inspec 2.1.81 → 2.1.83
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +3183 -3177
- data/Gemfile +56 -56
- data/LICENSE +14 -14
- data/MAINTAINERS.md +33 -33
- data/MAINTAINERS.toml +52 -52
- data/README.md +453 -453
- data/Rakefile +349 -349
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +41 -40
- data/docs/dev/control-eval.md +61 -61
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +100 -100
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +114 -114
- data/docs/matchers.md +169 -169
- data/docs/migration.md +293 -293
- data/docs/platforms.md +118 -118
- data/docs/plugin_kitchen_inspec.md +50 -50
- data/docs/profiles.md +378 -378
- data/docs/reporters.md +105 -105
- data/docs/resources/aide_conf.md.erb +75 -75
- data/docs/resources/apache.md.erb +67 -67
- data/docs/resources/apache_conf.md.erb +68 -68
- data/docs/resources/apt.md.erb +71 -71
- data/docs/resources/audit_policy.md.erb +47 -47
- data/docs/resources/auditd.md.erb +79 -79
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/aws_cloudtrail_trail.md.erb +155 -155
- data/docs/resources/aws_cloudtrail_trails.md.erb +86 -86
- data/docs/resources/aws_cloudwatch_alarm.md.erb +91 -91
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +154 -154
- data/docs/resources/aws_config_delivery_channel.md.erb +101 -101
- data/docs/resources/aws_config_recorder.md.erb +86 -86
- data/docs/resources/aws_ec2_instance.md.erb +112 -112
- data/docs/resources/aws_ec2_instances.md.erb +79 -79
- data/docs/resources/aws_iam_access_key.md.erb +129 -129
- data/docs/resources/aws_iam_access_keys.md.erb +204 -204
- data/docs/resources/aws_iam_group.md.erb +64 -64
- data/docs/resources/aws_iam_groups.md.erb +49 -49
- data/docs/resources/aws_iam_password_policy.md.erb +82 -82
- data/docs/resources/aws_iam_policies.md.erb +87 -87
- data/docs/resources/aws_iam_policy.md.erb +245 -245
- data/docs/resources/aws_iam_role.md.erb +69 -69
- data/docs/resources/aws_iam_root_user.md.erb +76 -76
- data/docs/resources/aws_iam_user.md.erb +120 -120
- data/docs/resources/aws_iam_users.md.erb +279 -279
- data/docs/resources/aws_kms_key.md.erb +177 -177
- data/docs/resources/aws_kms_keys.md.erb +89 -89
- data/docs/resources/aws_rds_instance.md.erb +66 -66
- data/docs/resources/aws_route_table.md.erb +53 -53
- data/docs/resources/aws_route_tables.md.erb +55 -55
- data/docs/resources/aws_s3_bucket.md.erb +146 -146
- data/docs/resources/aws_s3_bucket_object.md.erb +89 -89
- data/docs/resources/aws_s3_buckets.md.erb +59 -59
- data/docs/resources/aws_security_group.md.erb +296 -296
- data/docs/resources/aws_security_groups.md.erb +97 -97
- data/docs/resources/aws_sns_subscription.md.erb +130 -130
- data/docs/resources/aws_sns_topic.md.erb +69 -69
- data/docs/resources/aws_sns_topics.md.erb +58 -58
- data/docs/resources/aws_subnet.md.erb +140 -140
- data/docs/resources/aws_subnets.md.erb +132 -132
- data/docs/resources/aws_vpc.md.erb +125 -125
- data/docs/resources/aws_vpcs.md.erb +125 -125
- data/docs/resources/azure_generic_resource.md.erb +171 -171
- data/docs/resources/azure_resource_group.md.erb +284 -284
- data/docs/resources/azure_virtual_machine.md.erb +347 -347
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
- data/docs/resources/bash.md.erb +75 -75
- data/docs/resources/bond.md.erb +90 -90
- data/docs/resources/bridge.md.erb +57 -57
- data/docs/resources/bsd_service.md.erb +67 -67
- data/docs/resources/chocolatey_package.md.erb +58 -58
- data/docs/resources/command.md.erb +138 -138
- data/docs/resources/cpan.md.erb +79 -79
- data/docs/resources/cran.md.erb +64 -64
- data/docs/resources/crontab.md.erb +89 -89
- data/docs/resources/csv.md.erb +54 -54
- data/docs/resources/dh_params.md.erb +205 -205
- data/docs/resources/directory.md.erb +30 -30
- data/docs/resources/docker.md.erb +219 -219
- data/docs/resources/docker_container.md.erb +103 -103
- data/docs/resources/docker_image.md.erb +94 -94
- data/docs/resources/docker_service.md.erb +114 -114
- data/docs/resources/elasticsearch.md.erb +242 -242
- data/docs/resources/etc_fstab.md.erb +125 -125
