inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,135 +0,0 @@
1
- ---
2
- title: About the etc_fstab Resource
3
- platform: linux
4
- ---
5
-
6
- # etc_fstab
7
-
8
- Use the `etc_fstab` InSpec audit resource to test information about all partitions and storage devices on a Linux system.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.37.6 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An etc_fstab rule specifies a device name, its mount point, its mount type, the options its mounted with,
25
- its dump options, and the order the files system should be checked.
26
-
27
- Use the where clause to match a property to one or more rules in the fstab file:
28
-
29
- describe etc_fstab.where { device_name == 'value' } do
30
- its('mount_point') { should cmp 'hostname' }
31
- its('file_system_type') { should cmp 'list' }
32
- its('mount_options') { should cmp 'list' }
33
- its('dump_options') { should cmp 'list' }
34
- its('file_system_options') { should cmp 'list' }
35
- end
36
-
37
- Use the optional constructor parameter to give an alternative path to fstab file:
38
-
39
- describe etc_fstab(hosts_path).where { device_name == 'value' } do
40
- its('mount_point') { should cmp 'hostname' }
41
- its('file_system_type') { should cmp 'list' }
42
- its('mount_options') { should cmp 'list' }
43
- its('dump_options') { should cmp 'list' }
44
- its('file_system_options') { should cmp 'list ' }
45
- end
46
-
47
- <br>
48
-
49
- ## Properties
50
-
51
- * `device_name` is the name associated with the device.
52
- * `mount_point` is the directory at which the filesystem is configured to be mounted.
53
- * `file_system_type` is the type of file system of the device or partition.
54
- * `mount_options` is the options for the device or partition.
55
- * `dump_options` is a number used by dump to decide if a file system should be backed up.
56
- * `file_system_options` is a number that specifies the order the file system should be checked.
57
-
58
- <br>
59
-
60
- ## Property Examples
61
-
62
- ### device_name
63
-
64
- `device_name` returns a string array of device names mounted on the system.
65
-
66
- describe etc_fstab.where { mount_point == '/mnt/sr0' } do
67
- its('device_name') { should cmp '/dev/sr0' }
68
- end
69
-
70
- ### mount_point
71
-
72
- `mount_point` returns a string array of directories at which filesystems are configured to be mounted.
73
-
74
- describe etc_fstab.where { device_name == '/dev/sr0' } do
75
- its('mount_point') { should cmp '/mnt/sr0' }
76
- end
77
-
78
- ### file\_system_type
79
-
80
- `file_system_type` returns a String array of each partitions file system type.
81
-
82
- describe etc_fstab.where { device_name == '/dev/sr0' } do
83
- its('file_system_type') { should cmp 'iso9660' }
84
- end
85
-
86
- ### mount_options
87
-
88
- `mount_options` returns a two dimensional array of each partitions mount options.
89
-
90
- describe etc_fstab.where { mount_point == '/' } do
91
- its('mount_options') { should eq [['defaults', 'x-systemd.device-timeout=0']] }
92
- end
93
-
94
- ### dump_options
95
-
96
- `dump_options` returns a integer array of each partitions dump option.
97
-
98
- describe etc_fstab.where { device_name == '/dev/sr0' } do
99
- its('dump_options') { should cmp 0 }
100
- end
101
-
102
- ### file\_system\_options
103
-
104
- `file_system_options` returns a integer array of each partitions file system option.
105
-
106
- describe etc_fstab.where { device_name == '/dev/sr0' } do
107
- its('file_system_options') { should cmp 0 }
108
- end
109
-
110
- ### Check all partitions that have type of 'nfs'
111
-
112
- nfs_systems = etc_fstab.nfs_file_systems.entries
113
- nfs_systems.each do |partition|
114
- describe partition do
115
- its('mount_options') { should include 'nosuid' }
116
- end
117
- end
118
-
119
- ### Check the partition mounted at /home contains 'nosuid' in its mount_options
120
-
121
- describe etc_fstab do
122
- its('home_mount_options') { should include 'nosuid' }
123
- end
124
-
125
- ### Check if a partition is mounted at a point
126
-
127
- describe etc_fstab.where { mount_point == '/home' } do
128
- it { should be_configured }
129
- end
130
-
131
- <br>
132
-
133
- ## Matchers
134
-
135
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,85 +0,0 @@
1
- ---
2
- title: About the etc_group Resource
3
- platform: linux
4
- ---
5
-
6
- # etc_group
7
-
8
- Use the `etc_group` InSpec audit resource to test groups that are defined on Linux and Unix platforms. The `/etc/group` file stores details about each group: group name, password, group identifier, along with a comma-separate list of users that belong to the group.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `etc_group` resource block declares a collection of properties to be tested:
25
-
26
- describe etc_group('path') do
27
- its('property') { should eq 'some_value' }
28
- end
29
-
30
- or:
31
-
32
- describe etc_group.where(item: 'value', item: 'value') do
33
- its('gids') { should_not contain_duplicates }
34
- its('groups') { should include 'user_name' }
35
- its('users') { should include 'user_name' }
36
- end
37
-
38
- where
39
-
40
- * `('path')` is the non-default path to the `inetd.conf` file
41
- * `.where()` filters for a specific item and value, to which the parameter are compared
42
- * `.where` filter may be one or more of:
43
- * `name: 'name'`, `group_name: 'group_name'`, `password: 'password'`, `gid: 'gid'`, `group_id: 'gid'`, `users: 'user_name'`, `members: 'member_name'`
44
- <br>
45
-
46
- ## Properties
47
-
48
- * `'gids'`, `'groups'`, and `'users'` are valid resource parameters for this resource.
