inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,77 +0,0 @@
1
- ---
2
- title: About the bsd_service Resource
3
- platform: linux
4
- ---
5
-
6
- # bsd_service
7
-
8
- Use the `bsd_service` InSpec audit resource to test a service using a Berkeley OS-style `init` on the FreeBSD platform.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `bsd_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
25
-
26
- describe bsd_service('service_name') do
27
- it { should be_installed }
28
- it { should be_enabled }
29
- it { should be_running }
30
- end
31
-
32
- where
33
-
34
- * `('service_name')` must specify a service name
35
- * `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource.
36
-
37
- ### Using `bsd_service` resource parameters
38
-
39
- #### Path
40
-
41
- The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example:
42
-
43
- describe bsd_service('service_name', '/path/to/control') do
44
- it { should be_enabled }
45
- it { should be_installed }
46
- it { should be_running }
47
- end
48
-
49
- <br>
50
-
51
- ## Properties
52
-
53
- All properties available to the `service` resource may be used.
54
-
55
- <br>
56
-
57
- ## Matchers
58
-
59
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
60
-
61
- ### be_enabled
62
-
63
- The `be_enabled` matcher tests if the named service is enabled:
64
-
65
- it { should be_enabled }
66
-
67
- ### be_installed
68
-
69
- The `be_installed` matcher tests if the named service is installed:
70
-
71
- it { should be_installed }
72
-
73
- ### be_running
74
-
75
- The `be_running` matcher tests if the named service is running:
76
-
77
- it { should be_running }
@@ -1,68 +0,0 @@
1
- ---
2
- title: About the chocolatey_package Resource
3
- platform: windows
4
- ---
5
-
6
- # chocolatey_package
7
-
8
- Use the `chocolatey_package` InSpec audit resource to test if the named [Chocolatey](https://chocolatey.org/) package and/or package version is installed on the system.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v2.1.30 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `chocolatey_package` resource block declares the name of a Chocolatey package to be tested:
25
-
26
- describe chocolatey_package('name') do
27
- it { should be_installed }
28
- end
29
-
30
- where
31
-
32
- * `('name')` must specify the (case-sensitive) name of a package, such as `'nssm'`
33
- * `be_installed` is a valid matcher for this resource
34
-
35
- <br>
36
-
37
- ## Examples
38
-
39
- The following examples show how to use this InSpec audit resource
40
-
41
- ### Test if NSSM version 2.1.0 is installed
42
-
43
- describe chocolatey_package('nssm') do
44
- it { should be_installed }
45
- its('version') { should eq '2.1.0' }
46
- end
47
-
48
- ## Matchers
49
-
50
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers).
51
-
52
- ### be_installed
53
-
54
- The `be_installed` matcher tests if the named package is installed at all.
55
-
56
- it { should be_installed }
57
-
58
- ### version
59
-
60
- The `version` matcher tests if the named package version is on the system:
61
-
62
- its('version') { should eq '2.1.0' }
63
-
64
- You can also use the `cmp OPERATOR` matcher to perform comparisons using the version attribute:
65
-
66
- its('version') { should cmp >= '1.93.4-13debug84' }
67
-
68
- `cmp` understands version numbers using Gem::Version, and can use the operators `==, <, <=, >=, and >`. It will compare versions by each segment, not as a string - so '7.4' is smaller than '7.30', for example.
@@ -1,176 +0,0 @@
1
- ---
2
- title: About the command Resource
3
- platform: os
4
- ---
5
-
6
- # command
7
-
8
- Use the `command` InSpec audit resource to test an arbitrary command that is run on the system.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `command` resource block declares a command to be run, one (or more) expected values, and the location to which that output is sent:
25
-
26
- describe command('command') do
27
- it { should exist }
28
- its('property') { should eq 'value' }
29
- end
30
-
31
- where
32
-
33
- * `'command'` must specify a command to be run
34
- * `'property'` is one of `exit_status`, `stderr`, or `stdout`
35
- * `'output'` tests the output of the command run on the system versus the output value stated in the test
36
-
37
- <br>
38
-
39
- ## Property Examples
40
-
41
- The following examples show how to use this InSpec audit resource.