- data/docs/resources/etc_group.md.erb +75 -75
- data/docs/resources/etc_hosts.md.erb +78 -78
- data/docs/resources/etc_hosts_allow.md.erb +74 -74
- data/docs/resources/etc_hosts_deny.md.erb +74 -74
- data/docs/resources/file.md.erb +526 -526
- data/docs/resources/filesystem.md.erb +41 -41
- data/docs/resources/firewalld.md.erb +107 -107
- data/docs/resources/gem.md.erb +79 -79
- data/docs/resources/group.md.erb +61 -61
- data/docs/resources/grub_conf.md.erb +101 -101
- data/docs/resources/host.md.erb +86 -86
- data/docs/resources/http.md.erb +197 -197
- data/docs/resources/iis_app.md.erb +122 -122
- data/docs/resources/iis_site.md.erb +135 -135
- data/docs/resources/inetd_conf.md.erb +94 -94
- data/docs/resources/ini.md.erb +76 -76
- data/docs/resources/interface.md.erb +58 -58
- data/docs/resources/iptables.md.erb +64 -64
- data/docs/resources/json.md.erb +63 -63
- data/docs/resources/kernel_module.md.erb +120 -120
- data/docs/resources/kernel_parameter.md.erb +53 -53
- data/docs/resources/key_rsa.md.erb +85 -85
- data/docs/resources/launchd_service.md.erb +57 -57
- data/docs/resources/limits_conf.md.erb +75 -75
- data/docs/resources/login_defs.md.erb +71 -71
- data/docs/resources/mount.md.erb +69 -69
- data/docs/resources/mssql_session.md.erb +60 -60
- data/docs/resources/mysql_conf.md.erb +99 -99
- data/docs/resources/mysql_session.md.erb +74 -74
- data/docs/resources/nginx.md.erb +79 -79
- data/docs/resources/nginx_conf.md.erb +138 -138
- data/docs/resources/npm.md.erb +60 -60
- data/docs/resources/ntp_conf.md.erb +60 -60
- data/docs/resources/oneget.md.erb +53 -53
- data/docs/resources/oracledb_session.md.erb +52 -52
- data/docs/resources/os.md.erb +141 -141
- data/docs/resources/os_env.md.erb +91 -91
- data/docs/resources/package.md.erb +120 -120
- data/docs/resources/packages.md.erb +67 -67
- data/docs/resources/parse_config.md.erb +103 -103
- data/docs/resources/parse_config_file.md.erb +138 -138
- data/docs/resources/passwd.md.erb +141 -141
- data/docs/resources/pip.md.erb +67 -67
- data/docs/resources/port.md.erb +137 -137
- data/docs/resources/postgres_conf.md.erb +79 -79
- data/docs/resources/postgres_hba_conf.md.erb +93 -93
- data/docs/resources/postgres_ident_conf.md.erb +76 -76
- data/docs/resources/postgres_session.md.erb +69 -69
- data/docs/resources/powershell.md.erb +102 -102
- data/docs/resources/processes.md.erb +109 -109
- data/docs/resources/rabbitmq_config.md.erb +41 -41
- data/docs/resources/registry_key.md.erb +158 -158
- data/docs/resources/runit_service.md.erb +57 -57
- data/docs/resources/security_policy.md.erb +47 -47
- data/docs/resources/service.md.erb +121 -121
- data/docs/resources/shadow.md.erb +146 -146
- data/docs/resources/ssh_config.md.erb +73 -73
- data/docs/resources/sshd_config.md.erb +83 -83
- data/docs/resources/ssl.md.erb +119 -119
- data/docs/resources/sys_info.md.erb +42 -42
- data/docs/resources/systemd_service.md.erb +57 -57
- data/docs/resources/sysv_service.md.erb +57 -57
- data/docs/resources/upstart_service.md.erb +57 -57
- data/docs/resources/user.md.erb +140 -140
- data/docs/resources/users.md.erb +127 -127
- data/docs/resources/vbscript.md.erb +55 -55
- data/docs/resources/virtualization.md.erb +57 -57
- data/docs/resources/windows_feature.md.erb +47 -47
- data/docs/resources/windows_hotfix.md.erb +53 -53
- data/docs/resources/windows_task.md.erb +95 -95
- data/docs/resources/wmi.md.erb +81 -81
- data/docs/resources/x509_certificate.md.erb +151 -151
- data/docs/resources/xinetd_conf.md.erb +156 -156
- data/docs/resources/xml.md.erb +85 -85
- data/docs/resources/yaml.md.erb +69 -69
- data/docs/resources/yum.md.erb +98 -98
- data/docs/resources/zfs_dataset.md.erb +53 -53
- data/docs/resources/zfs_pool.md.erb +47 -47
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +217 -217
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +23 -23
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
- data/examples/profile-aws/inspec.yml +11 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