49
-
50
- <br>
51
-
52
- ## Examples
53
-
54
- The following examples show how to use this InSpec audit resource.
55
-
56
- ### Test group identifiers (GIDs) for duplicates
57
-
58
- describe etc_group do
59
- its('gids') { should_not contain_duplicates }
60
- end
61
-
62
- ### Test all groups to see if a specific user belongs to one (or more) groups
63
-
64
- describe etc_group do
65
- its('groups') { should include 'my_group' }
66
- end
67
-
68
- ### Test all groups for a specific user name
69
-
70
- describe etc_group do
71
- its('users') { should include 'my_user' }
72
- end
73
-
74
- ### Filter a list of groups for a specific user
75
-
76
- describe etc_group.where(name: 'my_group') do
77
- its('users') { should include 'my_user' }
78
- end
79
-
80
- <br>
81
-
82
- ## Matchers
83
-
84
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
85
-
@@ -1,88 +0,0 @@
1
- ---
2
- title: About the etc_hosts Resource
3
- platform: linux
4
- ---
5
-
6
- # etc_hosts
7
-
8
- Use the `etc_hosts` InSpec audit resource to test rules set to match IP addresses with hostnames.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.37.6 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An etc/hosts rule specifies an IP address and what its hostname is along with optional aliases it can have.
25
-
26
- <br>
27
-
28
- ## Syntax
29
-
30
- Use the `.where` clause to match a property to one or more rules in the hosts file:
31
-
32
- describe etc_hosts.where { ip_address == 'value' } do
33
- its('primary_name') { should cmp 'hostname' }
34
- its('all_host_names') { should cmp 'list' }
35
- end
36
-
37
- Use the optional resource parameter to give an alternative path to the hosts file:
38
-
39
- describe etc_hosts('path/to/hosts').where { ip_address == 'value' } do
40
- its('primary_name') { should cmp 'hostname' }
41
- its('all_host_names') { should cmp 'list' }
42
- end
43
-
44
- where
45
-
46
- * `ip_address` is the ip address of the hostname in either ipv4 or ipv6 format.
47
- * `primary_name` is the name associated with the ip address.
48
- * `all_host_names` is a list including the primary_name as the first entry followed by any alias names the host has.
49
-
50
- <br>
51
-
52
- ## Properties
53
-
54
- 'ip_address', 'primary_name', 'all_host_names'
55
-
56
- <br>
57
-
58
- ## Property Examples
59
-
60
- ### ip_address
61
-
62
- `ip_address` returns a string array of ip addresses specified in the etc/hosts file.
63
-
64
- describe etc_hosts.where { primary_name == 'localhost' } do
65
- its('ip_address') { should cmp '127.0.1.154' }
66
- end
67
-
68
- ### primary_name
69
-
70
- `primary_name` returns a string array of primary_names specified in the etc/hosts file.
71
-
72
- describe etc_hosts.where { ip_address == '::1' } do
73
- its('primary_name') { should cmp 'localhost' }
74
- end
75
-
76
- ### all\_host_names
77
-
78
- `all_host_names` returns a two dimensional string array where each entry has the primary_name first followed by any aliases.
79
-
80
- describe etc_hosts.where { ip_address == '127.0.1.154' } do
81
- its('all_host_names') { should eq [['localhost', 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4'], ['localhost', 'localhost.localdomain', 'localhost6', 'localhost6.localdomain6']] }
82
- end
83
-
84
- <br>
85
-
86
- ## Matchers
87
-
88
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,84 +0,0 @@
1
- ---
2
- title: About the etc_hosts_allow Resource
3
- platform: linux
4
- ---
5
-
6
- # etc\_hosts\_allow
7
-
8
- Use the `etc_hosts_allow` InSpec audit resource to test rules defined for accepting daemon and client traffic in the `'/etc/hosts.allow'` file.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.39.1 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An etc/hosts.allow rule specifies one or more daemons mapped to one or more clients, with zero or more options to for accepting traffic when found.
