inspec 2.3.10 → 2.3.23

data/docs/resources/etc_fstab.md.erb

@@ -1,135 +0,0 @@
----
-title: About the etc_fstab Resource
-platform: linux
----
-
-# etc_fstab
-
-Use the `etc_fstab` InSpec audit resource to test information about all partitions and storage devices on a Linux system.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.37.6 of InSpec.
-
-## Syntax
-
-An etc_fstab rule specifies a device name, its mount point, its mount type, the options its mounted with,
-its dump options, and the order the files system should be checked.
-
-Use the where clause to match a property to one or more rules in the fstab file:
-
-    describe etc_fstab.where { device_name == 'value' } do
-      its('mount_point') { should cmp 'hostname' }
-      its('file_system_type') { should cmp 'list' }
-      its('mount_options') { should cmp 'list' }
-      its('dump_options') { should cmp 'list' }
-      its('file_system_options') { should cmp 'list' }
-    end
-
-Use the optional constructor parameter to give an alternative path to fstab file:
-
-    describe etc_fstab(hosts_path).where { device_name == 'value' } do
-      its('mount_point') { should cmp 'hostname' }
-      its('file_system_type') { should cmp 'list' }
-      its('mount_options') { should cmp 'list' }
-      its('dump_options') { should cmp 'list' }
-      its('file_system_options') { should cmp 'list ' }
-    end
-
-<br>
-
-## Properties
-
-* `device_name` is the name associated with the device.
-* `mount_point` is the directory at which the filesystem is configured to be mounted.
-* `file_system_type` is the type of file system of the device or partition.
-* `mount_options` is the options for the device or partition.
-* `dump_options` is a number used by dump to decide if a file system should be backed up.
-* `file_system_options` is a number that specifies the order the file system should be checked.
-
-<br>
-
-## Property Examples
-
-### device_name
-
-`device_name` returns a string array of device names mounted on the system.
-
-    describe etc_fstab.where { mount_point == '/mnt/sr0' } do
-      its('device_name') { should cmp '/dev/sr0' }
-    end
-
-### mount_point
-
-`mount_point` returns a string array of directories at which filesystems are configured to be mounted.
-
-    describe etc_fstab.where { device_name == '/dev/sr0' } do
-      its('mount_point') { should cmp '/mnt/sr0' }
-    end
-
-### file\_system_type
-
-`file_system_type` returns a String array of each partitions file system type.
-
-    describe etc_fstab.where { device_name == '/dev/sr0' } do
-      its('file_system_type') { should cmp 'iso9660' }
-    end
-
-### mount_options
-
-`mount_options` returns a two dimensional array of each partitions mount options.
-
-    describe etc_fstab.where { mount_point == '/' } do
-      its('mount_options') { should eq [['defaults', 'x-systemd.device-timeout=0']] }
-    end
-
-### dump_options
-
-`dump_options` returns a integer array of each partitions dump option.
-
-    describe etc_fstab.where { device_name == '/dev/sr0' } do
-      its('dump_options') { should cmp 0 }
-    end
-
-### file\_system\_options
-
-`file_system_options` returns a integer array of each partitions file system option.
-
-    describe etc_fstab.where { device_name == '/dev/sr0' } do
-      its('file_system_options') { should cmp 0 }
-    end
-
-### Check all partitions that have type of 'nfs'
-
-    nfs_systems = etc_fstab.nfs_file_systems.entries
-    nfs_systems.each do |partition|
-      describe partition do
-        its('mount_options') { should include 'nosuid' }
-      end
-    end
-
-### Check the partition mounted at /home contains 'nosuid' in its mount_options
-
-    describe etc_fstab do
-      its('home_mount_options') { should include 'nosuid' }
-    end
-
-### Check if a partition is mounted at a point
-
-    describe etc_fstab.where { mount_point == '/home' } do
-      it { should be_configured }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/etc_group.md.erb