42
-
43
- ### exit_status
44
-
45
- The `exit_status` property tests the exit status for the command:
46
-
47
- its('exit_status') { should eq 123 }
48
-
49
- ### stderr
50
-
51
- The `stderr` property tests results of the command as returned in standard error (stderr):
52
-
53
- its('stderr') { should eq 'error' }
54
-
55
- ### stdout
56
-
57
- The `stdout` property tests results of the command as returned in standard output (stdout). The following example shows matching output using a regular expression:
58
-
59
- describe command('echo 1') do
60
- its('stdout') { should match (/[0-9]/) }
61
- end
62
-
63
- ### Test standard output (stdout)
64
-
65
- describe command('echo hello') do
66
- its('stdout') { should eq "hello\n" }
67
- its('stderr') { should eq '' }
68
- its('exit_status') { should eq 0 }
69
- end
70
-
71
- ### Test standard error (stderr)
72
-
73
- describe command('>&2 echo error') do
74
- its('stdout') { should eq '' }
75
- its('stderr') { should eq "error\n" }
76
- its('exit_status') { should eq 0 }
77
- end
78
-
79
- ### Test an exit status code
80
-
81
- describe command('exit 123') do
82
- its('stdout') { should eq '' }
83
- its('stderr') { should eq '' }
84
- its('exit_status') { should eq 123 }
85
- end
86
-
87
- ### Test if the command shell exists
88
-
89
- describe command('/bin/sh').exist? do
90
- it { should eq true }
91
- end
92
-
93
- ### Test for a command that should not exist
94
-
95
- describe command('this is not existing').exist? do
96
- it { should eq false }
97
- end
98
-
99
- ### Test for PostgreSQL database running a RC, development, or beta release
100
-
101
- describe command('psql -V') do
102
- its('stdout') { should eq '/RC/' }
103
- its('stdout') { should_not eq '/DEVEL/' }
104
- its('stdout') { should_not eq '/BETA/' }
105
- end
106
-
107
- ### Verify NTP
108
-
109
- The following example shows how to use the `file` audit resource to verify if the `ntp.conf` and `leap-seconds` files are present, and then the `command` resource to verify if NTP is installed and running:
110
-
111
- describe file('/etc/ntp.conf') do
112
- it { should be_file }
113
- end
114
-
115
- describe file('/etc/ntp.leapseconds') do
116
- it { should be_file }
117
- end
118
-
119
- describe command('pgrep ntp') do
120
- its('exit_status') { should eq 0 }
121
- end
122
-
123
- ### Verify WiX
124
-
125
- Wix includes several tools -- such as `candle` (preprocesses and compiles source files into object files), `light` (links and binds object files to an installer database), and `heat` (harvests files from various input formats). The following example uses a whitespace array and the `file` audit resource to verify if these three tools are present:
126
-
127
- %w(
128
- candle.exe
129
- heat.exe
130
- light.exe
131
- ).each do |utility|
132
- describe file("C:/wix/##{utility}") do
133
- it { should be_file }
134
- end
135
- end
136
-
137
- ### Redacting Sensitive Commands
138
-
139
- By default the command that is ran is shown in the InSpec output. This can be problematic if the command contains sensitive arguments such as a password. These sensitive parts can be redacted by passing in `redact_regex` and a regular expression to redact. Optionally, you can use 2 capture groups to fine tune what is redacted.
140
-
141
- The following examples show how to use `redact_regex`:
142
-
143
- # Example without capture groups
144
- describe command('myapp -p secretpassword -d no_redact', redact_regex: /-p .* -d/) do
145
- its('exit_status') { should cmp 0 }
146
- end
147
-
148
- # Result (no capture groups used)
149
- Command: `myapp REDACTED no_redact`
150
- ✔ exit_status should cmp == 0
151
-
152
- # Example with capture groups
153
- # Each set of parenthesis is a capture group.