- data/examples/profile-azure/inspec.yml +11 -11
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +59 -59
- data/inspec.gemspec +49 -49
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +193 -193
- data/lib/bundles/inspec-compliance/api.rb +360 -360
- data/lib/bundles/inspec-compliance/api/login.rb +193 -193
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +260 -260
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +125 -125
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +112 -112
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +391 -391
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +73 -73
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +247 -247
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +93 -93
- data/lib/inspec/base_cli.rb +368 -368
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +292 -292
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +14 -14
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +259 -259
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +247 -247
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +75 -75
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +135 -135
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +513 -513
- data/lib/inspec/profile_context.rb +208 -208
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +60 -60
- data/lib/inspec/reporters/automate.rb +76 -76
- data/lib/inspec/reporters/base.rb +25 -25
- data/lib/inspec/reporters/cli.rb +356 -356
- data/lib/inspec/reporters/json.rb +117 -117
- data/lib/inspec/reporters/json_min.rb +48 -48
- data/lib/inspec/reporters/junit.rb +78 -78
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +190 -190
- data/lib/inspec/rule.rb +280 -280
- data/lib/inspec/runner.rb +345 -345
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +175 -175
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +213 -213
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +220 -220
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +339 -339
- data/lib/resource_support/aws.rb +50 -50
- data/lib/resource_support/aws/aws_backend_base.rb +12 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
- data/lib/resources/aide_conf.rb +151 -151
- data/lib/resources/apache.rb +48 -48
- data/lib/resources/apache_conf.rb +149 -149
- data/lib/resources/apt.rb +149 -149
- data/lib/resources/audit_policy.rb +63 -63
- data/lib/resources/auditd.rb +231 -231
- data/lib/resources/auditd_conf.rb +46 -46
- data/lib/resources/aws/aws_cloudtrail_trail.rb +93 -93
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
- data/lib/resources/aws/aws_config_delivery_channel.rb +70 -70
- data/lib/resources/aws/aws_config_recorder.rb +93 -93
- data/lib/resources/aws/aws_ec2_instance.rb +157 -157
- data/lib/resources/aws/aws_ec2_instances.rb +64 -64
- data/lib/resources/aws/aws_iam_access_key.rb +106 -106
- data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
- data/lib/resources/aws/aws_iam_group.rb +58 -58
- data/lib/resources/aws/aws_iam_groups.rb +52 -52
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
- data/lib/resources/aws/aws_iam_policies.rb +53 -53
- data/lib/resources/aws/aws_iam_policy.rb +291 -291
- data/lib/resources/aws/aws_iam_role.rb +55 -55
- data/lib/resources/aws/aws_iam_root_user.rb +78 -78
- data/lib/resources/aws/aws_iam_user.rb +142 -142
- data/lib/resources/aws/aws_iam_users.rb +146 -146
- data/lib/resources/aws/aws_kms_key.rb +96 -96
- data/lib/resources/aws/aws_kms_keys.rb +53 -53
- data/lib/resources/aws/aws_rds_instance.rb +71 -71
- data/lib/resources/aws/aws_route_table.rb +63 -63
- data/lib/resources/aws/aws_route_tables.rb +60 -60
- data/lib/resources/aws/aws_s3_bucket.rb +137 -137
- data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
- data/lib/resources/aws/aws_s3_buckets.rb +51 -51
- data/lib/resources/aws/aws_security_group.rb +249 -249
- data/lib/resources/aws/aws_security_groups.rb +68 -68
- data/lib/resources/aws/aws_sns_subscription.rb +78 -78
- data/lib/resources/aws/aws_sns_topic.rb +53 -53
- data/lib/resources/aws/aws_sns_topics.rb +56 -56
