inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,57 +0,0 @@
1
- ---
2
- title: About the audit_policy Resource
3
- platform: linux
4
- ---
5
-
6
- # audit_policy
7
-
8
- Use the `audit_policy` InSpec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An `audit_policy` resource block declares a parameter that belongs to an audit policy category or subcategory:
25
-
26
- describe audit_policy do
27
- its('parameter') { should eq 'value' }
28
- end
29
-
30
- where
31
-
32
- * `'parameter'` must specify a parameter
33
- * `'value'` must be one of `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`
34
-
35
- <br>
36
-
37
- ## Examples
38
-
39
- The following examples show how to use this InSpec audit resource.
40
-
41
- ### Test that a parameter is not set to "No Auditing"
42
-
43
- describe audit_policy do
44
- its('Other Account Logon Events') { should_not eq 'No Auditing' }
45
- end
46
-
47
- ### Test that a parameter is set to "Success"
48
-
49
- describe audit_policy do
50
- its('User Account Management') { should eq 'Success' }
51
- end
52
-
53
- <br>
54
-
55
- ## Matchers
56
-
57
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,89 +0,0 @@
1
- ---
2
- title: About the auditd Resource
3
- platform: linux
4
- ---
5
-
6
- # auditd
7
-
8
- Use the `auditd` InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditctl -l command. This resource supports versions of `audit` >= 2.3.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.38.8 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An `auditd` resource block declares one (or more) rules to be tested, and then what that rule should do:
25
-
26
- describe auditd do
27
- its('lines') { should include %r(-w /etc/ssh/sshd_config) }
28
- end
29
-
30
- or test that multiple individual rules are defined:
31
-
32
- describe auditd do
33
- its('lines') { should include %r(-a always,exit -F arch=.* -S init_module,delete_module -F key=modules) }
34
- its('lines') { should include %r(-a always,exit -F arch=.* -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=-1 -F key=.+) }
35
- end
36
-
37
- where each test must declare one (or more) rules to be tested.
38
-
39
- <br>
40
-
41
- ## Examples
42
-
43
- The following examples show how to use this InSpec audit resource.
44
-
45
- ### Test if a rule contains a matching element that is identified by a regular expression
46
-
47
- For `audit` >= 2.3:
48
-
49
- describe auditd do
50
- its('lines') { should include %r(-a always,exit -F arch=.* -S chown.* -F auid>=1000 -F auid!=-1 -F key=perm_mod) }
51
- end
52
-
53
- ### Query the audit daemon status
54
-
55
- describe auditd.status('backlog') do
56
- it { should cmp 0 }
57
- end
58
-
59
- ### Query properties of rules targeting specific syscalls or files - uniq is used to handle multiple rules for the same syscall with redundant field values
60
-
61
- describe auditd.syscall('open') do
62
- its('action.uniq') { should eq ['always'] }
63
- its('list.uniq') { should eq ['exit'] }
64
- end
65
-
66
- describe auditd.file('/etc/sudoers') do
67
- its('permissions') { should include ['x'] }
68
- end
69
-
70
- The where accessor can be used to filter on fields. For example:
71
-
72
- describe auditd.syscall('chown').where { arch == "b32" } do
73
- its('action') { should eq ['always'] }
74
- its('list') { should eq ['exit'] }
75
- its('exit') { should include ['-EACCES'] }
76
- its('exit') { should include ['-EPERM'] }
77
- end
78
-
79
- The key filter may be useful in evaluating rules with particular key values:
80
-
81
- describe auditd.where { key == "privileged" } do
82
- its('permissions') { should include ['x'] }
83
- end
84
-
85
- <br>
86
-
87
- ## Matchers
88
-
89
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,78 +0,0 @@
1
- ---
2
- title: About the auditd_conf Resource
3
- platform: linux
4
- ---
5
-
6
- # auditd_conf
7
-
8
- Use the `auditd_conf` InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under `/etc/audit/auditd.conf'` on Unix and Linux platforms.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `auditd_conf` resource block declares configuration settings that should be tested:
25
-
26
- describe auditd_conf('path') do
27
- its('keyword') { should cmp 'value' }
28
- end
29
-
30
- where
31
-
32
- * `'keyword'` is a configuration setting defined in the `auditd.conf` configuration file
33
- * `('path')` is the non-default path to the `auditd.conf` configuration file
34
- * `{ should cmp 'value' }` is the value that is expected
35
-
36
- <br>
37
-
38
- ## Properties
39
-
40
- This matcher will match any property listed in the `auditd.conf` configuration file. Property names and expected values are case-insensitive:
41
-
42
- * `admin_space_left`, `admin_space_left_action`, `action_mail_acct`, `disk_error_action`, `disk_full_action`, `flush`, `freq`, `log_file`, `log_format`, `max_log_file`, `max_log_file_action`, `num_logs`, `space_left`, `space_left_action`
43
-
44
- ## Property Examples
45
-
46
- The following examples show how to use this InSpec audit resource.
