elasticsearch.rb +169 -169
  410. data/lib/resources/etc_fstab.rb +94 -94
  411. data/lib/resources/etc_group.rb +154 -154
  412. data/lib/resources/etc_hosts.rb +66 -66
  413. data/lib/resources/etc_hosts_allow_deny.rb +112 -112
  414. data/lib/resources/file.rb +298 -298
  415. data/lib/resources/filesystem.rb +31 -31
  416. data/lib/resources/firewalld.rb +143 -143
  417. data/lib/resources/gem.rb +70 -70
  418. data/lib/resources/groups.rb +215 -215
  419. data/lib/resources/grub_conf.rb +227 -227
  420. data/lib/resources/host.rb +306 -306
  421. data/lib/resources/http.rb +253 -253
  422. data/lib/resources/iis_app.rb +101 -101
  423. data/lib/resources/iis_site.rb +148 -148
  424. data/lib/resources/inetd_conf.rb +54 -54
  425. data/lib/resources/ini.rb +29 -29
  426. data/lib/resources/interface.rb +129 -129
  427. data/lib/resources/iptables.rb +80 -80
  428. data/lib/resources/json.rb +111 -111
  429. data/lib/resources/kernel_module.rb +107 -107
  430. data/lib/resources/kernel_parameter.rb +58 -58
  431. data/lib/resources/key_rsa.rb +63 -63
  432. data/lib/resources/limits_conf.rb +46 -46
  433. data/lib/resources/login_def.rb +57 -57
  434. data/lib/resources/mount.rb +88 -88
  435. data/lib/resources/mssql_session.rb +101 -101
  436. data/lib/resources/mysql.rb +82 -82
  437. data/lib/resources/mysql_conf.rb +127 -127
  438. data/lib/resources/mysql_session.rb +85 -85
  439. data/lib/resources/nginx.rb +96 -96
  440. data/lib/resources/nginx_conf.rb +226 -226
  441. data/lib/resources/npm.rb +48 -48
  442. data/lib/resources/ntp_conf.rb +51 -51
  443. data/lib/resources/oneget.rb +71 -71
  444. data/lib/resources/oracledb_session.rb +139 -139
  445. data/lib/resources/os.rb +36 -36
  446. data/lib/resources/os_env.rb +86 -86
  447. data/lib/resources/package.rb +370 -370
  448. data/lib/resources/packages.rb +111 -111
  449. data/lib/resources/parse_config.rb +112 -112
  450. data/lib/resources/passwd.rb +76 -76
  451. data/lib/resources/pip.rb +130 -130
  452. data/lib/resources/platform.rb +109 -109
  453. data/lib/resources/port.rb +771 -771
  454. data/lib/resources/postgres.rb +131 -131
  455. data/lib/resources/postgres_conf.rb +114 -114
  456. data/lib/resources/postgres_hba_conf.rb +90 -90
  457. data/lib/resources/postgres_ident_conf.rb +79 -79
  458. data/lib/resources/postgres_session.rb +71 -71
  459. data/lib/resources/powershell.rb +67 -67
  460. data/lib/resources/processes.rb +204 -204
  461. data/lib/resources/rabbitmq_conf.rb +51 -51
  462. data/lib/resources/registry_key.rb +297 -297
  463. data/lib/resources/security_policy.rb +180 -180
  464. data/lib/resources/service.rb +794 -794
  465. data/lib/resources/shadow.rb +159 -159
  466. data/lib/resources/ssh_conf.rb +97 -97
  467. data/lib/resources/ssl.rb +99 -99
  468. data/lib/resources/sys_info.rb +28 -28
  469. data/lib/resources/toml.rb +32 -32
  470. data/lib/resources/users.rb +654 -654
  471. data/lib/resources/vbscript.rb +68 -68
  472. data/lib/resources/virtualization.rb +247 -247
  473. data/lib/resources/windows_feature.rb +84 -84
  474. data/lib/resources/windows_hotfix.rb +35 -35
  475. data/lib/resources/windows_task.rb +102 -102
  476. data/lib/resources/wmi.rb +110 -110
  477. data/lib/resources/x509_certificate.rb +137 -137
  478. data/lib/resources/xinetd.rb +106 -106
  479. data/lib/resources/xml.rb +46 -46
  480. data/lib/resources/yaml.rb +43 -43
