inspec 2.2.55 → 2.2.61
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +24 -8
- data/docs/resources/aide_conf.md.erb +10 -0
- data/docs/resources/apache.md.erb +10 -0
- data/docs/resources/apache_conf.md.erb +10 -0
- data/docs/resources/apt.md.erb +10 -0
- data/docs/resources/audit_policy.md.erb +10 -0
- data/docs/resources/auditd.md.erb +10 -0
- data/docs/resources/auditd_conf.md.erb +10 -0
- data/docs/resources/aws_cloudtrail_trail.md.erb +10 -0
- data/docs/resources/aws_cloudtrail_trails.md.erb +10 -0
- data/docs/resources/aws_cloudwatch_alarm.md.erb +10 -0
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +10 -0
- data/docs/resources/aws_config_delivery_channel.md.erb +10 -0
- data/docs/resources/aws_config_recorder.md.erb +10 -0
- data/docs/resources/aws_ec2_instance.md.erb +10 -0
- data/docs/resources/aws_ec2_instances.md.erb +10 -0
- data/docs/resources/aws_elb.md.erb +10 -0
- data/docs/resources/aws_elbs.md.erb +10 -0
- data/docs/resources/aws_flow_log.md.erb +10 -0
- data/docs/resources/aws_iam_access_key.md.erb +10 -0
- data/docs/resources/aws_iam_access_keys.md.erb +10 -0
- data/docs/resources/aws_iam_group.md.erb +10 -0
- data/docs/resources/aws_iam_groups.md.erb +10 -0
- data/docs/resources/aws_iam_password_policy.md.erb +10 -0
- data/docs/resources/aws_iam_policies.md.erb +10 -0
- data/docs/resources/aws_iam_policy.md.erb +10 -0
- data/docs/resources/aws_iam_role.md.erb +10 -0
- data/docs/resources/aws_iam_root_user.md.erb +10 -0
- data/docs/resources/aws_iam_user.md.erb +10 -0
- data/docs/resources/aws_iam_users.md.erb +10 -0
- data/docs/resources/aws_kms_key.md.erb +10 -0
- data/docs/resources/aws_kms_keys.md.erb +10 -0
- data/docs/resources/aws_rds_instance.md.erb +10 -0
- data/docs/resources/aws_route_table.md.erb +10 -0
- data/docs/resources/aws_route_tables.md.erb +10 -0
- data/docs/resources/aws_s3_bucket.md.erb +10 -0
- data/docs/resources/aws_s3_bucket_object.md.erb +10 -0
- data/docs/resources/aws_s3_buckets.md.erb +10 -0
- data/docs/resources/aws_security_group.md.erb +10 -0
- data/docs/resources/aws_security_groups.md.erb +10 -0
- data/docs/resources/aws_sns_subscription.md.erb +10 -0
- data/docs/resources/aws_sns_topic.md.erb +10 -0
- data/docs/resources/aws_sns_topics.md.erb +10 -0
- data/docs/resources/aws_subnet.md.erb +10 -0
- data/docs/resources/aws_subnets.md.erb +10 -0
- data/docs/resources/aws_vpc.md.erb +10 -0
- data/docs/resources/aws_vpcs.md.erb +10 -0
- data/docs/resources/azure_generic_resource.md.erb +10 -0
- data/docs/resources/azure_resource_group.md.erb +10 -0
- data/docs/resources/azure_virtual_machine.md.erb +10 -0
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +10 -0
- data/docs/resources/bash.md.erb +10 -0
- data/docs/resources/bond.md.erb +10 -0
- data/docs/resources/bridge.md.erb +10 -0
- data/docs/resources/bsd_service.md.erb +10 -0
- data/docs/resources/chocolatey_package.md.erb +10 -0