154
- # Anything in the two capture groups will not be 'REDACTED'
155
- describe command('myapp -p secretpassword -d no_redact', redact_regex: /(-p ).*( -d)/) do
156
- its('exit_status') { should cmp 0 }
157
- end
158
-
159
- # Result (capture groups used)
160
- Command: `myapp -p REDACTED -d no_redact`
161
- ✔ exit_status should cmp == 0
162
-
163
- > For more info/help on regular expressions, we recommend [RegExr](https://regexr.com/)
164
-
165
- <br>
166
-
167
- ## Matchers
168
-
169
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
170
-
171
- ### exist
172
-
173
- The `exist` matcher tests if a command may be run on the system:
174
-
175
- it { should exist }
176
-
@@ -1,89 +0,0 @@
1
- ---
2
- title: About the cpan Resource
3
- platform: linux
4
- ---
5
-
6
- # cpan
7
-
8
- Use the `cpan` InSpec audit resource to test Perl modules that are installed by system packages or the CPAN installer.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.43.5 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `cpan` resource block declares a package and (optionally) a package version:
25
-
26
- describe cpan('package_name') do
27
- it { should be_installed }
28
- end
29
-
30
- where
31
-
32
- * `'package_name'` is the name of the package, such as `'DBD::Pg'`
33
- * `be_installed` tests to see if the package described above is installed
34
-
35
- <br>
36
-
37
- ## Resource Parameters
38
-
39
- This resource uses package names and perl library paths as resource parameters.
40
-
41
- <br>
42
-
43
- ## Resource Parameter Examples
44
-
45
- ### Test if DBD::Pg is installed on the system
46
-
47
- describe cpan('DBD:Pg') do
48
- it { should be_installed }
49
- end
50
-
51
- ### Test if DBD::Pg 3.7.0 is installed on the system
52
-
53
- describe cpan('DBD::Pg') do
54
- it { should be_installed }
55
- its('version') { should eq '3.7.0' }
56
- end
57
-
58
- ### Test if DBD::Pg is installed within a custom PERL5LIB path on the system
59
-
60
- Hint: You can pass multiple paths separated with a colon
61
- `/path/to/perl5/lib:/usr/share/perl5/vendor_perl/lib/perl5`
62
-
63
- describe cpan('DBD::Pg', '/home/jdoe/perl5/lib/perl5') do
64
- it { should be_installed }
65
- end
66
-
67
- <br>
68
-
69
- ## Property Examples
70
-
71
- The following examples show how to use this InSpec audit resource.
72
-
73
- ### version
74
-
75
- The `version` property tests if the named package version is on the system:
76
-
77
- its('version') { should eq '1.2.3' }
78
-
79
- <br>
80
-
81
- ## Matchers
82
-
83
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
84
-
85
- ### be_installed
86
-
87
- The `be_installed` matcher tests if the named package is installed on the system:
88
-
89
- it { should be_installed }
@@ -1,74 +0,0 @@
1
- ---
2
- title: About the cran Resource
3
- platform: linux
4
- ---
5
-
6
- # cran
7
-
8
- Use the `cran` InSpec audit resource to test R modules that are installed from CRAN package repository.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.43.5 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `cran` resource block declares a package and (optionally) a package version:
25
-
26
- describe cran('package_name') do
27
- it { should be_installed }
28
- end
29
-
30
- where
31
-
32
- * `'package_name'` is the name of the package, such as `'DBI'`
33
- * `be_installed` tests to see if the package described above is installed
34
-
35
- <br>
36
-
37
- ## Examples
38
-
39
- The following examples show how to use this InSpec audit resource.
40
-
41
- ### Test if DBI is installed on the system
42
-
43
- describe cran('DBI') do
44
- it { should be_installed }
45
- end
46
-
47
- ### Test if DBI 0.5.1 is installed on the system
48
-
49
- describe cran('DBI') do
50
- it { should be_installed }
51
- its('version') { should eq '0.5.1' }
52
- end
53
-
54
- <br>
55
-
56
- ## Property Examples
57
-
58
- ### version
59
-
60
- The `version` property tests if the named package version is on the system:
61
-
62
- its('version') { should eq '1.2.3' }
63
-
64
- <br>
65
-
66
- ## Matchers
67
-
68
- This InSpec audit resource has the following matchers:
69
-
70
- ### be_installed
71
-
72
- The `be_installed` matcher tests if the named package is installed on the system:
73
-
74
- it { should be_installed }