  481. data/lib/resources/yum.rb +180 -180
  482. data/lib/resources/zfs_dataset.rb +60 -60
  483. data/lib/resources/zfs_pool.rb +49 -49
  484. data/lib/source_readers/flat.rb +39 -39
  485. data/lib/source_readers/inspec.rb +75 -75
  486. data/lib/utils/command_wrapper.rb +27 -27
  487. data/lib/utils/convert.rb +12 -12
  488. data/lib/utils/database_helpers.rb +77 -77
  489. data/lib/utils/enumerable_delegation.rb +9 -9
  490. data/lib/utils/erlang_parser.rb +192 -192
  491. data/lib/utils/file_reader.rb +25 -25
  492. data/lib/utils/filter.rb +273 -273
  493. data/lib/utils/filter_array.rb +27 -27
  494. data/lib/utils/find_files.rb +47 -47
  495. data/lib/utils/hash.rb +41 -41
  496. data/lib/utils/json_log.rb +18 -18
  497. data/lib/utils/latest_version.rb +22 -22
  498. data/lib/utils/modulator.rb +12 -12
  499. data/lib/utils/nginx_parser.rb +105 -105
  500. data/lib/utils/object_traversal.rb +49 -49
  501. data/lib/utils/parser.rb +274 -274
  502. data/lib/utils/pkey_reader.rb +15 -15
  503. data/lib/utils/plugin_registry.rb +93 -93
  504. data/lib/utils/simpleconfig.rb +120 -120
  505. data/lib/utils/spdx.rb +13 -13
  506. data/lib/utils/spdx.txt +343 -343
  507. metadata +3 -3
@@ -1,63 +1,63 @@
1
- # encoding: utf-8
2
- # copyright: 2015, Vulcano Security GmbH
3
-
4
- # Advanced Auditing:
5
- # As soon as you start applying Advanced Audit Configuration Policy, legacy policies will be completely ignored.
6
- # reference: https://technet.microsoft.com/en-us/library/cc753632.aspx
7
- # use:
8
- # - list all categories: Auditpol /list /subcategory:* /r
9
- # - list parameters: Auditpol /get /category:"System" /subcategory:"IPsec Driver"
10
- # - list specific parameter: Auditpol /get /subcategory:"IPsec Driver"
11
- #
12
- # @link: http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx
13
- #
14
- # Valid values are:
15
- #
16
- # - "No Auditing"
17
- # - "Not Specified"
18
- # - "Success"
19
- # - "Success and Failure"
20
- # - "Failure"
21
- #
22
- # Further information is available at: https://msdn.microsoft.com/en-us/library/dd973859.aspx
23
-
24
- module Inspec::Resources
25
- class AuditPolicy < Inspec.resource(1)
26
- name 'audit_policy'
27
- supports platform: 'windows'
28
- desc 'Use the audit_policy InSpec audit resource to test auditing policies on the Microsoft Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to No Auditing, Not Specified, Success, Success and Failure, or Failure.'
29
- example "
30
- describe audit_policy do
31
- its('parameter') { should eq 'value' }
32
- end
33
- "
34
-
35
- def method_missing(method)
36
- key = method.to_s
37
-
38
- # expected result:
39
- # Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
40
- # WIN-MB8NINQ388J,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,
41
- result ||= inspec.command("Auditpol /get /subcategory:'#{key}' /r").stdout
42
-
43
- # find line
44
- target = nil
45
- result.each_line do |s|
46
- target = s.strip if s =~ /\b.*#{key}.*\b/
47
- end
48
-
49
- # extract value
50
- values = nil
51
- unless target.nil?
52
- # split csv values and return value
53
- values = target.split(',')[4]
54
- end
55
-
56
- values
57
- end
58
-
59
- def to_s
60
- 'Audit Policy'
61
- end
62
- end
63
- end
1
+ # encoding: utf-8
2
+ # copyright: 2015, Vulcano Security GmbH
3
+
4
+ # Advanced Auditing:
5
+ # As soon as you start applying Advanced Audit Configuration Policy, legacy policies will be completely ignored.