- data/lib/resources/aws/aws_subnet.rb +88 -88
- data/lib/resources/aws/aws_subnets.rb +53 -53
- data/lib/resources/aws/aws_vpc.rb +73 -73
- data/lib/resources/aws/aws_vpcs.rb +52 -52
- data/lib/resources/azure/azure_backend.rb +377 -377
- data/lib/resources/azure/azure_generic_resource.rb +59 -59
- data/lib/resources/azure/azure_resource_group.rb +152 -152
- data/lib/resources/azure/azure_virtual_machine.rb +264 -264
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
- data/lib/resources/bash.rb +35 -35
- data/lib/resources/bond.rb +69 -69
- data/lib/resources/bridge.rb +122 -122
- data/lib/resources/chocolatey_package.rb +78 -78
- data/lib/resources/command.rb +73 -73
- data/lib/resources/cpan.rb +58 -58
- data/lib/resources/cran.rb +64 -64
- data/lib/resources/crontab.rb +169 -169
- data/lib/resources/csv.rb +56 -56
- data/lib/resources/dh_params.rb +77 -77
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +236 -236
- data/lib/resources/docker_container.rb +89 -89
- data/lib/resources/docker_image.rb +83 -83
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +90 -90
- data/lib/resources/elasticsearch.rb +169 -169
- data/lib/resources/etc_fstab.rb +94 -94
- data/lib/resources/etc_group.rb +154 -154
- data/lib/resources/etc_hosts.rb +66 -66
- data/lib/resources/etc_hosts_allow_deny.rb +112 -112
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +143 -143
- data/lib/resources/gem.rb +70 -70
- data/lib/resources/groups.rb +215 -215
- data/lib/resources/grub_conf.rb +227 -227
- data/lib/resources/host.rb +306 -306
- data/lib/resources/http.rb +253 -253
- data/lib/resources/iis_app.rb +101 -101
- data/lib/resources/iis_site.rb +148 -148
- data/lib/resources/inetd_conf.rb +54 -54
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +129 -129
- data/lib/resources/iptables.rb +80 -80
- data/lib/resources/json.rb +111 -111
- data/lib/resources/kernel_module.rb +107 -107
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +63 -63
- data/lib/resources/limits_conf.rb +46 -46
- data/lib/resources/login_def.rb +57 -57
- data/lib/resources/mount.rb +88 -88
- data/lib/resources/mssql_session.rb +101 -101
- data/lib/resources/mysql.rb +82 -82
- data/lib/resources/mysql_conf.rb +127 -127
- data/lib/resources/mysql_session.rb +85 -85
- data/lib/resources/nginx.rb +96 -96
- data/lib/resources/nginx_conf.rb +226 -226
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +51 -51
- data/lib/resources/oneget.rb +71 -71
- data/lib/resources/oracledb_session.rb +139 -139
- data/lib/resources/os.rb +36 -36
- data/lib/resources/os_env.rb +86 -86
- data/lib/resources/package.rb +370 -370
- data/lib/resources/packages.rb +111 -111
- data/lib/resources/parse_config.rb +112 -112
- data/lib/resources/passwd.rb +76 -76
- data/lib/resources/pip.rb +130 -130
- data/lib/resources/platform.rb +109 -109
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +131 -131
- data/lib/resources/postgres_conf.rb +114 -114
- data/lib/resources/postgres_hba_conf.rb +90 -90
- data/lib/resources/postgres_ident_conf.rb +79 -79
- data/lib/resources/postgres_session.rb +71 -71
- data/lib/resources/powershell.rb +67 -67
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +51 -51
- data/lib/resources/registry_key.rb +297 -297
- data/lib/resources/security_policy.rb +180 -180
- data/lib/resources/service.rb +794 -794
- data/lib/resources/shadow.rb +159 -159
- data/lib/resources/ssh_conf.rb +97 -97
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +28 -28
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +654 -654
- data/lib/resources/vbscript.rb +68 -68
- data/lib/resources/virtualization.rb +247 -247
- data/lib/resources/windows_feature.rb +84 -84
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +102 -102
- data/lib/resources/wmi.rb +110 -110
- data/lib/resources/x509_certificate.rb +137 -137
- data/lib/resources/xinetd.rb +106 -106
- data/lib/resources/xml.rb +46 -46
- data/lib/resources/yaml.rb +43 -43
- data/lib/resources/yum.rb +180 -180
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/enumerable_delegation.rb +9 -9
