inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,78 +0,0 @@
1
- ---
2
- title: About the mssql_session Resource
3
- platform: windows
4
- ---
5
-
6
- # mssql_session
7
-
8
- Use the `mssql_session` InSpec audit resource to test SQL commands run against a Microsoft SQL database.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.24.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `mssql_session` resource block declares the username and password to use for the session, and then the command to be run:
25
-
26
- describe mssql_session(user: 'username', password: 'password').query('QUERY').row(0).column('result') do
27
- its('value') { should eq('') }
28
- end
29
-
30
- where
31
-
32
- * `mssql_session` declares a username and password with permission to run the query. Omitting the username or password parameters results in the use of Windows authentication as the user InSpec is executing as. You may also optionally pass a host and instance name. If omitted, they will default to host: localhost and the default instance.
33
- * `query('QUERY')` contains the query to be run
34
- * `its('value') { should eq('') }` compares the results of the query against the expected result in the test
35
-
36
- <br>
37
-
38
- ## Examples
39
-
40
- The following examples show how to use this InSpec audit resource.
41
-
42
- ### Test for matching databases
43
-
44
- sql = mssql_session(user: 'my_user', password: 'password')
45
-
46
- describe sql.query("SELECT SERVERPROPERTY('ProductVersion') as result").row(0).column('result') do
47
- its("value") { should cmp > '12.00.4457' }
48
- end
49
-
50
- ### Test using Windows authentication
51
-
52
- sql = mssql_session
53
-
54
- describe sql.query("SELECT SERVERPROPERTY('ProductVersion') as result").row(0).column('result') do
55
- its("value") { should cmp > '12.00.4457' }
56
- end
57
-
58
- ### Test a specific host and instance
59
-
60
- sql = mssql_session(user: 'my_user', password: 'password', host: 'mssqlserver', instance: 'foo')
61
-
62
- describe sql.query("SELECT SERVERPROPERTY('ProductVersion') as result").row(0).column('result') do
63
- its("value") { should cmp > '12.00.4457' }
64
- end
65
-
66
- ### Test a specific database
67
-
68
- sql = mssql_session(user: 'my_user', password: 'password', db_name: 'test')
69
-
70
- describe sql.query("SELECT Name AS result FROM Product WHERE ProductID == 1").row(0).column('result') do
71
- its("value") { should eq 'foo' }
72
- end
73
-
74
- <br>
75
-
76
- ## Matchers
77
-
78
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,109 +0,0 @@
1
- ---
2
- title: About the mysql_conf Resource
3
- platform: os
4
- ---
5
-
6
- # mysql_conf
7
-
8
- Use the `mysql_conf` InSpec audit resource to test the contents of the configuration file for MySQL, typically located at `/etc/mysql/my.cnf` or `/etc/my.cnf`.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `mysql_conf` resource block declares one (or more) settings in the `my.cnf` file, and then compares the setting in the configuration file to the value stated in the test:
25
-
26
- describe mysql_conf('path') do
27
- its('setting') { should eq 'value' }
28
- end
29
-
30
- # Test a parameter set within the [mysqld] section
31
- describe mysql_conf do
32
- its('mysqld.port') { should cmp 3306 }
33
- end
34
-
35
- # Test a parameter set within the [mariadb] section using array notation
36
- describe mysql_conf do
37
- its(['mariadb', 'max-connections']) { should_not be_nil }
38
- end
39
-
40
- where
41
-
42
- * `'setting'` specifies a setting in the `my.cnf` file, such as `max_connections`
43
- * when checking a setting within sections, such as `[mysqld]`, the section name must be included
44
- * `('path')` is the non-default path to the `my.cnf` file
45
- * `should eq 'value'` is the value that is expected
46
-
47
- <br>
48
-
49
- ## Examples
50
-
51
- The following examples show how to use this InSpec audit resource.