6
+ # reference: https://technet.microsoft.com/en-us/library/cc753632.aspx
7
+ # use:
8
+ # - list all categories: Auditpol /list /subcategory:* /r
9
+ # - list parameters: Auditpol /get /category:"System" /subcategory:"IPsec Driver"
10
+ # - list specific parameter: Auditpol /get /subcategory:"IPsec Driver"
11
+ #
12
+ # @link: http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx
13
+ #
14
+ # Valid values are:
15
+ #
16
+ # - "No Auditing"
17
+ # - "Not Specified"
18
+ # - "Success"
19
+ # - "Success and Failure"
20
+ # - "Failure"
21
+ #
22
+ # Further information is available at: https://msdn.microsoft.com/en-us/library/dd973859.aspx
23
+
24
+ module Inspec::Resources
25
+ class AuditPolicy < Inspec.resource(1)
26
+ name 'audit_policy'
27
+ supports platform: 'windows'
28
+ desc 'Use the audit_policy InSpec audit resource to test auditing policies on the Microsoft Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to No Auditing, Not Specified, Success, Success and Failure, or Failure.'
29
+ example "
30
+ describe audit_policy do
31
+ its('parameter') { should eq 'value' }
32
+ end
33
+ "
34
+
35
+ def method_missing(method)
36
+ key = method.to_s
37
+
38
+ # expected result:
39
+ # Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
40
+ # WIN-MB8NINQ388J,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,
41
+ result ||= inspec.command("Auditpol /get /subcategory:'#{key}' /r").stdout
42
+
43
+ # find line
44
+ target = nil
45
+ result.each_line do |s|
46
+ target = s.strip if s =~ /\b.*#{key}.*\b/
47
+ end
48
+
49
+ # extract value
50
+ values = nil
51
+ unless target.nil?
52
+ # split csv values and return value
53
+ values = target.split(',')[4]
54
+ end
55
+
56
+ values
57
+ end
58
+
59
+ def to_s
60
+ 'Audit Policy'
61
+ end
62
+ end
63
+ end
@@ -1,231 +1,231 @@
1
- # encoding: utf-8
2
-
3
- require 'forwardable'
4
- require 'utils/filter_array'
5
- require 'utils/filter'
6
- require 'utils/parser'
7
-
8
- module Inspec::Resources
9
- class AuditDaemon < Inspec.resource(1)
10
- extend Forwardable
11
- attr_accessor :lines
12
- attr_reader :params
13
-
14
- name 'auditd'
15
- supports platform: 'unix'
16
- desc 'Use the auditd InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command.'
17
- example "
18
- describe auditd.syscall('chown').where {arch == 'b32'} do
19
- its('action') { should eq ['always'] }
20
- its('list') { should eq ['exit'] }
21
- end
22
-
23
- describe auditd.where {key == 'privileged'} do
24
- its('permissions') { should include ['x'] }
25
- end
26
-
27
- describe auditd do
28
- its('lines') { should include %r(-w /etc/ssh/sshd_config) }
29
- end
30
- "
31
-
32
- def initialize
33
- @content = inspec.command('/sbin/auditctl -l').stdout.chomp
34
- @params = []
35
-
36
- if @content =~ /^LIST_RULES:/
37
- return skip_resource 'The version of audit is outdated. The `auditd` resource supports versions of audit >= 2.3.'