@@ -1,85 +0,0 @@
----
-title: About the etc_group Resource
-platform: linux
----
-
-# etc_group
-
-Use the `etc_group` InSpec audit resource to test groups that are defined on Linux and Unix platforms. The `/etc/group` file stores details about each group: group name, password, group identifier, along with a comma-separate list of users that belong to the group.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-A `etc_group` resource block declares a collection of properties to be tested:
-
-    describe etc_group('path') do
-      its('property') { should eq 'some_value' }
-    end
-
-or:
-
-    describe etc_group.where(item: 'value', item: 'value') do
-      its('gids') { should_not contain_duplicates }
-      its('groups') { should include 'user_name' }
-      its('users') { should include 'user_name' }
-    end
-
-where
-
-* `('path')` is the non-default path to the `inetd.conf` file
-* `.where()` filters for a specific item and value, to which the parameter are compared
-* `.where` filter may be one or more of:
-    * `name: 'name'`, `group_name: 'group_name'`, `password: 'password'`, `gid: 'gid'`, `group_id: 'gid'`, `users: 'user_name'`, `members: 'member_name'`
-<br>
-
-## Properties
-
-* `'gids'`, `'groups'`, and `'users'` are valid resource parameters for this resource.
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test group identifiers (GIDs) for duplicates
-
-    describe etc_group do
-      its('gids') { should_not contain_duplicates }
-    end
-
-### Test all groups to see if a specific user belongs to one (or more) groups
-
-    describe etc_group do
-      its('groups') { should include 'my_group' }
-    end
-
-### Test all groups for a specific user name
-
-    describe etc_group do
-      its('users') { should include 'my_user' }
-    end
-
-### Filter a list of groups for a specific user
-
-    describe etc_group.where(name: 'my_group') do
-      its('users') { should include 'my_user' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-

data/docs/resources/etc_hosts.md.erb

@@ -1,88 +0,0 @@
----
-title: About the etc_hosts Resource
-platform: linux
----
-
-# etc_hosts
-
-Use the `etc_hosts` InSpec audit resource to test rules set to match IP addresses with hostnames.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.37.6 of InSpec.
-
-## Syntax
-
-An etc/hosts rule specifies an IP address and what its hostname is along with optional aliases it can have.
-
-<br>
-
-## Syntax
-
-Use the `.where` clause to match a property to one or more rules in the hosts file:
-
-    describe etc_hosts.where { ip_address == 'value' } do
-      its('primary_name') { should cmp 'hostname' }
-      its('all_host_names') { should cmp 'list' }
-    end
-
-Use the optional resource parameter to give an alternative path to the hosts file:
-
-    describe etc_hosts('path/to/hosts').where { ip_address == 'value' } do
-      its('primary_name') { should cmp 'hostname' }
-      its('all_host_names') { should cmp 'list' }
-    end
-
-where
-
-* `ip_address` is the ip address of the hostname in either ipv4 or ipv6 format.
-* `primary_name` is the name associated with the ip address.
-* `all_host_names` is a list including the primary_name as the first entry followed by any alias names the host has.
-
-<br>
-
-## Properties
-
-    'ip_address', 'primary_name', 'all_host_names'
-
-<br>
-
-## Property Examples
-
-### ip_address
-
-`ip_address` returns a string array of ip addresses specified in the etc/hosts file.
-
-    describe etc_hosts.where { primary_name == 'localhost' } do
-      its('ip_address') { should cmp '127.0.1.154' }
-    end
-
-### primary_name
-
-`primary_name` returns a string array of primary_names specified in the etc/hosts file.
-
-    describe etc_hosts.where { ip_address == '::1' } do
-      its('primary_name') { should cmp 'localhost' }
-    end
-
-### all\_host_names
-
-`all_host_names` returns a two dimensional string array where each entry has the primary_name first followed by any aliases.
-
-    describe etc_hosts.where { ip_address == '127.0.1.154' } do
-      its('all_host_names') { should eq [['localhost', 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4'],  ['localhost', 'localhost.localdomain', 'localhost6', 'localhost6.localdomain6']] }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/etc_hosts_allow.md.erb

