inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,51 +0,0 @@
1
- ---
2
- title: About the filesystem Resource
3
- platform: linux
4
- ---
5
-
6
- # filesystem
7
-
8
- Use the `filesystem` InSpec resource to audit filesystem disk space usage.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.51.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `filesystem` resource block declares tests for disk space in a partition:
25
-
26
- describe filesystem('/') do
27
- its('size') { should be >= 32000 }
28
- end
29
-
30
- where
31
-
32
- * `filesystem('/')` states that the resource will look at the root (/) partition.
33
- * `size` is measured in kilobytes (KB).
34
-
35
- <br>
36
-
37
- ## Resource Property Examples
38
-
39
- The following examples show how to use this InSpec audit resource.
40
-
41
- ### Test if the root partition is greater than 32000 KB
42
-
43
- describe filesystem('/') do
44
- its('size') { should be >= 32000 }
45
- end
46
-
47
- <br>
48
-
49
- ## Matchers
50
-
51
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,117 +0,0 @@
1
- ---
2
- title: About the firewalld Resource
3
- platform: linux
4
- ---
5
-
6
- # firewalld
7
-
8
- Use the `firewalld` InSpec audit resource to test that firewalld is configured to allow and deny access to specific hosts, services and ports on a system.
9
-
10
- A firewalld has a number of zones that can be configured to allow and deny access to specific hosts, services, and ports.
11
-
12
- <br>
13
-
14
- ## Availability
15
-
16
- ### Installation
17
-
18
- This resource is distributed along with InSpec itself. You can use it automatically.
19
-
20
- ### Version
21
-
22
- This resource first became available in v1.40.0 of InSpec.
23
-
24
- ## Syntax
25
-
26
- describe firewalld do
27
- it { should be_running }
28
- its('default_zone') { should eq 'public' }
29
- it { should have_service_enabled_in_zone('ssh', 'public') }
30
- it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') }
31
- end
32
-
33
- Use the where clause to test open interfaces, sources, and services in active zones.
34
-
35
- describe firewalld.where { zone == 'public' } do
36
- its('interfaces') { should cmp ['enp0s3', 'eno2'] }
37
- its('sources') { should cmp ['192.168.1.0/24', '192.168.1.2'] }
38
- its('services') { should cmp ['ssh', 'icmp'] }
39
- end
40
-
41
- <br>
42
-
43
- ## Properties
44
-
45
- ### interfaces
46
-
47
- The `interfaces` property is used in conjunction with the where class to display open interfaces in an active zone.
48
-
49
- describe firewalld.where { zone == 'public' } do
50
- its('interfaces') { should cmp ['enp0s3', 'eno2'] }
51
- end
52
-
53
- ### sources
54
-
55
- The `sources` property is used in conjunction with the where class to display open sources in an active zone.
56
-
57
- describe firewalld.where { zone == 'public' } do
58
- its('sources') { should cmp ['192.168.1.0/24', '192.168.1.2'] }
59
- end
60
-
61
- ### services
62
-
63
- The `services` property is used in conjunction with the where class to display open services in an active zone.
64
-
65
- describe firewalld.where { zone == 'public' } do
66
- its('services') { should cmp ['ssh', 'icmp'] }
67
- end
68
-
69
- ### default_zone
70
-
71
- The `default_zone` property displays the default active zone to be used.
72
-
73
- its('default_zone') { should eq 'public' }
74
-
75
- <br>
76
-
77
- ## Matchers
78
-
79
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
80
-
81
- ### `be_installed`
82
-
83
- The `be_installed` matcher tests if the firewalld service is installed:
84
-
85
- it { should be_installed }
86
-
87
- ### `be_running`
88
-
89
- The `be_running` matcher tests if the firewalld service is running:
90
-
91
- it { should be_running }
92
-
93
- ### `have_zone`
94
-
95
- `have_zone` returns true or false if the zone is set on firewalld. It does not mean the zone is active.
96
-
97
- it { should have_zone('public') }
98
-
99
- ### `have_service_enabled_in_zone`
100
-
101
- `have_service_enabled_in_zone` returns true or false if the service is allowed in the specified zone.
102
-
103
- it { should have_service_enabled_in_zone('ssh', 'public') }
104
-
105
- ### `have_port_enabled_in_zone`
106
-
107
- `have_port_enabled_in_zone` returns true or false if the port is allowed in the specified zone.