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/file_reader.rb +25 -25
- data/lib/utils/filter.rb +273 -273
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +47 -47
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +105 -105
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/pkey_reader.rb +15 -15
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +120 -120
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +3 -3
data/docs/resources/users.md.erb
CHANGED
@@ -1,127 +1,127 @@
|
|
1
|
-
---
|
2
|
-
title: About the users Resource
|
3
|
-
platform: os
|
4
|
-
---
|
5
|
-
|
6
|
-
# users
|
7
|
-
|
8
|
-
Use the `users` InSpec audit resource to look up all local users available on the system, and then test specific properties of those users. This resource does not return information about users that may be located on other systems, such as LDAP or Active Directory.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Syntax
|
13
|
-
|
14
|
-
A `users` resource block declares a user name, and then one (or more) matchers:
|
15
|
-
|
16
|
-
describe users.where(uid: 0).entries do
|
17
|
-
it { should eq ['root'] }
|
18
|
-
its('uids') { should eq [1234] }
|
19
|
-
its('gids') { should eq [1234] }
|
20
|
-
end
|
21
|
-
|
22
|
-
where
|
23
|
-
|
24
|
-
* `gid`, `group`, `groups`, `home`, `maxdays`, `mindays`, `shell`, `uid`, and `warndays` are valid matchers for this resource
|
25
|
-
* `where(uid: 0).entries` represents a filter that runs the test only against matching users
|
26
|
-
|
27
|
-
For example:
|
28
|
-
|
29
|
-
describe users.where { username =~ /.*/ } do
|
30
|
-
it { should exist }
|
31
|
-
end
|
32
|
-
|
33
|
-
or:
|
34
|
-
|
35
|
-
describe users.where { uid =~ /^S-1-5-[0-9-]+-501$/ } do
|
36
|
-
it { should exist }
|
37
|
-
end
|
38
|
-
|
39
|
-
<br>
|
40
|
-
|
41
|
-
## Examples
|
42
|
-
|
43
|
-
The following examples show how to use this InSpec audit resource.
|
44
|
-
|
45
|
-
### Use a regular expression to find users
|
46
|
-
|
47
|
-
describe users.where { uid =~ /S\-1\-5\-21\-\d+\-\d+\-\d+\-500/ } do
|
48
|
-
it { should exist }
|
49
|
-
end
|
50
|
-
|
51
|
-
<br>
|
52
|
-
|
53
|
-
## Matchers
|
54
|
-
|
55
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
56
|
-
|
57
|
-
### exist
|
58
|
-
|
59
|
-
The `exist` matcher tests if the named user exists:
|
60
|
-
|
61
|
-
it { should exist }
|
62
|
-
|
63
|
-
### gid
|
64
|
-
|
65
|
-
The `gid` matcher tests the group identifier:
|
66
|
-
|
67
|
-
its('gid') { should eq 1234 } }
|
68
|
-
|
69
|
-
where `1234` represents the user identifier.
|
70
|
-
|
71
|
-
### group
|
72
|
-
|
73
|
-
The `group` matcher tests the group to which the user belongs:
|
74
|
-
|
75
|
-
its('group') { should eq 'root' }
|
76
|
-
|
77
|
-
where `root` represents the group.
|
78
|
-
|
79
|
-
### groups
|
80
|
-
|
81
|
-
The `groups` matcher tests two (or more) groups to which the user belongs:
|
82
|
-
|
83
|
-
its('groups') { should eq ['root', 'other']}
|
84
|
-
|
85
|
-
### home
|
86
|
-
|
87
|
-
The `home` matcher tests the home directory path for the user:
|
88
|
-
|
89
|
-
its('home') { should eq '/root' }
|
90
|
-
|
91
|
-
### maxdays
|
92
|
-
|
93
|
-
The `maxdays` matcher tests the maximum number of days between password changes:
|
94
|
-
|
95
|
-
its('maxdays') { should eq 99 }
|
96
|
-
|
97
|
-
where `99` represents the maximum number of days.
|
98
|
-
|
99
|
-
### mindays
|
100
|
-
|
101
|
-
The `mindays` matcher tests the minimum number of days between password changes:
|
102
|
-
|
103
|
-
its('mindays') { should eq 0 }
|
104
|
-
|
105
|
-
where `0` represents the maximum number of days.
|
106
|
-
|
107
|
-
### shell
|
108
|
-
|
109
|
-
The `shell` matcher tests the path to the default shell for the user:
|
110
|
-
|
111
|
-
its('shells') { should eq ['/bin/bash'] }
|
112
|
-
|
113
|
-
### uid
|
114
|
-
|
115
|
-
The `uid` matcher tests the user identifier:
|
116
|
-
|
117
|
-
its('uid') { should eq 1234 } }
|
118
|
-
|
119
|
-
where `1234` represents the user identifier.