- data/docs/resources/command.md.erb +10 -0
- data/docs/resources/cpan.md.erb +10 -0
- data/docs/resources/cran.md.erb +10 -0
- data/docs/resources/crontab.md.erb +10 -0
- data/docs/resources/csv.md.erb +10 -0
- data/docs/resources/dh_params.md.erb +10 -0
- data/docs/resources/directory.md.erb +10 -0
- data/docs/resources/docker.md.erb +21 -0
- data/docs/resources/docker_container.md.erb +10 -0
- data/docs/resources/docker_image.md.erb +10 -0
- data/docs/resources/docker_plugin.md.erb +80 -0
- data/docs/resources/docker_service.md.erb +10 -0
- data/docs/resources/elasticsearch.md.erb +10 -0
- data/docs/resources/etc_fstab.md.erb +10 -0
- data/docs/resources/etc_group.md.erb +10 -0
- data/docs/resources/etc_hosts.md.erb +10 -0
- data/docs/resources/etc_hosts_allow.md.erb +10 -0
- data/docs/resources/etc_hosts_deny.md.erb +10 -0
- data/docs/resources/file.md.erb +10 -0
- data/docs/resources/filesystem.md.erb +10 -0
- data/docs/resources/firewalld.md.erb +10 -0
- data/docs/resources/gem.md.erb +10 -0
- data/docs/resources/group.md.erb +10 -0
- data/docs/resources/grub_conf.md.erb +10 -0
- data/docs/resources/host.md.erb +10 -0
- data/docs/resources/http.md.erb +10 -0
- data/docs/resources/iis_app.md.erb +10 -0
- data/docs/resources/iis_site.md.erb +10 -0
- data/docs/resources/inetd_conf.md.erb +10 -0
- data/docs/resources/ini.md.erb +10 -0
- data/docs/resources/interface.md.erb +10 -0
- data/docs/resources/iptables.md.erb +10 -0
- data/docs/resources/json.md.erb +10 -0
- data/docs/resources/kernel_module.md.erb +10 -0
- data/docs/resources/kernel_parameter.md.erb +10 -0
- data/docs/resources/key_rsa.md.erb +10 -0
- data/docs/resources/launchd_service.md.erb +10 -0
- data/docs/resources/limits_conf.md.erb +10 -0
- data/docs/resources/login_defs.md.erb +10 -0
- data/docs/resources/mount.md.erb +10 -0
- data/docs/resources/mssql_session.md.erb +10 -0
- data/docs/resources/mysql_conf.md.erb +10 -0
- data/docs/resources/mysql_session.md.erb +10 -0
- data/docs/resources/nginx.md.erb +10 -0
- data/docs/resources/nginx_conf.md.erb +10 -0
- data/docs/resources/npm.md.erb +10 -0
- data/docs/resources/ntp_conf.md.erb +10 -0
- data/docs/resources/oneget.md.erb +10 -0
- data/docs/resources/oracledb_session.md.erb +10 -0
- data/docs/resources/os.md.erb +10 -0
- data/docs/resources/os_env.md.erb +10 -0
- data/docs/resources/package.md.erb +10 -0
- data/docs/resources/packages.md.erb +10 -0
- data/docs/resources/parse_config.md.erb +10 -0
- data/docs/resources/parse_config_file.md.erb +10 -0
- data/docs/resources/passwd.md.erb +10 -0
- data/docs/resources/pip.md.erb +10 -0
- data/docs/resources/port.md.erb +10 -0
- data/docs/resources/postgres_conf.md.erb +10 -0
- data/docs/resources/postgres_hba_conf.md.erb +10 -0
- data/docs/resources/postgres_ident_conf.md.erb +10 -0
- data/docs/resources/postgres_session.md.erb +10 -0