@@ -1,84 +0,0 @@
----
-title: About the etc_hosts_allow Resource
-platform: linux
----
-
-# etc\_hosts\_allow
-
-Use the `etc_hosts_allow` InSpec audit resource to test rules defined for accepting daemon and client traffic in the `'/etc/hosts.allow'` file.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.39.1 of InSpec.
-
-## Syntax
-
-An etc/hosts.allow rule specifies one or more daemons mapped to one or more clients, with zero or more options to for accepting traffic when found.
-
-Use the where clause to match a property to one or more rules in the hosts.allow file.
-
-    describe etc_hosts_allow.where { daemon == 'value' } do
-      its ('client_list') { should include ['values'] }
-      its ('options') { should include ['values'] }
-    end
-
-Use the optional constructor parameter to give an alternative path to hosts.allow
-
-    describe etc_hosts_allow(hosts_path).where { daemon == 'value' } do
-      its ('client_list') { should include ['values'] }
-      its ('options') { should include ['values'] }
-    end
-
-where
-
-* `daemon` is a daemon that will be allowed to pass traffic in.
-* `client_list` is a list of clients will be allowed to pass traffic in.
-* `options` is a list of tasks that to be done with the rule when traffic is found.
-
-<br>
-
-## Properties
-
-    'daemon', 'client_list', 'options'
-
-<br>
-
-## Property Examples
-
-### daemon
-
-`daemon` returns a string containing the daemon that is allowed in the rule.
-
-    describe etc_hosts_allow.where { client_list == ['127.0.1.154',  '[:fff:fAb0::]'] } do
-      its('daemon') { should eq ['vsftpd', 'sshd'] }
-    end
-
-### client_list
-
-`client_list` returns a 2d string array where each entry contains the clients specified for the rule.
-
-    describe etc_hosts_allow.where { daemon == 'sshd' } do
-      its('client_list') { should include ['192.168.0.0/16', '[abcd::0000:1234]'] }
-    end
-
-### options
-
-`options` returns a 2d string array where each entry contains any options specified for the rule.
-
-    describe etc_hosts_allow.where { daemon == 'sshd' } do
-      its('options') { should include ['deny', 'echo "REJECTED"'] }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/etc_hosts_deny.md.erb

@@ -1,84 +0,0 @@
----
-title: About the etc_hosts_deny Resource
-platform: linux
----
-
-# etc\_hosts\_deny
-
-Use the `etc_hosts_deny` InSpec audit resource to test rules for rejecting daemon and client traffic defined in /etc/hosts.deny.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.39.1 of InSpec.
-
-## Syntax
-
-An etc/hosts.deny rule specifies one or more daemons mapped to one or more clients, with zero or more options for rejecting traffic when found.
-
-Use the where clause to match a property to one or more rules in the hosts.deny file:
-
-    describe etc_hosts_deny.where { daemon == 'value' } do
-      its ('client_list') { should include ['values'] }
-      its ('options') { should include ['values'] }
-    end
-
-Use the optional constructor parameter to give an alternative path to hosts.deny:
-
-    describe etc_hosts_deny(hosts_path).where { daemon == 'value' } do
-      its ('client_list') { should include ['values'] }
-      its ('options') { should include ['values'] }
-    end
-
-where
-
-* `daemon` is a daemon that will be rejected to pass traffic in.
-* `client_list` is a list of clients will be rejected to pass traffic in.
-* `options` is a list of tasks that to be done with the rule when traffic is found.
-
-<br>
-
-## Properties
-
-    'daemon', 'client_list', 'options'
-
-<br>
-
-## Parameter Examples
-
-### daemon
-
-`daemon` returns a string containing the daemon that is allowed in the rule.
-
-    describe etc_hosts_deny.where { client_list == ['127.0.1.154',  '[:fff:fAb0::]'] } do
-      its('daemon') { should eq ['vsftpd', 'sshd'] }
-    end
-
-### client_list
-
-`client_list` returns a 2d string array where each entry contains the clients specified for the rule.
-
-    describe etc_hosts_deny.where { daemon == 'sshd' } do
-      its('client_list') { should include ['192.168.0.0/16', '[abcd::0000:1234]'] }
-    end
-
-### options
-
-`options` returns a 2d string array where each entry contains any options specified for the rule.
-
-    describe etc_hosts_deny.where { daemon == 'sshd' } do
-      its('options') { should include ['deny', 'echo "REJECTED"'] }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).