|
120
|
-
|
121
|
-
### warndays
|
122
|
-
|
123
|
-
The `warndays` matcher tests the number of days a user is warned before a password must be changed:
|
124
|
-
|
125
|
-
its('warndays') { should eq 5 }
|
126
|
-
|
127
|
-
where `5` represents the number of days a user is warned.
|
1
|
+
---
|
2
|
+
title: About the users Resource
|
3
|
+
platform: os
|
4
|
+
---
|
5
|
+
|
6
|
+
# users
|
7
|
+
|
8
|
+
Use the `users` InSpec audit resource to look up all local users available on the system, and then test specific properties of those users. This resource does not return information about users that may be located on other systems, such as LDAP or Active Directory.
|
9
|
+
|
10
|
+
<br>
|
11
|
+
|
12
|
+
## Syntax
|
13
|
+
|
14
|
+
A `users` resource block declares a user name, and then one (or more) matchers:
|
15
|
+
|
16
|
+
describe users.where(uid: 0).entries do
|
17
|
+
it { should eq ['root'] }
|
18
|
+
its('uids') { should eq [1234] }
|
19
|
+
its('gids') { should eq [1234] }
|
20
|
+
end
|
21
|
+
|
22
|
+
where
|
23
|
+
|
24
|
+
* `gid`, `group`, `groups`, `home`, `maxdays`, `mindays`, `shell`, `uid`, and `warndays` are valid matchers for this resource
|
25
|
+
* `where(uid: 0).entries` represents a filter that runs the test only against matching users
|
26
|
+
|
27
|
+
For example:
|
28
|
+
|
29
|
+
describe users.where { username =~ /.*/ } do
|
30
|
+
it { should exist }
|
31
|
+
end
|
32
|
+
|
33
|
+
or:
|
34
|
+
|
35
|
+
describe users.where { uid =~ /^S-1-5-[0-9-]+-501$/ } do
|
36
|
+
it { should exist }
|
37
|
+
end
|
38
|
+
|
39
|
+
<br>
|
40
|
+
|
41
|
+
## Examples
|
42
|
+
|
43
|
+
The following examples show how to use this InSpec audit resource.
|
44
|
+
|
45
|
+
### Use a regular expression to find users
|
46
|
+
|
47
|
+
describe users.where { uid =~ /S\-1\-5\-21\-\d+\-\d+\-\d+\-500/ } do
|
48
|
+
it { should exist }
|
49
|
+
end
|
50
|
+
|
51
|
+
<br>
|
52
|
+
|
53
|
+
## Matchers
|
54
|
+
|
55
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
56
|
+
|
57
|
+
### exist
|
58
|
+
|
59
|
+
The `exist` matcher tests if the named user exists:
|
60
|
+
|
61
|
+
it { should exist }
|
62
|
+
|
63
|
+
### gid
|
64
|
+
|
65
|
+
The `gid` matcher tests the group identifier:
|
66
|
+
|
67
|
+
its('gid') { should eq 1234 } }
|
68
|
+
|
69
|
+
where `1234` represents the user identifier.
|
70
|
+
|
71
|
+
### group
|
72
|
+
|
73
|
+
The `group` matcher tests the group to which the user belongs:
|
74
|
+
|
75
|
+
its('group') { should eq 'root' }
|
76
|
+
|
77
|
+
where `root` represents the group.
|
78
|
+
|
79
|
+
### groups
|
80
|
+
|
81
|
+
The `groups` matcher tests two (or more) groups to which the user belongs:
|
82
|
+
|
83
|
+
its('groups') { should eq ['root', 'other']}
|
84
|
+
|
85
|
+
### home
|
86
|
+
|
87
|
+
The `home` matcher tests the home directory path for the user:
|
88
|
+
|
89
|
+
its('home') { should eq '/root' }
|
90
|
+
|
91
|
+
### maxdays
|
92
|
+
|
93
|
+
The `maxdays` matcher tests the maximum number of days between password changes:
|
94
|
+
|
95
|
+
its('maxdays') { should eq 99 }
|
96
|
+
|
97
|
+
where `99` represents the maximum number of days.