- data/docs/resources/powershell.md.erb +10 -0
- data/docs/resources/processes.md.erb +10 -0
- data/docs/resources/rabbitmq_config.md.erb +10 -0
- data/docs/resources/registry_key.md.erb +38 -2
- data/docs/resources/runit_service.md.erb +10 -0
- data/docs/resources/security_policy.md.erb +10 -0
- data/docs/resources/service.md.erb +10 -0
- data/docs/resources/shadow.md.erb +10 -0
- data/docs/resources/ssh_config.md.erb +10 -0
- data/docs/resources/sshd_config.md.erb +10 -0
- data/docs/resources/ssl.md.erb +10 -0
- data/docs/resources/sys_info.md.erb +10 -0
- data/docs/resources/systemd_service.md.erb +10 -0
- data/docs/resources/sysv_service.md.erb +10 -0
- data/docs/resources/upstart_service.md.erb +10 -0
- data/docs/resources/user.md.erb +10 -0
- data/docs/resources/users.md.erb +10 -0
- data/docs/resources/vbscript.md.erb +10 -0
- data/docs/resources/virtualization.md.erb +10 -0
- data/docs/resources/windows_feature.md.erb +10 -0
- data/docs/resources/windows_hotfix.md.erb +10 -0
- data/docs/resources/windows_task.md.erb +10 -0
- data/docs/resources/wmi.md.erb +10 -0
- data/docs/resources/x509_certificate.md.erb +10 -0
- data/docs/resources/xinetd_conf.md.erb +10 -0
- data/docs/resources/xml.md.erb +10 -0
- data/docs/resources/yaml.md.erb +10 -0
- data/docs/resources/yum.md.erb +10 -0
- data/docs/resources/zfs_dataset.md.erb +10 -0
- data/docs/resources/zfs_pool.md.erb +10 -0
- data/lib/inspec/base_cli.rb +2 -2
- data/lib/inspec/cli.rb +3 -2
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/runner.rb +2 -4
- data/lib/inspec/version.rb +1 -1
- data/lib/resource_support/aws.rb +1 -0
- data/lib/resources/aws/aws_ecs_cluster.rb +84 -0
- data/lib/resources/aws/aws_route_table.rb +3 -3
- data/lib/resources/docker.rb +34 -0
- data/lib/resources/docker_plugin.rb +63 -0
- data/lib/resources/iis_app_pool.rb +116 -0
- metadata +6 -2
data/lib/inspec/base_cli.rb
CHANGED
@@ -67,6 +67,8 @@ module Inspec
|
|
67
67
|
def self.profile_options
|
68
68
|
option :profiles_path, type: :string,
|
69
69
|
desc: 'Folder which contains referenced profiles.'
|
70
|
+
option :vendor_cache, type: :string,
|
71
|
+
desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
|
70
72
|
end
|
71
73
|
|
72
74
|
def self.exec_options
|
@@ -83,8 +85,6 @@ module Inspec
|
|
83
85
|
desc: 'Use colors in output.'
|
84
86
|
option :attrs, type: :array,
|
85
87
|
desc: 'Load attributes file (experimental)'
|
86
|
-
option :vendor_cache, type: :string,
|
87
|
-
desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
|
88
88
|
option :create_lockfile, type: :boolean,
|
89
89
|
desc: 'Write out a lockfile based on this execution (unless one already exists)'
|
90
90
|
option :backend_cache, type: :boolean,
|
data/lib/inspec/cli.rb
CHANGED
@@ -34,9 +34,9 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
34
34
|
def json(target)
|
35
35
|
o = opts.dup
|
36
36
|
diagnose(o)
|
37
|
-
