inspec 2.2.20 → 2.2.27
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -12
- data/docs/resources/file.md.erb +10 -3
- data/lib/inspec/base_cli.rb +2 -0
- data/lib/inspec/cli.rb +5 -0
- data/lib/inspec/dependencies/dependency_set.rb +3 -3
- data/lib/inspec/dependencies/requirement.rb +18 -11
- data/lib/inspec/profile.rb +9 -1
- data/lib/inspec/reporters/json.rb +1 -0
- data/lib/inspec/resource.rb +21 -9
- data/lib/inspec/runner_rspec.rb +2 -2
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/aide_conf.rb +3 -5
- data/lib/resources/apache_conf.rb +8 -0
- data/lib/resources/auditd.rb +13 -15
- data/lib/resources/aws/aws_cloudtrail_trails.rb +4 -5
- data/lib/resources/aws/aws_ec2_instances.rb +3 -4
- data/lib/resources/aws/aws_iam_access_keys.rb +16 -18
- data/lib/resources/aws/aws_iam_groups.rb +2 -2
- data/lib/resources/aws/aws_iam_policies.rb +4 -5
- data/lib/resources/aws/aws_iam_users.rb +17 -22
- data/lib/resources/aws/aws_kms_keys.rb +4 -5
- data/lib/resources/aws/aws_route_tables.rb +4 -5
- data/lib/resources/aws/aws_s3_buckets.rb +3 -5
- data/lib/resources/aws/aws_security_groups.rb +3 -5
- data/lib/resources/aws/aws_sns_topics.rb +3 -5
- data/lib/resources/aws/aws_subnets.rb +6 -8
- data/lib/resources/aws/aws_vpcs.rb +6 -8
- data/lib/resources/azure/azure_generic_resource.rb +7 -11
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +15 -17
- data/lib/resources/crontab.rb +9 -11
- data/lib/resources/docker.rb +32 -38
- data/lib/resources/elasticsearch.rb +24 -26
- data/lib/resources/etc_fstab.rb +8 -10
- data/lib/resources/etc_hosts.rb +4 -6
- data/lib/resources/etc_hosts_allow_deny.rb +4 -6
- data/lib/resources/file.rb +1 -1
- data/lib/resources/firewalld.rb +6 -8
- data/lib/resources/groups.rb +6 -8
- data/lib/resources/nginx_conf.rb +4 -6
- data/lib/resources/packages.rb +5 -7
- data/lib/resources/passwd.rb +9 -11
- data/lib/resources/port.rb +7 -9
- data/lib/resources/postgres_hba_conf.rb +7 -9
- data/lib/resources/postgres_ident_conf.rb +4 -6
- data/lib/resources/processes.rb +13 -15
- data/lib/resources/ssl.rb +5 -7
- data/lib/resources/users.rb +15 -17
- data/lib/resources/xinetd.rb +9 -11
- metadata +2 -2
data/lib/resources/etc_fstab.rb
CHANGED
@@ -38,17 +38,15 @@ module Inspec::Resources
|
|
38
38
|
end
|
39
39
|
|
40
40
|
filter = FilterTable.create
|
41
|
-
filter.
|
42
|
-
.
|
43
|
-
.
|
44
|
-
.
|
45
|
-
.
|
46
|
-
.
|
47
|
-
.
|
48
|
-
.add(:file_system_options, field: 'file_system_options')
|
49
|
-
.add(:configured?) { |x| x.entries.any? }
|
41
|
+
filter.register_column(:device_name, field: 'device_name')
|
42
|
+
.register_column(:mount_point, field: 'mount_point')
|
43
|
+
.register_column(:file_system_type, field: 'file_system_type')
|
44
|
+
.register_column(:mount_options, field: 'mount_options')
|
45
|
+
.register_column(:dump_options, field: 'dump_options')
|
46
|
+
.register_column(:file_system_options, field: 'file_system_options')
|
47
|
+
.register_custom_matcher(:configured?) { |x| x.entries.any? }
|
50
48
|
|
51
|
-
filter.
|
49
|
+
filter.install_filter_methods_on_resource(self, :params)
|
52
50
|
|
53
51
|
def nfs_file_systems
|
54
52
|
where { file_system_type.match(/nfs/) }
|
data/lib/resources/etc_hosts.rb
CHANGED
@@ -33,12 +33,10 @@ class EtcHosts < Inspec.resource(1)
|
|
33
33
|
end
|
34
34
|
|
35
35
|
FilterTable.create
|
36
|
-
.