108
-
109
- it { should have_port_enabled_in_zone('22/tcp', 'public') }
110
-
111
- ### `have_rule_enabled`
112
-
113
- `have_rule_enabled` returns true or false if the rich-rule has been specified in the zone.
114
-
115
- it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') }
116
-
117
- It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action
@@ -1,108 +0,0 @@
1
- ---
2
- title: About the gem Resource
3
- platform: os
4
- ---
5
-
6
- # gem
7
-
8
- Use the `gem` InSpec audit resource to test if a global Gem package is installed.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `gem` resource block declares a package and (optionally) a package version:
25
-
26
- describe gem('gem_package_name', 'gem_binary') do
27
- it { should be_installed }
28
- end
29
-
30
- where
31
-
32
- * `('gem_package_name')` must specify a Gem package, such as `'rubocop'`
33
- * `('gem_binary')` can specify the path to a non-default gem binary, defaults to `'gem'`
34
- * `be_installed` is a valid matcher for this resource
35
-
36
- <br>
37
-
38
- ## Resource Property Examples
39
-
40
- The following examples show how to use this InSpec audit resource.
41
-
42
- ### Verify that a gem package is installed, with a specific version
43
-
44
- describe gem('rubocop') do
45
- it { should be_installed }
46
- its('version') { should eq '0.33.0' }
47
- end
48
-
49
- ### Verify that a particular version is installed when there are multiple versions installed
50
-
51
- describe gem('rubocop') do
52
- it { should be_installed }
53
- its('versions') { should include /0.51.0/ }
54
- its('versions.count') { should_not be > 3 }
55
- end
56
-
57
-
58
- ### Verify that a gem package is not installed
59
-
60
- describe gem('rubocop') do
61
- it { should_not be_installed }
62
- end
63
-
64
- ### Verify that a gem package is installed in an omnibus environment
65
-
66
- describe gem('pry', '/opt/ruby-2.3.1/embedded/bin/gem') do
67
- it { should be_installed }
68
- end
69
-
70
- ### Verify that a gem package is installed in a chef omnibus environment
71
-
72
- describe gem('chef-sugar', :chef) do
73
- it { should be_installed }
74
- end
75
-
76
- ### Verify that a gem package is installed in a chef-server omnibus environment
77
-
78
- describe gem('knife-backup', :chef_server) do
79
- it { should be_installed }
80
- end
81
-
82
- <br>
83
-
84
- ## Properties
85
-
86
- ### version (String)
87
-
88
- The `version` property returns a string of the default version on the system:
89
-
90
- its('version') { should eq '0.33.0' }
91
-
92
- ### versions
93
-
94
- The `versions` property returns an array of strings of all the versions of the gem installed on the system:
95
-
96
- its('versions') { should include /0.33/ }
97
-
98
-
99
- ## Matchers
100
-
101
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
102
-
103
- ### be_installed
104
-
105
- The `be_installed` matcher tests if the named Gem package is installed:
106
-
107
- it { should be_installed }
108
-
@@ -1,71 +0,0 @@
1
- ---
2
- title: About the group Resource
3
- platform: os
4
- ---
5
-
6
- # group
7
-
8
- Use the `group` InSpec audit resource to test groups on the system.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `group` resource block declares a group, and then the details to be tested, such as if the group is a local group, the group identifier, or if the group exists:
25
-
26
- describe group('group_name') do
27
- it { should exist }
28
- its('gid') { should eq 0 }
29
- end
30
-
31
- where
32
-
33
- * `'group_name'` must specify the name of a group on the system
34
- * `exist` and `'gid'` are valid matchers for this resource
35
-
36
- <br>
37
-
38
- ## Examples
39
-
40
- The following examples show how to use this InSpec audit resource.