o[:ignore_supports] = true
|
38
37
|
o[:backend] = Inspec::Backend.create(target: 'mock://')
|
39
38
|
o[:check_mode] = true
|
39
|
+
o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
|
40
40
|
|
41
41
|
profile = Inspec::Profile.for_target(target, o)
|
42
42
|
info = profile.info
|
@@ -67,9 +67,9 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
67
67
|
def check(path) # rubocop:disable Metrics/AbcSize
|
68
68
|
o = opts.dup
|
69
69
|
diagnose(o)
|
70
|
-
o[:ignore_supports] = true # we check for integrity only
|
71
70
|
o[:backend] = Inspec::Backend.create(target: 'mock://')
|
72
71
|
o[:check_mode] = true
|
72
|
+
o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
|
73
73
|
|
74
74
|
# run check
|
75
75
|
profile = Inspec::Profile.for_target(path, o)
|
@@ -140,6 +140,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
140
140
|
o[:logger] = Logger.new(STDOUT)
|
141
141
|
o[:logger].level = get_log_level(o.log_level)
|
142
142
|
o[:backend] = Inspec::Backend.create(target: 'mock://')
|
143
|
+
o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
|
143
144
|
|
144
145
|
profile = Inspec::Profile.for_target(path, o)
|
145
146
|
result = profile.check
|
data/lib/inspec/resource.rb
CHANGED
@@ -128,6 +128,7 @@ require 'resources/directory'
|
|
128
128
|
require 'resources/docker'
|
129
129
|
require 'resources/docker_container'
|
130
130
|
require 'resources/docker_image'
|
131
|
+
require 'resources/docker_plugin'
|
131
132
|
require 'resources/docker_service'
|
132
133
|
require 'resources/elasticsearch'
|
133
134
|
require 'resources/etc_fstab'
|
@@ -143,6 +144,7 @@ require 'resources/grub_conf'
|
|
143
144
|
require 'resources/host'
|
144
145
|
require 'resources/http'
|
145
146
|
require 'resources/iis_app'
|
147
|
+
require 'resources/iis_app_pool'
|
146
148
|
require 'resources/iis_site'
|
147
149
|
require 'resources/inetd_conf'
|
148
150
|
require 'resources/interface'
|
data/lib/inspec/runner.rb
CHANGED
@@ -39,7 +39,6 @@ module Inspec
|
|
39
39
|
@target_profiles = []
|
40
40
|
@controls = @conf[:controls] || []
|
41
41
|
@depends = @conf[:depends] || []
|
42
|
-
@ignore_supports = @conf[:ignore_supports]
|
43
42
|
@create_lockfile = @conf[:create_lockfile]
|
44
43
|
@cache = Inspec::Cache.new(@conf[:vendor_cache])
|
45
44
|
|
@@ -108,7 +107,8 @@ module Inspec
|
|
108
107
|
return if @conf['reporter'].nil?
|
109
108
|
|
110
109
|
@conf['reporter'].each do |reporter|
|
111
|
-
Inspec::Reporters.render(reporter, run_data)
|
110
|
+
result = Inspec::Reporters.render(reporter, run_data)
|
111
|
+
raise Inspec::ReporterError, "Error generating reporter '#{reporter[0]}'" if result == false
|
112
112
|
end
|
113
113
|
end
|
114
114
|
|
@@ -196,8 +196,6 @@ module Inspec
|
|
196
196
|
end
|
197
197
|
|
198
198
|
def supports_profile?(profile)
|
199
|
-
return true if @ignore_supports
|
200
|
-
|
201
199
|
if !profile.supports_runtime?