|
37
|
-
.
|
38
|
-
.
|
39
|
-
.
|
40
|
-
.add(:all_host_names, field: 'all_host_names')
|
41
|
-
.connect(self, :params)
|
36
|
+
.register_column(:ip_address, field: 'ip_address')
|
37
|
+
.register_column(:primary_name, field: 'primary_name')
|
38
|
+
.register_column(:all_host_names, field: 'all_host_names')
|
39
|
+
.install_filter_methods_on_resource(self, :params)
|
42
40
|
|
43
41
|
private
|
44
42
|
|
@@ -29,13 +29,11 @@ module Inspec::Resources
|
|
29
29
|
end
|
30
30
|
|
31
31
|
filter = FilterTable.create
|
32
|
-
filter.
|
33
|
-
.
|
34
|
-
.
|
35
|
-
.add(:client_list, field: 'client_list')
|
36
|
-
.add(:options, field: 'options')
|
32
|
+
filter.register_column(:daemon, field: 'daemon')
|
33
|
+
.register_column(:client_list, field: 'client_list')
|
34
|
+
.register_column(:options, field: 'options')
|
37
35
|
|
38
|
-
filter.
|
36
|
+
filter.install_filter_methods_on_resource(self, :params)
|
39
37
|
|
40
38
|
private
|
41
39
|
|
data/lib/resources/file.rb
CHANGED
@@ -44,7 +44,7 @@ module Inspec::Resources
|
|
44
44
|
%w{
|
45
45
|
type exist? file? block_device? character_device? socket? directory?
|
46
46
|
symlink? pipe? mode mode? owner owned_by? group grouped_into?
|
47
|
-
link_path linked_to? mtime size selinux_label immutable?
|
47
|
+
link_path shallow_link_path linked_to? mtime size selinux_label immutable?
|
48
48
|
product_version file_version version? md5sum sha256sum
|
49
49
|
path basename source source_path uid gid
|
50
50
|
}.each do |m|
|
data/lib/resources/firewalld.rb
CHANGED
@@ -28,14 +28,12 @@ module Inspec::Resources
|
|
28
28
|
attr_reader :params
|
29
29
|
|
30
30
|
filter = FilterTable.create
|
31
|
-
filter.
|
32
|
-
.
|
33
|
-
.
|
34
|
-
.
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
filter.connect(self, :params)
|
31
|
+
filter.register_column(:zone, field: 'zone')
|
32
|
+
.register_column(:interfaces, field: 'interfaces')
|
33
|
+
.register_column(:sources, field: 'sources')
|
34
|
+
.register_column(:services, field: 'services')
|
35
|
+
|
36
|
+
filter.install_filter_methods_on_resource(self, :params)
|
39
37
|
|
40
38
|
def initialize
|
41
39
|
@params = parse_active_zones(active_zones)
|
data/lib/resources/groups.rb
CHANGED
@@ -47,14 +47,12 @@ module Inspec::Resources
|
|
47
47
|
end
|
48
48
|
|
49
49
|
filter = FilterTable.create
|
50
|
-
filter.
|
51
|
-
|
52
|
-
.
|
53
|
-
.
|
54
|
-
.
|
55
|
-
|
56
|
-
.add(:exists?) { |x| !x.entries.empty? }
|
57
|
-
filter.connect(self, :collect_group_details)
|
50
|
+
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
51
|
+
filter.register_column(:names, field: 'name')
|
52
|
+
.register_column(:gids, field: 'gid')
|
53
|
+
.register_column(:domains, field: 'domain')
|
54
|
+
.register_column(:members, field: 'members')
|
55
|
+
filter.install_filter_methods_on_resource(self, :collect_group_details)
|
58
56
|
|
59
57
|
def to_s
|
60
58
|
'Groups'
|
data/lib/resources/nginx_conf.rb
CHANGED
@@ -156,9 +156,8 @@ module Inspec::Resources
|
|
156
156
|
end
|
157
157
|
|
158
158
|
filter = FilterTable.create
|
159
|
-
filter.
|
160
|
-
.