|
98
|
+
|
99
|
+
### mindays
|
100
|
+
|
101
|
+
The `mindays` matcher tests the minimum number of days between password changes:
|
102
|
+
|
103
|
+
its('mindays') { should eq 0 }
|
104
|
+
|
105
|
+
where `0` represents the maximum number of days.
|
106
|
+
|
107
|
+
### shell
|
108
|
+
|
109
|
+
The `shell` matcher tests the path to the default shell for the user:
|
110
|
+
|
111
|
+
its('shells') { should eq ['/bin/bash'] }
|
112
|
+
|
113
|
+
### uid
|
114
|
+
|
115
|
+
The `uid` matcher tests the user identifier:
|
116
|
+
|
117
|
+
its('uid') { should eq 1234 } }
|
118
|
+
|
119
|
+
where `1234` represents the user identifier.
|
120
|
+
|
121
|
+
### warndays
|
122
|
+
|
123
|
+
The `warndays` matcher tests the number of days a user is warned before a password must be changed:
|
124
|
+
|
125
|
+
its('warndays') { should eq 5 }
|
126
|
+
|
127
|
+
where `5` represents the number of days a user is warned.
|
@@ -1,55 +1,55 @@
|
|
1
|
-
---
|
2
|
-
title: About the vbscript Resource
|
3
|
-
platform: windows
|
4
|
-
---
|
5
|
-
|
6
|
-
# vbscript
|
7
|
-
|
8
|
-
Use the `vbscript` InSpec audit resource to test a VBScript on the Windows platform.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Syntax
|
13
|
-
|
14
|
-
A `vbscript` resource block tests the output of a VBScript on the Windows platform:
|
15
|
-
|
16
|
-
describe vbscript('script contents') do
|
17
|
-
its('stdout') { should eq 'output' }
|
18
|
-
end
|
19
|
-
|
20
|
-
where
|
21
|
-
|
22
|
-
* `'script_name'` is the name of the VBScript to test
|
23
|
-
* `('output')` is the expected output of the VBScript
|
24
|
-
|
25
|
-
<br>
|
26
|
-
|
27
|
-
## Examples
|
28
|
-
|
29
|
-
The following examples show how to use this InSpec audit resource.
|
30
|
-
|
31
|
-
### Test a VBScript
|
32
|
-
|
33
|
-
A VBScript file similar to:
|
34
|
-
|
35
|
-
script = <<-EOH
|
36
|
-
WScript.Echo "hello"
|
37
|
-
EOH
|
38
|
-
|
39
|
-
may be tested for multiple lines:
|
40
|
-
|
41
|
-
describe vbscript(script) do
|
42
|
-
its('stdout') { should eq "hello\r\n" }
|
43
|
-
end
|
44
|
-
|
45
|
-
and tested for whitespace removal from standard output:
|
46
|
-
|
47
|
-
describe vbscript(script) do
|
48
|
-
its('strip') { should eq "hello" }
|
49
|
-
end
|
50
|
-
|
51
|
-
<br>
|
52
|
-
|
53
|
-
## Matchers
|
54
|
-
|
55
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
1
|
+
---
|
2
|
+
title: About the vbscript Resource
|
3
|
+
platform: windows
|
4
|
+
---
|
5
|
+
|
6
|
+
# vbscript
|
7
|
+
|
8
|
+
Use the `vbscript` InSpec audit resource to test a VBScript on the Windows platform.
|
9
|
+
|
10
|
+
<br>
|
11
|
+
|
12
|
+
## Syntax
|
13
|
+
|
14
|
+
A `vbscript` resource block tests the output of a VBScript on the Windows platform:
|
15
|
+
|
16
|
+
describe vbscript('script contents') do
|
17
|
+
its('stdout') { should eq 'output' }
|
18
|
+
end
|
19
|
+
|
20
|
+
where
|
21
|
+
|
22
|
+
* `'script_name'` is the name of the VBScript to test
|
23
|
+
* `('output')` is the expected output of the VBScript
|
24
|
+
|
25
|
+
<br>
|
26
|
+
|
27
|
+
## Examples
|
28
|
+
|
29
|
+
The following examples show how to use this InSpec audit resource.