|
202
200
|
raise 'This profile requires InSpec version '\
|
203
201
|
"#{profile.metadata.inspec_requirement}. You are running "\
|
data/lib/inspec/version.rb
CHANGED
data/lib/resource_support/aws.rb
CHANGED
@@ -21,6 +21,7 @@ require 'resources/aws/aws_config_recorder'
|
|
21
21
|
require 'resources/aws/aws_ec2_instance'
|
22
22
|
require 'resources/aws/aws_flow_log'
|
23
23
|
require 'resources/aws/aws_ec2_instances'
|
24
|
+
require 'resources/aws/aws_ecs_cluster'
|
24
25
|
require 'resources/aws/aws_elb'
|
25
26
|
require 'resources/aws/aws_elbs'
|
26
27
|
require 'resources/aws/aws_iam_access_key'
|
@@ -0,0 +1,84 @@
|
|
1
|
+
class AwsEcsCluster < Inspec.resource(1)
|
2
|
+
name 'aws_ecs_cluster'
|
3
|
+
desc 'Verifies settings for an ECS cluster'
|
4
|
+
|
5
|
+
example <<-EOX
|
6
|
+
describe aws_ecs_cluster('default') do
|
7
|
+
it { should exist }
|
8
|
+
end
|
9
|
+
EOX
|
10
|
+
supports platform: 'aws'
|
11
|
+
|
12
|
+
include AwsSingularResourceMixin
|
13
|
+
attr_reader :cluster_arn, :cluster_name, :status,
|
14
|
+
:registered_container_instances_count, :running_tasks_count,
|
15
|
+
:pending_tasks_count, :active_services_count, :statistics
|
16
|
+
|
17
|
+
def to_s
|
18
|
+
"AWS ECS cluster #{cluster_name}"
|
19
|
+
end
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def validate_params(raw_params)
|
24
|
+
validated_params = check_resource_param_names(
|
25
|
+
raw_params: raw_params,
|
26
|
+
allowed_params: [:cluster_name],
|
27
|
+
allowed_scalar_name: :cluster_name,
|
28
|
+
allowed_scalar_type: String,
|
29
|
+
)
|
30
|
+
|
31
|
+
validated_params
|
32
|
+
end
|
33
|
+
|
34
|
+
def fetch_from_api
|
35
|
+
backend = BackendFactory.create(inspec_runner)
|
36
|
+
begin
|
37
|
+
# Use default cluster if no cluster name is specified
|
38
|
+
params = cluster_name.nil? ? {} : { clusters: [cluster_name] }
|
39
|
+
clusters = backend.describe_clusters(params).clusters
|
40
|
+
|
41
|
+
# Cluster name is unique, we either get back one cluster, or none
|
42
|
+
if clusters.length == 1
|
43
|
+
@exists = true
|
44
|
+
unpack_describe_clusters_response(clusters.first)
|
45
|
+
else
|
46
|
+
@exists = false
|
47
|
+
populate_as_missing
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def unpack_describe_clusters_response(cluster_struct)
|
53
|
+
@cluster_arn = cluster_struct.cluster_arn
|
54
|
+
@cluster_name = cluster_struct.cluster_name
|
55
|
+
@status = cluster_struct.status
|
56
|
+
@registered_container_instances_count = cluster_struct.registered_container_instances_count
|
57
|
+
@running_tasks_count = cluster_struct.running_tasks_count
|
58
|
+
@pending_tasks_count = cluster_struct.pending_tasks_count
|
59
|
+
@active_services_count = cluster_struct.active_services_count
|
60
|
+
@statistics = cluster_struct.statistics
|
61
|
+
end
|
62
|
+
|
63
|
+
def populate_as_missing
|
64
|
+
@cluster_arn = ''
|
65
|
+
@cluster_name = ''
|
66
|
+
@status = ''
|
67
|
+
@registered_container_instances_count = 0
|
68
|
+
@running_tasks_count = 0
|
69
|
+
@pending_tasks_count = 0
|
70
|
+
@active_services_count = 0
|
71
|
+
@statistics = []
|
72
|
+
end
|
73
|
+
|
74
|
+
class Backend
|
75
|
+
class AwsClientApi < AwsBackendBase
|
76
|
+
BackendFactory.set_default_backend(self)
|
77
|
+
self.aws_client_class = Aws::ECS::Client
|
78
|
+
|
79
|
+
def describe_clusters(query = {})
|
80
|
+
aws_service_client.describe_clusters(query)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
@@ -3,7 +3,7 @@ class AwsRouteTable < Inspec.resource(1)
|
|
3
3
|
desc 'Verifies settings for an AWS Route Table'
|
4
4
|
example "
|
5
5
|
describe aws_route_table do
|
6
|
-
its('route_table_id') { should cmp 'rtb-
|
6
|
+
its('route_table_id') { should cmp 'rtb-05462d2278326a79c' }
|
7
7
|
end
|
8
8
|
"
|
9
9
|
supports platform: 'aws'
|
@@ -27,10 +27,10 @@ class AwsRouteTable < Inspec.resource(1)
|
|
27
27
|
)
|
28
28
|
|
29
29
|
if validated_params.key?(:route_table_id) &&
|
30
|
-
validated_params[:route_table_id] !~ /^rtb\-[0-9a-f]{8}$/
|
30
|
+
validated_params[:route_table_id] !~ /^rtb\-([0-9a-f]{17})|(^rtb\-[0-9a-f]{8})$/
|
31
31
|
raise ArgumentError,
|
32
32
|
'aws_route_table Route Table ID must be in the' \
|
33
|
-
' format "rtb-" followed by 8 hexadecimal characters.'