|
161
|
-
.connect(self, :server_table)
|
159
|
+
filter.register_column(:servers, field: 'server')
|
160
|
+
.install_filter_methods_on_resource(self, :server_table)
|
162
161
|
|
163
162
|
def locations
|
164
163
|
servers.map(&:locations).flatten
|
@@ -184,9 +183,8 @@ module Inspec::Resources
|
|
184
183
|
end
|
185
184
|
|
186
185
|
filter = FilterTable.create
|
187
|
-
filter.
|
188
|
-
.
|
189
|
-
.connect(self, :location_table)
|
186
|
+
filter.register_column(:locations, field: 'location')
|
187
|
+
.install_filter_methods_on_resource(self, :location_table)
|
190
188
|
|
191
189
|
def to_s
|
192
190
|
server = ''
|
data/lib/resources/packages.rb
CHANGED
@@ -42,13 +42,11 @@ module Inspec::Resources
|
|
42
42
|
end
|
43
43
|
|
44
44
|
filter = FilterTable.create
|
45
|
-
filter.
|
46
|
-
.
|
47
|
-
.
|
48
|
-
.
|
49
|
-
.
|
50
|
-
.add(:architectures, field: 'architecture')
|
51
|
-
.connect(self, :filtered_packages)
|
45
|
+
filter.register_column(:statuses, field: 'status', style: :simple)
|
46
|
+
.register_column(:names, field: 'name')
|
47
|
+
.register_column(:versions, field: 'version')
|
48
|
+
.register_column(:architectures, field: 'architecture')
|
49
|
+
.install_filter_methods_on_resource(self, :filtered_packages)
|
52
50
|
|
53
51
|
private
|
54
52
|
|
data/lib/resources/passwd.rb
CHANGED
@@ -50,24 +50,22 @@ module Inspec::Resources
|
|
50
50
|
end
|
51
51
|
|
52
52
|
filter = FilterTable.create
|
53
|
-
filter.
|
54
|
-
.
|
55
|
-
.
|
56
|
-
.
|
57
|
-
.
|
58
|
-
.
|
59
|
-
.
|
60
|
-
.add(:homes, field: 'home')
|
61
|
-
.add(:shells, field: 'shell')
|
53
|
+
filter.register_column(:users, field: 'user')
|
54
|
+
.register_column(:passwords, field: 'password')
|
55
|
+
.register_column(:uids, field: 'uid')
|
56
|
+
.register_column(:gids, field: 'gid')
|
57
|
+
.register_column(:descs, field: 'desc')
|
58
|
+
.register_column(:homes, field: 'home')
|
59
|
+
.register_column(:shells, field: 'shell')
|
62
60
|
|
63
61
|
# rebuild the passwd line from raw content
|
64
|
-
filter.
|
62
|
+
filter.register_custom_property(:content) { |t, _|
|
65
63
|
t.entries.map do |e|
|
66
64
|
[e.user, e.password, e.uid, e.gid, e.desc, e.home, e.shell].join(':')
|
67
65
|
end.join("\n")
|
68
66
|
}
|
69
67
|
|
70
|
-
filter.
|
68
|
+
filter.install_filter_methods_on_resource(self, :params)
|
71
69
|
|
72
70
|
def to_s
|
73
71
|
'/etc/passwd'
|
data/lib/resources/port.rb
CHANGED
@@ -39,15 +39,13 @@ module Inspec::Resources
|
|
39
39
|
end
|
40
40
|
|
41
41
|
filter = FilterTable.create
|
42
|
-
filter.
|
43
|
-
.
|
44
|
-
.
|
45
|
-
.
|
46
|
-
.
|
47
|
-
.
|
48
|
-
|
49
|
-
.add(:listening?) { |x| !x.entries.empty? }
|
50
|
-
filter.connect(self, :info)
|
42
|
+
filter.register_column(:ports, field: 'port', style: :simple)
|
43
|
+
.register_column(:addresses, field: 'address', style: :simple)
|
44
|
+
.register_column(:protocols, field: 'protocol', style: :simple)
|
45
|
+
.register_column(:processes, field: 'process', style: :simple)
|
46
|
+
.register_column(:pids, field: 'pid', style: :simple)
|
47
|
+
.register_custom_matcher(:listening?) { |x| !x.entries.empty? }
|
48
|
+
filter.install_filter_methods_on_resource(self, :info)
|
51
49
|
|
52
50
|
def to_s
|
53
51
|
"Port #{@port}"
|
@@ -28,16 +28,14 @@ module Inspec::Resources
|
|
28
28
|
end
|
29
29
|
|
30
30
|
filter = FilterTable.create
|
31
|
-
filter.