38
- end
39
- parse_content
40
- end
41
-
42
- filter = FilterTable.create
43
- filter.add_accessor(:where)
44
- .add_accessor(:entries)
45
- .add(:file, field: 'file')
46
- .add(:list, field: 'list')
47
- .add(:action, field: 'action')
48
- .add(:fields, field: 'fields')
49
- .add(:fields_nokey, field: 'fields_nokey')
50
- .add(:syscall, field: 'syscall')
51
- .add(:key, field: 'key')
52
- .add(:arch, field: 'arch')
53
- .add(:path, field: 'path')
54
- .add(:permissions, field: 'permissions')
55
- .add(:exit, field: 'exit')
56
-
57
- filter.connect(self, :params)
58
-
59
- def status(name = nil)
60
- @status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp
61
- @status_params ||= Hash[@status_content.scan(/^([^ ]+) (.*)$/)]
62
-
63
- return @status_params[name] if name
64
- @status_params
65
- end
66
-
67
- def parse_content
68
- @lines = @content.lines.map(&:chomp)
69
-
70
- lines.each do |line|
71
- if is_file_syscall_syntax?(line)
72
- file_syscall_syntax_rules_for(line)
73
- end
74
-
75
- if is_syscall?(line)
76
- syscall_rules_for(line)
77
-
78
- elsif is_file?(line)
79
- file_rules_for(line)
80
- end
81
- end
82
- end
83
-
84
- def file_syscall_syntax_rules_for(line)
85
- file = file_syscall_syntax_for(line)
86
- action, list = action_list_for(line)
87
- fields = rule_fields_for(line)
88
- key_field, fields_nokey = remove_key_from(fields)
89
- key = key_in(key_field.join(''))
90
- perms = perms_in(fields)
91
-
92
- @params.push(
93
- {
94
- 'file' => file,
95
- 'list' => list,
96
- 'action' => action,
97
- 'fields' => fields,
98
- 'permissions' => perms,
99
- 'key' => key,
100
- 'fields_nokey' => fields_nokey,
101
- },
102
- )
103
- end
104
-
105
- def syscall_rules_for(line)
106
- syscalls = syscalls_for(line)
107
- action, list = action_list_for(line)
108
- fields = rule_fields_for(line)
109
- key_field, fields_nokey = remove_key_from(fields)
110
- key = key_in(key_field.join(''))
111
- arch = arch_in(fields)
112
- path = path_in(fields)
113
- perms = perms_in(fields)
114
- exit_field = exit_in(fields)
115
-
116
- syscalls.each do |s|
117
- @params.push(
118
- {
119
- 'syscall' => s,
120
- 'list' => list,
121
- 'action' => action,
122
- 'fields' => fields,
123
- 'key' => key,
124
- 'arch' => arch,
125
- 'path' => path,
126
- 'permissions' => perms,
127
- 'exit' => exit_field,
128
- 'fields_nokey' => fields_nokey,
129
- },
130
- )
131
- end
132
- end
133
-
134
- def file_rules_for(line)
135
- file = file_for(line)
136
- perms = permissions_for(line)
137
- key = key_for(line)
138
-
139
- @params.push(
140
- {
141
- 'file' => file,
142
- 'key' => key,
143
- 'permissions' => perms,
144
- },
145
- )
146
- end
147
-
148
- def to_s
149
- 'Auditd Rules'
150
- end
151
-
152
- private
153
-
154
- def is_syscall?(line)
155
- line.match(/-S /)
156
- end
157
-
158
- def is_file?(line)
159
- line.match(/-w /)
160
- end
161
-
162
- def is_file_syscall_syntax?(line)
163
- line.match(/-F path=/)
164
- end
165
-
166
- def syscalls_for(line)
167
- line.scan(/-S ([^ ]+)\s?/).flatten.first.split(',')
168
- end
169
-
170
- def action_list_for(line)
171
- line.scan(/-a ([^,]+),([^ ]+)\s?/).flatten
172
- end
173
-
174
- def key_for(line)
175
- line.match(/-k ([^ ]+)\s?/)[1] if line.include?('-k ')
176
- end
177
-
178
- def file_for(line)
179
- line.match(/-w ([^ ]+)\s?/)[1]
180
- end
181
-
182
- def file_syscall_syntax_for(line)
183