|
33
|
+
' format "rtb-" followed by 8 or 17 hexadecimal characters.'
|
34
34
|
end
|
35
35
|
|
36
36
|
validated_params
|
data/lib/resources/docker.rb
CHANGED
@@ -52,6 +52,20 @@ module Inspec::Resources
|
|
52
52
|
end
|
53
53
|
end
|
54
54
|
|
55
|
+
class DockerPluginFilter
|
56
|
+
filter = FilterTable.create
|
57
|
+
filter.add(:ids, field: 'id')
|
58
|
+
.add(:names, field: 'name')
|
59
|
+
.add(:versions, field: 'version')
|
60
|
+
.add(:enabled, field: 'enabled')
|
61
|
+
filter.connect(self, :plugins)
|
62
|
+
|
63
|
+
attr_reader :plugins
|
64
|
+
def initialize(plugins)
|
65
|
+
@plugins = plugins
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
55
69
|
class DockerServiceFilter
|
56
70
|
filter = FilterTable.create
|
57
71
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
@@ -89,6 +103,10 @@ module Inspec::Resources
|
|
89
103
|
its('repositories') { should_not include 'inssecure_image' }
|
90
104
|
end
|
91
105
|
|
106
|
+
describe docker.plugins.where { name == 'rexray/ebs' } do
|
107
|
+
it { should exist }
|
108
|
+
end
|
109
|
+
|
92
110
|
describe docker.services do
|
93
111
|
its('images') { should_not include 'inssecure_image' }
|
94
112
|
end
|
@@ -119,6 +137,10 @@ module Inspec::Resources
|
|
119
137
|
DockerImageFilter.new(parse_images)
|
120
138
|
end
|
121
139
|
|
140
|
+
def plugins
|
141
|
+
DockerPluginFilter.new(parse_plugins)
|
142
|
+
end
|
143
|
+
|
122
144
|
def services
|
123
145
|
DockerServiceFilter.new(parse_services)
|
124
146
|
end
|
@@ -226,5 +248,17 @@ module Inspec::Resources
|
|
226
248
|
warn 'Could not parse `docker images` output'
|
227
249
|
[]
|
228
250
|
end
|
251
|
+
|
252
|
+
def parse_plugins
|
253
|
+
plugins = inspec.command('docker plugin ls --format \'{"id": {{json .ID}}, "name": "{{ with split .Name ":"}}{{index . 0}}{{end}}", "version": "{{ with split .Name ":"}}{{index . 1}}{{end}}", "enabled": {{json .Enabled}} }\'').stdout
|
254
|
+
c_plugins = []
|
255
|
+
plugins.each_line { |entry|
|
256
|
+
c_plugins.push(JSON.parse(entry))
|
257
|
+
}
|
258
|
+
c_plugins
|
259
|
+
rescue JSON::ParserError => _e
|
260
|
+
warn 'Could not parse `docker plugin ls` output'
|
261
|
+
[]
|
262
|
+
end
|
229
263
|
end
|
230
264
|
end
|
@@ -0,0 +1,63 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
module Inspec::Resources
|
4
|
+
class DockerPlugin < Inspec.resource(1)
|
5
|
+
name 'docker_plugin'
|
6
|
+
supports platform: 'unix'
|
7
|
+
desc 'Retrieves info about docker plugins'