41
-
42
- ### Test the group identifier for the root group
43
-
44
- describe group('root') do
45
- it { should exist }
46
- its('gid') { should eq 0 }
47
- end
48
-
49
- <br>
50
-
51
- ## Matchers
52
-
53
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
54
-
55
- ### be_local
56
-
57
- The `be_local` matcher tests if the group is a local group:
58
-
59
- it { should be_local }
60
-
61
- ### exist
62
-
63
- The `exist` matcher tests if the named user exists:
64
-
65
- it { should exist }
66
-
67
- ### gid
68
-
69
- The `gid` matcher tests the named group identifier:
70
-
71
- its('gid') { should eq 1234 }
@@ -1,111 +0,0 @@
1
- ---
2
- title: About the grub_conf Resource
3
- platform: linux
4
- ---
5
-
6
- # grub_conf
7
-
8
- Grub is a boot loader on the Linux platform used to load and then transfer control to an operating system kernel, after which that kernel initializes the rest of the operating system. Use the `grub_conf` InSpec audit resource to test boot loader configuration settings that are defined in the `grub.conf` configuration file.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `grub_conf` resource block declares a list of settings in a `grub.conf` file:
25
-
26
- describe grub_conf('path', 'kernel') do
27
- its('setting') { should eq 'value' }
28
- end
29
-
30
- or:
31
-
32
- describe grub_conf('path') do
33
- its('default') { should eq '0' } #
34
- its('setting') { should eq 'value' }
35
- end
36
-
37
- where
38
-
39
- * `'service_name'` is a service listed in the `grub.conf` file
40
- * `'path'` is the path to the `grub.conf` file
41
- * `'kernel'` specifies the default kernel (by using `'default'`) or a specific kernel; `'default'` defines the position in the list of kernels at which the default kernel is defined, i.e. `should eq '0'` for the first kernel listed or `'path', 'default'` to use the default kernel as specified in the `grub.conf` file
42
- * `'value'` is the value that is expected
43
-
44
- <br>
45
-
46
- ## Examples
47
-
48
- The following examples show how to use this InSpec audit resource.
49
-
50
- ### Test a grub.conf file
51
-
52
- A Grub configuration file located at `/etc/grub.conf` is similar to the following:
53
-
54
- # grub.conf generated by anaconda
55
- #
56
- # Note: You do not need to rerun grub after making changes to this file
57
- # NOTICE: You have a /boot partition. This means that
58
- # all kernel and initrd paths are relative to /boot/, eg.
59
- # root (hd0,0)
60
- # kernel /vmlinuz-version ro root=/dev/hda6
61
- # initrd /initrd-version.img
62
- #boot=/dev/hda
63
- default=0
64
- timeout=10
65
- splashimage=(hd0,0)/grub/splash.xpm.gz
66
- title Red Hat Enterprise Linux ES (2.6.32-573.7.1.el6.x86_64)
67
- root (hd0,0)
68
- kernel /vmlinuz-2.6.32-573.7.1.el6.x86_64 ro root=/dev/hda6
69
- initrd /initrd-2.6.32-573.7.1.el6.x86_64.img
70
- title Red Hat Enterprise Linux ES (2.6.32-358.14.1.el6.x86_64)
71
- root (hd0,0)
72
- kernel /vmlinuz-2.6.32-358.14.1.el6.x86_64 ro root=/dev/hda6 ramdisk_size=400000
73
- initrd /initrd-2.6.32-358.14.1.el6.x86_64.img
74
-
75
- This file defines two versions of RedHat Enterprise Linux, with version `2.6.32-573.7.1.el6.x86_64` specified as the default.
76
-
77
- The following test verifies the kernel, ensures that kernel is the default kernel, its initial RAM disk (`initrd`), and the timeout:
78
-
79
- describe grub_conf('/etc/grub.conf', 'default') do
80
- its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
81
- its('initrd') { should include '/initrd-2.6.32-573.7.1.el6.x86_64.img' }
82
- its('default') { should_not eq '1' }
83
- its('timeout') { should eq '10' }
84
- end
85
-
86
- The following test verifies the `ramdisk_size` for the non-default kernel:
87
-
88
- describe grub_conf('/etc/grub.conf', 'Red Hat Enterprise Linux ES (2.6.32-358.14.1.el6.x86_64)') do
89
- its('kernel') { should include 'ramdisk_size=400000' }
90
- end
91
-
92
- ### Test a configuration file and boot configuration
93
-
94
- describe grub_conf('/etc/grub.conf', 'default') do
95
- its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
96
- its('initrd') { should include '/initramfs-2.6.32-573.el6.x86_64.img=1' }
97
- its('default') { should_not eq '1' }
98
- its('timeout') { should eq '5' }
99
- end
100
-
101
- ### Test a specific kernel
102
-
103
- grub_conf('/etc/grub.conf', 'CentOS (2.6.32-573.12.1.el6.x86_64)') do
104
- its('kernel') { should include 'audit=1' }
105
- end
106
-
107
- <br>
108
-
109
- ## Matchers
110
-
111
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).