47
-
48
- ### Test the auditd.conf file
49
-
50
- describe auditd_conf do
51
- its('log_file') { should cmp '/full/path/to/file' }
52
- its('log_format') { should cmp 'raw' }
53
- its('flush') { should cmp 'none' }
54
- its('freq') { should cmp 1 }
55
- its('num_logs') { should cmp 0 }
56
- its('max_log_file') { should cmp 6 }
57
- its('max_log_file_action') { should cmp 'email' }
58
- its('space_left') { should cmp 2 }
59
- its('action_mail_acct') { should cmp 'root' }
60
- its('space_left_action') { should cmp 'email' }
61
- its('admin_space_left') { should cmp 1 }
62
- its('admin_space_left_action') { should cmp 'halt' }
63
- its('disk_full_action') { should cmp 'halt' }
64
- its('disk_error_action') { should cmp 'halt' }
65
- end
66
-
67
- <br>
68
-
69
- ## Matchers
70
-
71
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
72
-
73
- ### `cmp`
74
-
75
- The `cmp` matcher compares values across types.
76
-
77
- its('freq') { should cmp 1 }
78
-
@@ -1,165 +0,0 @@
1
- ---
2
- title: About the aws_cloudtrail_trail Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_cloudtrail\_trail
7
-
8
- Use the `aws_cloudtrail_trail` InSpec audit resource to test properties of a single AWS Cloudtrail Trail.
9
-
10
- AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
11
-
12
- Each AWS Cloudtrail Trail is uniquely identified by its `trail_name` or `trail_arn`.
13
-
14
- <br>
15
-
16
- ## Availability
17
-
18
- ### Installation
19
-
20
- This resource is distributed along with InSpec itself. You can use it automatically.
21
-
22
- ### Version
23
-
24
- This resource first became available in v2.0.16 of InSpec.
25
-
26
- ## Syntax
27
-
28
- An `aws_cloudtrail_trail` resource block identifies a trail by `trail_name`.
29
-
30
- # Find a trail by name
31
- describe aws_cloudtrail_trail('trail-name') do
32
- it { should exist }
33
- end
34
-
35
- # Hash syntax for trail name
36
- describe aws_cloudtrail_trail(trail_name: 'trail-name') do
37
- it { should exist }
38
- end
39
-
40
- <br>
41
-
42
- ## Examples
43
-
44
- The following examples show how to use this InSpec audit resource.
45
-
46
- ### Test that the specified trail does exist
47
-
48
- describe aws_cloudtrail_trail('trail-name') do
49
- it { should exist }
50
- end
51
-
52
- ### Test that the specified trail is encrypted using SSE-KMS
53
-
54
- describe aws_cloudtrail_trail('trail-name') do
55
- it { should be_encrypted }
56
- end
57
-
58
- ### Test that the specified trail is a multi-region trail
59
-
60
- describe aws_cloudtrail_trail('trail-name') do
61
- it { should be_multi_region_trail }
62
- end
63
-
64
- <br>
65
-
66
- ## Properties
67
-
68
- * `s3_bucket_name`, `trail_arn`, `cloud_watch_logs_role_arn`, `cloud_watch_logs_log_group_arn`, `kms_key_id`, `home_region`,
69
-
70
- <br>
71
-
72
- ## Property Examples
73
-
74
- ### s3\_bucket\_name
75
-
76
- Specifies the name of the Amazon S3 bucket designated for publishing log files.
77
-
78
- describe aws_cloudtrail_trail('trail-name') do
79
- its('s3_bucket_name') { should cmp "s3-bucket-name" }
80
- end
81
-
82
- ### trail\_arn
83
-
84
- The ARN identifier of the specified trail. An ARN uniquely identifies the trail within AWS.
85
-
86
- describe aws_cloudtrail_trail('trail-name') do
87
- its('trail_arn') { should cmp "arn:aws:cloudtrail:us-east-1:484747447281:trail/trail-name" }
88
- end
89
-
90
- ### cloud\_watch\_logs\_role\_arn
91
-
92
- Specifies the role for the CloudWatch Logs endpoint to assume to write to a user\'s log group.
93
-
94
- describe aws_cloudtrail_trail('trail-name') do
95
- its('cloud_watch_logs_role_arn') { should include "arn:aws:iam:::role/CloudTrail_CloudWatchLogs_Role" }
96
- end
97
-
98
- ### cloud\_watch\_logs\_log\_group\_arn
99
-
100
- Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered.