|
8
|
+
example "
|
9
|
+
describe docker_plugin('rexray/ebs') do
|
10
|
+
it { should exist }
|
11
|
+
its('id') { should_not eq '0ac30b93ad40' }
|
12
|
+
its('version') { should eq '0.11.1' }
|
13
|
+
it { should be_enabled }
|
14
|
+
end
|
15
|
+
|
16
|
+
describe docker_plugin('alpine:latest') do
|
17
|
+
it { should exist }
|
18
|
+
end
|
19
|
+
|
20
|
+
describe docker_plugin(id: '4a415e366388') do
|
21
|
+
it { should exist }
|
22
|
+
end
|
23
|
+
"
|
24
|
+
|
25
|
+
def initialize(opts = {})
|
26
|
+
# do sanitizion of input values
|
27
|
+
o = opts.dup
|
28
|
+
o = { name: opts } if opts.is_a?(String)
|
29
|
+
@opts = o
|
30
|
+
end
|
31
|
+
|
32
|
+
def exist?
|
33
|
+
object_info.entries.size == 1
|
34
|
+
end
|
35
|
+
|
36
|
+
def enabled?
|
37
|
+
object_info.enabled[0]
|
38
|
+
end
|
39
|
+
|
40
|
+
def id
|
41
|
+
object_info.ids[0] if object_info.entries.size == 1
|
42
|
+
end
|
43
|
+
|
44
|
+
def version
|
45
|
+
object_info.versions[0] if object_info.entries.size == 1
|
46
|
+
end
|
47
|
+
|
48
|
+
def to_s
|
49
|
+
plugin = @opts[:name] || @opts[:id]
|
50
|
+
"Docker plugin #{plugin}"
|
51
|
+
end
|
52
|
+
|
53
|
+
private
|
54
|
+
|
55
|
+
def object_info
|
56
|
+
return @info if defined?(@info)
|
57
|
+
opts = @opts
|
58
|
+
@info = inspec.docker.plugins.where {
|
59
|
+
(name == opts[:name]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id]))
|
60
|
+
}
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
@@ -0,0 +1,116 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
# frozen_string_literal: true
|
3
|
+
# check for web applications in IIS
|
4
|
+
# Note: this is only supported in windows 2012 and later
|
5
|
+
|
6
|
+
class IisAppPool < Inspec.resource(1)
|
7
|
+
name 'iis_app_pool'
|
8
|
+
desc 'Tests IIS application pool configuration on windows.'
|
9
|
+
example "
|
10
|
+
describe iis_app_pool('DefaultAppPool') do
|
11
|
+
it { should exist }
|
12
|
+
its('enable32bit') { should cmp 'True' }
|
13
|
+
its('runtime_version') { should eq 'v4.0' }
|
14
|
+
its('pipeline_mode') { should eq 'Integrated' }
|
15
|
+
end
|
16
|
+
"
|
17
|
+
|
18
|
+
def initialize(pool_name)
|
19
|
+
@pool_name = pool_name
|
20
|
+
@pool_path = "IIS:\\AppPools\\#{@pool_name}"
|
21
|
+
@cache = nil
|
22
|
+
|
23
|
+
# verify that this resource is only supported on Windows
|
24
|
+
return skip_resource 'The `iis_app_pool` resource is not supported on your OS.' unless inspec.os.windows?