52
-
53
- ### Test the maximum number of allowed connections
54
-
55
- describe mysql_conf do
56
- its('max_connections') { should eq '505' }
57
- its('max_user_connections') { should eq '500' }
58
- end
59
-
60
- ### Test slow query logging**
61
-
62
- describe mysql_conf do
63
- its('slow_query_log_file') { should eq 'hostname_slow.log' }
64
- its('slow_query_log') { should eq '0' }
65
- its('log_queries_not_using_indexes') { should eq '1' }
66
- its('long_query_time') { should eq '0.5' }
67
- its('min_examined_row_limit') { should eq '100' }
68
- end
69
-
70
- ### Test the port and socket on which MySQL listens
71
-
72
- describe mysql_conf do
73
- its('port') { should eq '3306' }
74
- its('socket') { should eq '/var/run/mysqld/mysql.sock' }
75
- end
76
-
77
- ### Test connection and thread variables
78
-
79
- describe mysql_conf do
80
- its('port') { should eq '3306' }
81
- its('socket') { should eq '/var/run/mysqld/mysql.sock' }
82
- its('max_allowed_packet') { should eq '12M' }
83
- its('default_storage_engine') { should eq 'InnoDB' }
84
- its('character_set_server') { should eq 'utf8' }
85
- its('collation_server') { should eq 'utf8_general_ci' }
86
- its('max_connections') { should eq '505' }
87
- its('max_user_connections') { should eq '500' }
88
- its('thread_cache_size') { should eq '505' }
89
- end
90
-
91
- ### Test the safe-user-create parameter
92
-
93
- describe mysql_conf.params('mysqld') do
94
- its('safe-user-create') { should eq('1') }
95
- end
96
-
97
- <br>
98
-
99
- ## Matchers
100
-
101
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
102
-
103
- ### setting
104
-
105
- The `setting` matcher tests specific, named settings in the `my.cnf` file:
106
-
107
- its('setting') { should eq 'value' }
108
-
109
- Use a `setting` matcher for each setting to be tested.
@@ -1,84 +0,0 @@
1
- ---
2
- title: About the mysql_session Resource
3
- platform: os
4
- ---
5
-
6
- # mysql_session
7
-
8
- Use the `mysql_session` InSpec audit resource to test SQL commands run against a MySQL database.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `mysql_session` resource block declares the username and password to use for the session, and then the command to be run:
25
-
26
- describe mysql_session('username', 'password').query('QUERY') do
27
- its('stdout') { should match(/expected-result/) }
28
- end
29
-
30
- where
31
-
32
- * `mysql_session` declares a username and password, connecting locally, with permission to run the query
33
- * `query('QUERY')` contains the query to be run
34
- * `its('stdout') { should eq(/expected-result/) }` compares the results of the query against the expected result in the test
35
-
36
- <br>
37
-
38
- ## Examples
39
-
40
- The following examples show how to use this InSpec audit resource.
41
-
42
- ### Test for matching databases
43
-
44
- sql = mysql_session('my_user','password')
45
-
46
- describe sql.query('show databases like \'test\';') do
47
- its('stdout') { should_not match(/test/) }
48
- end
49
-
50
- ### Alternate Connection: Different Host
51
-
52
- sql = mysql_session('my_user','password','db.example.com')
53
-
54
- ### Alternate Connection: Different Port
55
-
56
- sql = mysql_session('my_user','password','localhost',3307)
57
-
58
- ### Alternate Connection: Using a socket
59
-
60
- sql = mysql_session('my_user','password', nil, nil, '/var/lib/mysql-default/mysqld.sock')
61
-
62
- ### Test for a successful query
63
-
64
- describe mysql_session('my_user','password').query('show tables in existing_database;') do
65
- its('exit_status') { should eq(0) }
66
- end
67
-
68
- ### Test for a failing query
69
-
70
- describe mysql_session('my_user','password').query('show tables in non_existent_database;') do
71
- its('exit_status') { should_not eq(0) }
72
- end
73
-
74
- ### Test for specific error message
75
-
76
- describe mysql_session('my_user','password').query('show tables in non_existent_database;') do
77
- its('stderr') { should match(/Unknown database/) }
78
- end
79
-
80
- <br>
81
-
82
- ## Matchers
83
-
84
- This InSpec audit resource builds a [command](https://www.inspec.io/docs/reference/resources/command) object and returns the the result object. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,89 +0,0 @@
1
- ---
2
- title: The Nginx Resource
3
- platform: linux
4
- ---
5
-
6
- # nginx
7
-
8
- Use the `nginx` InSpec audit resource to test the fields and validity of nginx.