|
32
|
-
.
|
33
|
-
.
|
34
|
-
.
|
35
|
-
.
|
36
|
-
.
|
37
|
-
.add(:auth_method, field: 'auth_method')
|
38
|
-
.add(:auth_params, field: 'auth_params')
|
31
|
+
filter.register_column(:type, field: 'type')
|
32
|
+
.register_column(:database, field: 'database')
|
33
|
+
.register_column(:user, field: 'user')
|
34
|
+
.register_column(:address, field: 'address')
|
35
|
+
.register_column(:auth_method, field: 'auth_method')
|
36
|
+
.register_column(:auth_params, field: 'auth_params')
|
39
37
|
|
40
|
-
filter.
|
38
|
+
filter.install_filter_methods_on_resource(self, :params)
|
41
39
|
|
42
40
|
def to_s
|
43
41
|
"Postgres Hba Config #{@conf_file}"
|
@@ -27,13 +27,11 @@ module Inspec::Resources
|
|
27
27
|
end
|
28
28
|
|
29
29
|
filter = FilterTable.create
|
30
|
-
filter.
|
31
|
-
.
|
32
|
-
.
|
33
|
-
.add(:system_username, field: 'system_username')
|
34
|
-
.add(:pg_username, field: 'pg_username')
|
30
|
+
filter.register_column(:map_name, field: 'map_name')
|
31
|
+
.register_column(:system_username, field: 'system_username')
|
32
|
+
.register_column(:pg_username, field: 'pg_username')
|
35
33
|
|
36
|
-
filter.
|
34
|
+
filter.install_filter_methods_on_resource(self, :params)
|
37
35
|
|
38
36
|
def to_s
|
39
37
|
"PostgreSQL Ident Config #{@conf_file}"
|
data/lib/resources/processes.rb
CHANGED
@@ -61,21 +61,19 @@ module Inspec::Resources
|
|
61
61
|
end
|
62
62
|
|
63
63
|
filter = FilterTable.create
|
64
|
-
filter.
|
65
|
-
.
|
66
|
-
.
|
67
|
-
.
|
68
|
-
.
|
69
|
-
.
|
70
|
-
.
|
71
|
-
.
|
72
|
-
.
|
73
|
-
.
|
74
|
-
.
|
75
|
-
.
|
76
|
-
.
|
77
|
-
.add(:commands, field: 'command')
|
78
|
-
.connect(self, :filtered_processes)
|
64
|
+
filter.register_column(:labels, field: 'label')
|
65
|
+
.register_column(:pids, field: 'pid')
|
66
|
+
.register_column(:cpus, field: 'cpu')
|
67
|
+
.register_column(:mem, field: 'mem')
|
68
|
+
.register_column(:vsz, field: 'vsz')
|
69
|
+
.register_column(:rss, field: 'rss')
|
70
|
+
.register_column(:tty, field: 'tty')
|
71
|
+
.register_column(:states, field: 'stat')
|
72
|
+
.register_column(:start, field: 'start')
|
73
|
+
.register_column(:time, field: 'time')
|
74
|
+
.register_column(:users, field: 'user')
|
75
|
+
.register_column(:commands, field: 'command')
|
76
|
+
.install_filter_methods_on_resource(self, :filtered_processes)
|
79
77
|
|
80
78
|
private
|
81
79
|
|
data/lib/resources/ssl.rb
CHANGED
@@ -58,15 +58,13 @@ class SSL < Inspec.resource(1)
|
|
58
58
|
end
|
59
59
|
|
60
60
|
filter = FilterTable.create
|
61
|
-
filter.
|
61
|
+
filter.register_custom_matcher(:enabled?) do |x|
|
62
62
|
raise 'Cannot determine host for SSL test. Please specify it or use a different target.' if x.resource.host.nil?
|
63
63
|
x.handshake.values.any? { |i| i['success'] }
|
64
64
|
end
|
65
|
-
filter.
|
66
|
-
.
|
67
|
-
.