|
25
|
+
end
|
26
|
+
|
27
|
+
def pool_name
|
28
|
+
iis_app_pool[:pool_name]
|
29
|
+
end
|
30
|
+
|
31
|
+
def runtime_version
|
32
|
+
iis_app_pool[:version]
|
33
|
+
end
|
34
|
+
|
35
|
+
def enable32bit
|
36
|
+
iis_app_pool[:e32b]
|
37
|
+
end
|
38
|
+
|
39
|
+
def pipeline_mode
|
40
|
+
iis_app_pool[:mode]
|
41
|
+
end
|
42
|
+
|
43
|
+
def max_processes
|
44
|
+
iis_app_pool[:processes]
|
45
|
+
end
|
46
|
+
|
47
|
+
def timeout
|
48
|
+
iis_app_pool[:timeout]
|
49
|
+
end
|
50
|
+
|
51
|
+
def timeout_days
|
52
|
+
iis_app_pool[:timeout_days]
|
53
|
+
end
|
54
|
+
|
55
|
+
def timeout_hours
|
56
|
+
iis_app_pool[:timeout_hours]
|
57
|
+
end
|
58
|
+
|
59
|
+
def timeout_minutes
|
60
|
+
iis_app_pool[:timeout_minutes]
|
61
|
+
end
|
62
|
+
|
63
|
+
def timeout_seconds
|
64
|
+
iis_app_pool[:timeout_seconds]
|
65
|
+
end
|
66
|
+
|
67
|
+
def user_identity_type
|
68
|
+
iis_app_pool[:user_identity_type]
|
69
|
+
end
|
70
|
+
|
71
|
+
def username
|
72
|
+
iis_app_pool[:username]
|
73
|
+
end
|
74
|
+
|
75
|
+
def exists?
|
76
|
+
!iis_app_pool[:pool_name].empty?
|
77
|
+
end
|
78
|
+
|
79
|
+
def to_s
|
80
|
+
"iis_app_pool '#{@pool_name}'"
|
81
|
+
end
|
82
|
+
|
83
|
+
private
|
84
|
+
|
85
|
+
# I cannot think of a way to shorten this method
|
86
|
+
# rubocop:disable Metrics/AbcSize
|
87
|
+
def iis_app_pool
|
88
|
+
return @cache unless @cache.nil?
|
89
|
+
|
90
|
+
command = "Import-Module WebAdministration; Get-Item '#{@pool_path}' | Select-Object * | ConvertTo-Json"
|
91
|
+
cmd = inspec.command(command)
|
92
|
+
|
93
|
+
begin
|
94
|
+
pool = JSON.parse(cmd.stdout)
|
95
|
+
rescue JSON::ParserError => _e
|
96
|
+
raise Inspec::Exceptions::ResourceFailed, 'Unable to parse app pool JSON'
|
97
|
+
end
|
98
|
+
|
99
|
+
# map our values to a hash table
|
100
|
+
@cache = {
|
101
|
+
pool_name: pool['name'],
|
102
|
+
version: pool['managedRuntimeVersion'],
|
103
|
+
e32b: pool['enable32BitAppOnWin64'],
|
104
|
+
mode: pool['managedPipelineMode'],
|
105
|
+
processes: pool['processModel']['maxProcesses'],
|
106
|
+
timeout: "#{pool['processModel']['idleTimeout']['Hours']}:#{pool['processModel']['idleTimeout']['Minutes']}:#{pool['processModel']['idleTimeout']['Seconds']}",
|
107
|
+
timeout_days: pool['processModel']['idleTimeout']['Days'],
|
108
|
+
timeout_hours: pool['processModel']['idleTimeout']['Hours'],
|
109
|
+
timeout_minutes: pool['processModel']['idleTimeout']['Minutes'],
|
110
|
+
timeout_seconds: pool['processModel']['idleTimeout']['Seconds'],
|
111
|
+
user_identity_type: pool['processModel']['identityType'],
|
112
|
+
username: pool['processModel']['userName'],
|
113
|
+
}
|
114
|
+
end
|
115
|
+
# rubocop:enable Metrics/AbcSize
|
116
|
+
end
|