|
30
|
+
|
31
|
+
### Test a VBScript
|
32
|
+
|
33
|
+
A VBScript file similar to:
|
34
|
+
|
35
|
+
script = <<-EOH
|
36
|
+
WScript.Echo "hello"
|
37
|
+
EOH
|
38
|
+
|
39
|
+
may be tested for multiple lines:
|
40
|
+
|
41
|
+
describe vbscript(script) do
|
42
|
+
its('stdout') { should eq "hello\r\n" }
|
43
|
+
end
|
44
|
+
|
45
|
+
and tested for whitespace removal from standard output:
|
46
|
+
|
47
|
+
describe vbscript(script) do
|
48
|
+
its('strip') { should eq "hello" }
|
49
|
+
end
|
50
|
+
|
51
|
+
<br>
|
52
|
+
|
53
|
+
## Matchers
|
54
|
+
|
55
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
@@ -1,57 +1,57 @@
|
|
1
|
-
---
|
2
|
-
title: About the virtualization Resource
|
3
|
-
platform: linux
|
4
|
-
---
|
5
|
-
|
6
|
-
# virtualization
|
7
|
-
|
8
|
-
Use the `virtualization` InSpec audit resource to test the virtualization platform on which the system is running.
|
9
|
-
|
10
|
-
<br>
|
11
|
-
|
12
|
-
## Syntax
|
13
|
-
|
14
|
-
An `virtualization` resource block declares the virtualization platform that should be tested:
|
15
|
-
|
16
|
-
describe virtualization do
|
17
|
-
its('system') { should MATCHER 'value' }
|
18
|
-
end
|
19
|
-
|
20
|
-
where
|
21
|
-
|
22
|
-
* `('system')` is the name of the system information of the virtualization platform (e.g. docker, lxc, vbox, kvm, etc)
|
23
|
-
* `MATCHER` is a valid matcher for this resource
|
24
|
-
* `'value'` is the value to be tested
|
25
|
-
|
26
|
-
<br>
|
27
|
-
|
28
|
-
## Examples
|
29
|
-
|
30
|
-
The following examples show how to use this InSpec audit resource.
|
31
|
-
|
32
|
-
### Test for Docker
|
33
|
-
|
34
|
-
describe virtualization do
|
35
|
-
its('system') { should eq 'docker' }
|
36
|
-
end
|
37
|
-
|
38
|
-
### Test for VirtualBox
|
39
|
-
|
40
|
-
describe virtualization do
|
41
|
-
its('system') { should eq 'vbox' }
|
42
|
-
its('role') { should eq 'guest' }
|
43
|
-
end
|
44
|
-
|
45
|
-
### Detect the virtualization platform
|
46
|
-
|
47
|
-
if virtualization.system == 'vbox'
|
48
|
-
describe package('name') do
|
49
|
-
it { should be_installed }
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
<br>
|
54
|
-
|
55
|
-
## Matchers
|
56
|
-
|
57
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
1
|
+
---
|
2
|
+
title: About the virtualization Resource
|
3
|
+
platform: linux
|
4
|
+
---
|
5
|
+
|
6
|
+
# virtualization
|
7
|
+
|
8
|
+
Use the `virtualization` InSpec audit resource to test the virtualization platform on which the system is running.
|
9
|
+
|
10
|
+
<br>
|
11
|
+
|
12
|
+
## Syntax
|
13
|
+
|
14
|
+
An `virtualization` resource block declares the virtualization platform that should be tested:
|
15
|
+
|
16
|
+
describe virtualization do
|
17
|
+
its('system') { should MATCHER 'value' }
|
18
|
+
end
|
19
|
+
|
20
|
+
where
|
21
|
+
|
22
|
+
* `('system')` is the name of the system information of the virtualization platform (e.g. docker, lxc, vbox, kvm, etc)
|
23
|
+
* `MATCHER` is a valid matcher for this resource
|
24
|
+
* `'value'` is the value to be tested
|
25
|
+
|
26
|
+
<br>
|
27
|
+
|
28
|
+
## Examples
|
29
|
+
|
30
|
+
The following examples show how to use this InSpec audit resource.
|
31
|
+
|
32
|
+
### Test for Docker
|
33
|
+
|
34
|
+
describe virtualization do
|
35
|
+
its('system') { should eq 'docker' }
|
36
|
+
end
|
37
|
+
|
38
|
+
### Test for VirtualBox
|
39
|
+
|
40
|
+
describe virtualization do
|
41
|
+
its('system') { should eq 'vbox' }
|
42
|
+
its('role') { should eq 'guest' }
|
43
|
+
end
|
44
|
+
|
45
|
+
### Detect the virtualization platform
|
46
|
+
|
47
|
+
if virtualization.system == 'vbox'
|
48
|
+
describe package('name') do
|
49
|
+
it { should be_installed }
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
<br>
|
54
|
+
|
55
|
+
## Matchers
|
56
|
+
|
57
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|