9
-
10
- Nginx resource extracts and exposes data reported by the command 'nginx -V'
11
-
12
- <br>
13
-
14
- ## Availability
15
-
16
- ### Installation
17
-
18
- This resource is distributed along with InSpec itself. You can use it automatically.
19
-
20
- ### Version
21
-
22
- This resource first became available in v1.37.6 of InSpec.
23
-
24
- ## Syntax
25
-
26
- An `nginx` InSpec audit resource block extracts configuration settings that should be tested:
27
-
28
- describe nginx do
29
- its('attribute') { should eq 'value' }
30
- end
31
-
32
- describe nginx('path to nginx') do
33
- its('attribute') { should eq 'value' }
34
- end
35
-
36
- where
37
-
38
- * `'attribute'` is a configuration parsed from result of the command 'nginx -V'
39
- * `'value'` is the value that is expected of the attribute
40
-
41
- <br>
42
-
43
- ## Properties
44
-
45
- * `compiler_info`, `error_log_path`, `http_client_body_temp_path`, `http_fastcgi_temp_path`, `http_log_path`, `http_proxy_temp_path`, `http_scgi_temp_path`, `http_uwsgi_temp_path`, `lock_path`, `modules`, `modules_path`, `openssl_version`, `prefix`, `sbin_path`, `service`, `support_info`, `version`
46
-
47
- <br>
48
-
49
- ## Property Examples
50
-
51
- ### version(String)
52
-
53
- `version` returns a string of the version of the running nginx instance
54
-
55
- describe nginx do
56
- its('version') { should eq '1.12.0' }
57
- end
58
-
59
- ### modules(String)
60
-
61
- `modules` returns a array modules in the running nginx instance
62
-
63
- describe nginx do
64
- its('modules') { should include 'my_module' }
65
- end
66
-
67
- ### openssl_version(Hash)
68
-
69
- `openssl_version ` returns a hash with 'version' and 'date' as keys
70
-
71
- describe nginx do
72
- its('openssl_version.date') { should eq '11 Feb 2013' }
73
- end
74
-
75
- ### compiler_info(Hash)
76
-
77
- `compiler_info ` returns a hash with 'compiler' , version' and 'date' as keys
78
-
79
- describe nginx do
80
- its('compiler_info.compiler') { should eq 'gcc' }
81
- end
82
-
83
- ### support_info(String)
84
-
85
- `support_info ` returns a string containing supported protocols
86
-
87
- describe nginx do
88
- its('support_info') { should match /TLS/ }
89
- end
@@ -1,148 +0,0 @@
1
- ---
2
- title: About the nginx_conf Resource
3
- platform: linux
4
- ---
5
-
6
- # nginx_conf
7
-
8
- Use the `nginx_conf` InSpec resource to test configuration data for the NGINX server located at `/etc/nginx/nginx.conf` on Linux and Unix platforms.
9
-
10
- **Stability: Experimental**
11
-
12
- <br>
13
-
14
- ## Availability
15
-
16
- ### Installation
17
-
18
- This resource is distributed along with InSpec itself. You can use it automatically.
19
-
20
- ### Version
21
-
22
- This resource first became available in v1.37.6 of InSpec.
23
-
24
- ## Syntax
25
-
26
- An `nginx_conf` resource block declares the client NGINX configuration data to be tested:
27
-
28
- describe nginx_conf.params['pid'] do
29
- it { should cmp 'logs/nginx.pid' }
30
- end
31
-
32
- where
33
-
34
- * `nginx_conf` is the resource to reference your NGINX configuration
35
- * `params` accesses all its parameters
36
- * `params['pid']` selects the `pid` entry from the global NGINX configuration
37
- * `{ should cmp 'logs/nginx.pid' }` tests if the PID is set to `logs/nginx.pid` (via `cmp` matcher)
38
-
39
- <br>
40
-
41
- ## Examples
42
-
43
- The following examples show how to use this InSpec audit resource.