- line.match(/-F path=(\S+)\s?/)[1]
184
- end
185
-
186
- def permissions_for(line)
187
- line.match(/-p ([^ ]+)/)[1].scan(/\w/)
188
- end
189
-
190
- def rule_fields_for(line)
191
- line.gsub(/-[aS] [^ ]+ /, '').split('-F ').map { |l| l.split(' ') }.flatten
192
- end
193
-
194
- def arch_in(fields)
195
- fields.each do |field|
196
- return field.match(/arch=(\S+)\s?/)[1] if field.start_with?('arch=')
197
- end
198
- nil
199
- end
200
-
201
- def perms_in(fields)
202
- fields.each do |field|
203
- return field.match(/perm=(\S+)\s?/)[1].scan(/\w/) if field.start_with?('perm=')
204
- end
205
- nil
206
- end
207
-
208
- def path_in(fields)
209
- fields.each do |field|
210
- return field.match(/path=(\S+)\s?/)[1] if field.start_with?('path=')
211
- end
212
- nil
213
- end
214
-
215
- def exit_in(fields)
216
- fields.each do |field|
217
- return field.match(/exit=(\S+)\s?/)[1] if field.start_with?('exit=')
218
- end
219
- nil
220
- end
221
-
222
- def key_in(field)
223
- _, v = field.split('=')
224
- v
225
- end
226
-
227
- def remove_key_from(fields)
228
- fields.partition { |x| x.start_with? 'key' }
229
- end
230
- end
231
- end
1
+ # encoding: utf-8
2
+
3
+ require 'forwardable'
4
+ require 'utils/filter_array'
5
+ require 'utils/filter'
6
+ require 'utils/parser'
7
+
8
+ module Inspec::Resources
9
+ class AuditDaemon < Inspec.resource(1)
10
+ extend Forwardable
11
+ attr_accessor :lines
12
+ attr_reader :params
13
+
14
+ name 'auditd'
15
+ supports platform: 'unix'
16
+ desc 'Use the auditd InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command.'
17
+ example "
18
+ describe auditd.syscall('chown').where {arch == 'b32'} do
19
+ its('action') { should eq ['always'] }
20
+ its('list') { should eq ['exit'] }
21
+ end
22
+
23
+ describe auditd.where {key == 'privileged'} do
24
+ its('permissions') { should include ['x'] }
25
+ end
26
+
27
+ describe auditd do
28
+ its('lines') { should include %r(-w /etc/ssh/sshd_config) }
29
+ end
30
+ "
31
+
32
+ def initialize
33
+ @content = inspec.command('/sbin/auditctl -l').stdout.chomp
34
+ @params = []
35
+
36
+ if @content =~ /^LIST_RULES:/
37
+ return skip_resource 'The version of audit is outdated. The `auditd` resource supports versions of audit >= 2.3.'
38
+ end
39
+ parse_content
40
+ end
41
+
42
+ filter = FilterTable.create
43
+ filter.add_accessor(:where)
44
+ .add_accessor(:entries)
45
+ .add(:file, field: 'file')
46
+ .add(:list, field: 'list')
47
+ .add(:action, field: 'action')
48
+ .add(:fields, field: 'fields')
49
+ .add(:fields_nokey, field: 'fields_nokey')
50
+ .add(:syscall, field: 'syscall')
51
+ .add(:key, field: 'key')
52
+ .add(:arch, field: 'arch')
53
+ .add(:path, field: 'path')
54
+ .add(:permissions, field: 'permissions')
55
+ .add(:exit, field: 'exit')
56
+
57
+ filter.connect(self, :params)
58
+
59
+ def status(name = nil)
60
+ @status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp
61
+ @status_params ||= Hash[@status_content.scan(/^([^ ]+) (.*)$/)]
62
+
63
+ return @status_params[name] if name
64
+ @status_params
65
+ end
66
+
67
+ def parse_content
68
+ @lines = @content.lines.map(&:chomp)
69
+
70
+ lines.each do |line|
71
+ if is_file_syscall_syntax?(line)
72
+ file_syscall_syntax_rules_for(line)
73
+ end
74
+
75
+ if is_syscall?(line)
76
+ syscall_rules_for(line)
77
+
78
+ elsif is_file?(line)
79
+ file_rules_for(line)
80
+ end
81
+ end
82