25
-
26
- Use the where clause to match a property to one or more rules in the hosts.allow file.
27
-
28
- describe etc_hosts_allow.where { daemon == 'value' } do
29
- its ('client_list') { should include ['values'] }
30
- its ('options') { should include ['values'] }
31
- end
32
-
33
- Use the optional constructor parameter to give an alternative path to hosts.allow
34
-
35
- describe etc_hosts_allow(hosts_path).where { daemon == 'value' } do
36
- its ('client_list') { should include ['values'] }
37
- its ('options') { should include ['values'] }
38
- end
39
-
40
- where
41
-
42
- * `daemon` is a daemon that will be allowed to pass traffic in.
43
- * `client_list` is a list of clients will be allowed to pass traffic in.
44
- * `options` is a list of tasks that to be done with the rule when traffic is found.
45
-
46
- <br>
47
-
48
- ## Properties
49
-
50
- 'daemon', 'client_list', 'options'
51
-
52
- <br>
53
-
54
- ## Property Examples
55
-
56
- ### daemon
57
-
58
- `daemon` returns a string containing the daemon that is allowed in the rule.
59
-
60
- describe etc_hosts_allow.where { client_list == ['127.0.1.154', '[:fff:fAb0::]'] } do
61
- its('daemon') { should eq ['vsftpd', 'sshd'] }
62
- end
63
-
64
- ### client_list
65
-
66
- `client_list` returns a 2d string array where each entry contains the clients specified for the rule.
67
-
68
- describe etc_hosts_allow.where { daemon == 'sshd' } do
69
- its('client_list') { should include ['192.168.0.0/16', '[abcd::0000:1234]'] }
70
- end
71
-
72
- ### options
73
-
74
- `options` returns a 2d string array where each entry contains any options specified for the rule.
75
-
76
- describe etc_hosts_allow.where { daemon == 'sshd' } do
77
- its('options') { should include ['deny', 'echo "REJECTED"'] }
78
- end
79
-
80
- <br>
81
-
82
- ## Matchers
83
-
84
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,84 +0,0 @@
1
- ---
2
- title: About the etc_hosts_deny Resource
3
- platform: linux
4
- ---
5
-
6
- # etc\_hosts\_deny
7
-
8
- Use the `etc_hosts_deny` InSpec audit resource to test rules for rejecting daemon and client traffic defined in /etc/hosts.deny.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.39.1 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An etc/hosts.deny rule specifies one or more daemons mapped to one or more clients, with zero or more options for rejecting traffic when found.
25
-
26
- Use the where clause to match a property to one or more rules in the hosts.deny file:
27
-
28
- describe etc_hosts_deny.where { daemon == 'value' } do
29
- its ('client_list') { should include ['values'] }
30
- its ('options') { should include ['values'] }
31
- end
32
-
33
- Use the optional constructor parameter to give an alternative path to hosts.deny:
34
-
35
- describe etc_hosts_deny(hosts_path).where { daemon == 'value' } do
36
- its ('client_list') { should include ['values'] }
37
- its ('options') { should include ['values'] }
38
- end
39
-
40
- where
41
-
42
- * `daemon` is a daemon that will be rejected to pass traffic in.
43
- * `client_list` is a list of clients will be rejected to pass traffic in.
44
- * `options` is a list of tasks that to be done with the rule when traffic is found.
45
-
46
- <br>
47
-
48
- ## Properties
49
-
50
- 'daemon', 'client_list', 'options'
51
-
52
- <br>
53
-
54
- ## Parameter Examples
55
-
56
- ### daemon
57
-
58
- `daemon` returns a string containing the daemon that is allowed in the rule.
59
-
60
- describe etc_hosts_deny.where { client_list == ['127.0.1.154', '[:fff:fAb0::]'] } do
61
- its('daemon') { should eq ['vsftpd', 'sshd'] }
62
- end
63
-
64
- ### client_list
65
-
66
- `client_list` returns a 2d string array where each entry contains the clients specified for the rule.
67
-
68
- describe etc_hosts_deny.where { daemon == 'sshd' } do
69
- its('client_list') { should include ['192.168.0.0/16', '[abcd::0000:1234]'] }
70
- end
71
-
72
- ### options
73
-
74
- `options` returns a 2d string array where each entry contains any options specified for the rule.
75
-
76
- describe etc_hosts_deny.where { daemon == 'sshd' } do
77
- its('options') { should include ['deny', 'echo "REJECTED"'] }
78
- end
79
-
80
- <br>
81
-
82
- ## Matchers
83
-
84
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).