44
-
45
- ### Find a specific server
46
-
47
- servers = nginx_conf.servers
48
- domain2 = servers.find { |s| s.params['server_name'].flatten.include? 'domain2.com' }
49
- describe 'No server serves domain2' do
50
- subject { domain2 }
51
- it { should be_nil }
52
- end
53
-
54
- ### Test a raw parameter
55
-
56
- describe nginx_conf.params['worker_processes'].flatten do
57
- it { should cmp 5 }
58
- end
59
-
60
- <br>
61
-
62
- ## Matchers
63
-
64
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
65
-
66
- ### http
67
-
68
- Retrieves all `http` entries in the configuration file.
69
-
70
- nginx_conf.http
71
- => nginx_conf /etc/nginx/nginx.conf, http entries
72
-
73
- It provides further access to all individual entries, servers, and locations.
74
-
75
- nginx_conf.http.entries
76
- => [nginx_conf /etc/nginx/nginx.conf, http entry ...]
77
-
78
- nginx_conf.http.servers
79
- => [nginx_conf /etc/nginx/nginx.conf, server entry ...]
80
-
81
- nginx_conf.http.locations
82
- => [nginx_conf /etc/nginx/nginx.conf, location entry ...]
83
-
84
- You can access each of these from the array and inspect it further (see below).
85
-
86
- ### servers
87
-
88
- Retrieve all `servers` entries in the configuration:
89
-
90
- # all servers across all configs aggregated:
91
- nginx_conf.servers
92
- => [nginx_conf /etc/nginx/nginx.conf, server entry ...]
93
-
94
- # servers that belong to a specific http entry:
95
- nginx_conf.http.entries[0].servers
96
- => [nginx_conf /etc/nginx/nginx.conf, server entry ...]
97
-
98
- Servers provide access to all their locations, parent http entry, and raw parameters:
99
-
100
- server = nginx_conf.servers[0]
101
-
102
- server.locations
103
- => [nginx_conf /etc/nginx/nginx.conf, location entry ...]
104
-
105
- server.parent
106
- => nginx_conf /etc/nginx/nginx.conf, http entry
107
-
108
- server.params
109
- => {"listen"=>[["85"]],
110
- "server_name"=>[["domain1.com", "www.domain1.com"]],
111
- "root"=>[["html"]],
112
- "location"=>[{"_"=>["~", "\\.php$"], "fastcgi_pass"=>[["127.0.0.1:1025"]]}]}
113
-
114
- ### locations
115
-
116
- Retrieve all `location` entries in the configuration:
117
-
118
- # all locations across all configs aggregated:
119
- nginx_conf.locations
120
- => [nginx_conf /etc/nginx/nginx.conf, location entry ...]
121
-
122
- # locations of a http entry aggregated:
123
- nginx_conf.http.entries[0].locations
124
- => [nginx_conf /etc/nginx/nginx.conf, location entry ...]
125
-
126
- # locations of a specific server:
127
- nginx_conf.servers[0].locations
128
- => [nginx_conf /etc/nginx/nginx.conf, location entry ...]
129
-
130
- Locations provide access to their parent server entry and raw parameters:
131
-
132
- location = nginx_conf.locations[0]
133
-
134
- location.parent
135
- => nginx_conf /etc/nginx/nginx.conf, server entry
136
-
137
- location.params
138
- => {"_"=>["~", "\\.php$"], "fastcgi_pass"=>[["127.0.0.1:1025"]]}
139
-
140
- ### configuration file path
141
-
142
- If the NGINX configuration file is not located at the default path, `/etc/nginx/nginx.conf`, the path can specified as the first parameter of the describe block:
143
-
144
- describe nginx_conf('/opt/nginx/nginx.conf').params['pid'] do
145
- it { should cmp 'logs/nginx.pid' }
146
- end
147
-
148
-