+ end
83
+
84
+ def file_syscall_syntax_rules_for(line)
85
+ file = file_syscall_syntax_for(line)
86
+ action, list = action_list_for(line)
87
+ fields = rule_fields_for(line)
88
+ key_field, fields_nokey = remove_key_from(fields)
89
+ key = key_in(key_field.join(''))
90
+ perms = perms_in(fields)
91
+
92
+ @params.push(
93
+ {
94
+ 'file' => file,
95
+ 'list' => list,
96
+ 'action' => action,
97
+ 'fields' => fields,
98
+ 'permissions' => perms,
99
+ 'key' => key,
100
+ 'fields_nokey' => fields_nokey,
101
+ },
102
+ )
103
+ end
104
+
105
+ def syscall_rules_for(line)
106
+ syscalls = syscalls_for(line)
107
+ action, list = action_list_for(line)
108
+ fields = rule_fields_for(line)
109
+ key_field, fields_nokey = remove_key_from(fields)
110
+ key = key_in(key_field.join(''))
111
+ arch = arch_in(fields)
112
+ path = path_in(fields)
113
+ perms = perms_in(fields)
114
+ exit_field = exit_in(fields)
115
+
116
+ syscalls.each do |s|
117
+ @params.push(
118
+ {
119
+ 'syscall' => s,
120
+ 'list' => list,
121
+ 'action' => action,
122
+ 'fields' => fields,
123
+ 'key' => key,
124
+ 'arch' => arch,
125
+ 'path' => path,
126
+ 'permissions' => perms,
127
+ 'exit' => exit_field,
128
+ 'fields_nokey' => fields_nokey,
129
+ },
130
+ )
131
+ end
132
+ end
133
+
134
+ def file_rules_for(line)
135
+ file = file_for(line)
136
+ perms = permissions_for(line)
137
+ key = key_for(line)
138
+
139
+ @params.push(
140
+ {
141
+ 'file' => file,
142
+ 'key' => key,
143
+ 'permissions' => perms,
144
+ },
145
+ )
146
+ end
147
+
148
+ def to_s
149
+ 'Auditd Rules'
150
+ end
151
+
152
+ private
153
+
154
+ def is_syscall?(line)
155
+ line.match(/-S /)
156
+ end
157
+
158
+ def is_file?(line)
159
+ line.match(/-w /)
160
+ end
161
+
162
+ def is_file_syscall_syntax?(line)
163
+ line.match(/-F path=/)
164
+ end
165
+
166
+ def syscalls_for(line)
167
+ line.scan(/-S ([^ ]+)\s?/).flatten.first.split(',')
168
+ end
169
+
170
+ def action_list_for(line)
171
+ line.scan(/-a ([^,]+),([^ ]+)\s?/).flatten
172
+ end
173
+
174
+ def key_for(line)
175
+ line.match(/-k ([^ ]+)\s?/)[1] if line.include?('-k ')
176
+ end
177
+
178
+ def file_for(line)
179
+ line.match(/-w ([^ ]+)\s?/)[1]
180
+ end
181
+
182
+ def file_syscall_syntax_for(line)
183
+ line.match(/-F path=(\S+)\s?/)[1]
184
+ end
185
+
186
+ def permissions_for(line)
187
+ line.match(/-p ([^ ]+)/)[1].scan(/\w/)
188
+ end
189
+
190
+ def rule_fields_for(line)
191
+ line.gsub(/-[aS] [^ ]+ /, '').split('-F ').map { |l| l.split(' ') }.flatten
192
+ end
193
+
194
+ def arch_in(fields)
195
+ fields.each do |field|
196
+ return field.match(/arch=(\S+)\s?/)[1] if field.start_with?('arch=')
197
+ end
198
+ nil
199
+ end
200
+
201
+ def perms_in(fields)
202
+ fields.each do |field|
203
+ return field.match(/perm=(\S+)\s?/)[1].scan(/\w/) if field.start_with?('perm=')
204
+ end
205
+ nil
206
+ end
207
+
208
+ def path_in(fields)
209
+ fields.each do |field|
210
+ return field.match(/path=(\S+)\s?/)[1] if field.start_with?('path=')
211
+ end
212
+ nil
213
+ end
214
+
215
+ def exit_in(fields)
216
+ fields.each do |field|
217
+ return field.match(/exit=(\S+)\s?/)[1] if field.start_with?('exit=')
218
+ end
219
+ nil
220
+ end
221
+
222
+ def key_in(field)
223
+ _, v = field.split('=')
224
+ v
225
+ end
226
+
227
+ def remove_key_from(fields)
228
+ fields.partition { |x| x.start_with? 'key' }
229
+ end
230
+ end
231
+ end