|
68
|
-
.add(:protocols, field: 'protocol')
|
69
|
-
.add(:handshake) { |x|
|
65
|
+
filter.register_column(:ciphers, field: 'cipher')
|
66
|
+
.register_column(:protocols, field: 'protocol')
|
67
|
+
.register_custom_property(:handshake) { |x|
|
70
68
|
groups = x.entries.group_by(&:protocol)
|
71
69
|
res = Parallel.map(groups, in_threads: 8) do |proto, e|
|
72
70
|
[proto, SSLShake.hello(x.resource.host, port: x.resource.port,
|
@@ -75,7 +73,7 @@ class SSL < Inspec.resource(1)
|
|
75
73
|
end
|
76
74
|
Hash[res]
|
77
75
|
}
|
78
|
-
.
|
76
|
+
.install_filter_methods_on_resource(self, :scan_config)
|
79
77
|
|
80
78
|
def to_s
|
81
79
|
"SSL/TLS on #{@host}:#{@port}"
|
data/lib/resources/users.rb
CHANGED
@@ -70,23 +70,21 @@ module Inspec::Resources
|
|
70
70
|
end
|
71
71
|
|
72
72
|
filter = FilterTable.create
|
73
|
-
filter.
|
74
|
-
|
75
|
-
.
|
76
|
-
.
|
77
|
-
.
|
78
|
-
.
|
79
|
-
.
|
80
|
-
.
|
81
|
-
.
|
82
|
-
.
|
83
|
-
.
|
84
|
-
.
|
85
|
-
.
|
86
|
-
.
|
87
|
-
|
88
|
-
.add(:enabled?) { |x| x.where { disabled == true }.entries.empty? }
|
89
|
-
filter.connect(self, :collect_user_details)
|
73
|
+
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
74
|
+
filter.register_column(:usernames, field: :username)
|
75
|
+
.register_column(:uids, field: :uid)
|
76
|
+
.register_column(:gids, field: :gid)
|
77
|
+
.register_column(:groupnames, field: :groupname)
|
78
|
+
.register_column(:groups, field: :groups)
|
79
|
+
.register_column(:homes, field: :home)
|
80
|
+
.register_column(:shells, field: :shell)
|
81
|
+
.register_column(:mindays, field: :mindays)
|
82
|
+
.register_column(:maxdays, field: :maxdays)
|
83
|
+
.register_column(:warndays, field: :warndays)
|
84
|
+
.register_column(:disabled, field: :disabled)
|
85
|
+
.register_custom_matcher(:disabled?) { |x| x.where { disabled == false }.entries.empty? }
|
86
|
+
.register_custom_matcher(:enabled?) { |x| x.where { disabled == true }.entries.empty? }
|
87
|
+
filter.install_filter_methods_on_resource(self, :collect_user_details)
|
90
88
|
|
91
89
|
def to_s
|
92
90
|
'Users'
|
data/lib/resources/xinetd.rb
CHANGED
@@ -37,17 +37,15 @@ module Inspec::Resources
|
|
37
37
|
end
|
38
38
|
|
39
39
|
filter = FilterTable.create
|
40
|
-
filter.
|
41
|
-
.
|
42
|
-
.
|
43
|
-
.
|
44
|
-
.
|
45
|
-
.
|
46
|
-
.
|
47
|
-
.
|
48
|
-
.
|
49
|
-
.add(:enabled?) { |x| x.where('disable' => 'yes').services.empty? }
|
50
|
-
.connect(self, :service_lines)
|
40
|
+
filter.register_column(:services, field: 'service')
|
41
|
+
.register_column(:ids, field: 'id')
|
42
|
+
.register_column(:socket_types, field: 'socket_type')
|
43
|
+
.register_column(:types, field: 'type')
|
44
|
+
.register_column(:protocols, field: 'protocol')
|
45
|
+
.register_column(:wait, field: 'wait')
|
46
|
+
.register_custom_matcher(:disabled?) { |x| x.where('disable' => 'no').services.empty? }
|
47
|
+
.register_custom_matcher(:enabled?) { |x| x.where('disable' => 'yes').services.empty? }
|
48
|
+
.install_filter_methods_on_resource(self, :service_lines)
|
51
49
|
|
52
50
|
private
|
53
51
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.27
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-06-
|
11
|
+
date: 2018-06-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train
|