101
-
102
- describe aws_cloudtrail_trail('trail-name') do
103
- its('cloud_watch_logs_log_group_arn') { should include "arn:aws:logs:us-east-1::log-group:test:*" }
104
- end
105
-
106
- ### kms\_key\_id
107
-
108
- Specifies the KMS key ID to used to encrypt the logs delivered by CloudTrail.
109
-
110
- describe aws_cloudtrail_trail('trail-name') do
111
- its('kms_key_id') { should include "key-arn" }
112
- end
113
-
114
- ### home\_region
115
-
116
- Specifies the region in which the trail was created.
117
-
118
- describe aws_cloudtrail_trail('trail-name') do
119
- its('home_region') { should include "us-east-1" }
120
- end
121
-
122
- ### delivered\_logs\_days\_ago
123
-
124
- Specifies the number of days ago the CloudTrail delivered logs to CloudWatch Logs.
125
-
126
- # Ensure the latest delivery time was recent
127
- describe aws_cloudtrail_trail('trail-name') do
128
- its('delivered_logs_days_ago') { should eq 0 }
129
- end
130
-
131
- <br>
132
-
133
- ## Matchers
134
-
135
- This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
136
-
137
- ### be\_multi\_region\_trail
138
-
139
- The test will pass if the identified trail is a multi-region trail.
140
-
141
- describe aws_cloudtrail_trail('trail-name') do
142
- it { should be_multi_region_trail }
143
- end
144
-
145
- ### be\_encrypted
146
-
147
- The test will pass if the logs delivered by the identified trail is encrypted.
148
-
149
- describe aws_cloudtrail_trail('trail-name') do
150
- it { should be_encrypted }
151
- end
152
-
153
- ### be\_log\_file\_validation\_enabled
154
-
155
- The test will pass if the identified trail has log file integrity validation is enabled.
156
-
157
- describe aws_cloudtrail_trail('trail-name') do
158
- it { should be_log_file_validation_enabled }
159
- end
160
-
161
- ## AWS Permissions
162
-
163
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `cloudtrail:DescribeTrails` action with Effect set to Allow.
164
-
165
- You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awscloudtrail.html).
@@ -1,96 +0,0 @@
1
- ---
2
- title: About the aws_cloudtrail_trails Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_cloudtrail\_trails
7
-
8
- Use the `aws_cloudtrail_trails` InSpec audit resource to test properties of some or all AWS CloudTrail Trails.
9
-
10
- AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
11
-
12
- Each AWS CloudTrail Trails is uniquely identified by its trail name or trail arn.
13
-
14
- <br>
15
-
16
- ## Availability
17
-
18
- ### Installation
19
-
20
- This resource is distributed along with InSpec itself. You can use it automatically.
21
-
22
- ### Version
23
-
24
- This resource first became available in v2.0.16 of InSpec.
25
-
26
- ## Syntax
27
-
28
- An `aws_cloudtrail_trails` resource block collects a group of CloudTrail Trails and then tests that group.
29
-
30
- # Verify the number of CloudTrail Trails in the AWS account
31
- describe aws_cloudtrail_trails do
32
- its('entries.count') { should cmp 10 }
33
- end
34
-
35
- <br>
36
-
37
- ## Examples
38
-
39
- The following examples show how to use this InSpec audit resource.
40
-
41
- As this is the initial release of `aws_cloudtrail_trails`, its limited functionality precludes examples.
42
-
43
- <br>
44
-
45
- ## Properties
46
- * `entries`, `names`, `trail_arns`
47
-
48
- <br>
49
-
50
- ## Property Examples
51
-
52
- ### entries
53
-
54
- Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.
55
-
56
- # Allow at most 100 CloudTrail Trails on the account
57
- describe aws_cloudtrail_trails do
58
- its('entries.count') { should be <= 100}
59
- end
60
-
61
- ### names
62
-
63
- Provides a list of trail names for all CloudTrail Trails in the AWS account.
64
-
65
- describe aws_cloudtrail_trails do
66
- its('names') { should include('trail-1') }
67
- end
68
-
69
- ### trail\_arns
70
-
71
- Provides a list of trail arns for all CloudTrail Trails in the AWS account.
72
-
73
- describe aws_cloudtrail_trails do
74
- its('trail_arns') { should include('arn:aws:cloudtrail:us-east-1::trail/trail-1') }
75
- end
76
-
77
- <br>
78
-
79
- ## Matchers
80
-
81
- This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
82
-
83
- ### exists
84
-
85
- The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
86
-
87
- # Verify that at least one CloudTrail Trail exists.
88
- describe aws_cloudtrail_trails
89
- it { should exist }
90
- end
91
-
92
- ## AWS Permissions
93
-
94
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `cloudtrail:DescribeTrails` action with Effect set to Allow.
95
-
96
- You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awscloudtrail.html).