inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,78 +0,0 @@
1
- ---
2
- title: About the npm Resource
3
- platform: os
4
- ---
5
-
6
- # npm
7
-
8
- Use the `npm` InSpec audit resource to test if a global NPM package is installed. NPM is the the package manager for [Node.js packages](https://docs.npmjs.com), such as Bower and StatsD.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `npm` resource block declares a package and (optionally) a package version:
25
-
26
- describe npm('npm_package_name') do
27
- it { should be_installed }
28
- end
29
-
30
- where
31
-
32
- * `('npm_package_name')` must specify an NPM package, such as `'bower'` or `'statsd'`
33
- * `be_installed` is a valid matcher for this resource
34
-
35
- You can also specify additional options:
36
-
37
- describe npm('npm_package_name', path: '/path/to/project') do
38
- it { should be_installed }
39
- end
40
-
41
- The `path` specifies a folder, that contains a `node_modules` subdirectory. It emulates running `npm` inside the specified folder. This way you can inspect local NPM installations as well as global ones.
42
-
43
- <br>
44
-
45
- ## Examples
46
-
47
- The following examples show how to use this InSpec audit resource.
48
-
49
- ### Verify that bower is installed, with a specific version
50
-
51
- describe npm('bower') do
52
- it { should be_installed }
53
- its('version') { should eq '1.4.1' }
54
- end
55
-
56
- ### Verify that statsd is not installed
57
-
58
- describe npm('statsd') do
59
- it { should_not be_installed }
60
- end
61
-
62
- <br>
63
-
64
- ## Matchers
65
-
66
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
67
-
68
- ### be_installed
69
-
70
- The `be_installed` matcher tests if the named Gem package and package version (if specified) is installed:
71
-
72
- it { should be_installed }
73
-
74
- ### version
75
-
76
- The `version` matcher tests if the named package version is on the system:
77
-
78
- its('version') { should eq '1.2.3' }
@@ -1,70 +0,0 @@
1
- ---
2
- title: About the ntp_conf Resource
3
- platform: linux
4
- ---
5
-
6
- # ntp_conf
7
-
8
- Use the `ntp_conf` InSpec audit resource to test the synchronization settings defined in the `ntp.conf` file. This file is typically located at `/etc/ntp.conf`.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An `ntp_conf` resource block declares the synchronization settings that should be tested:
25
-
26
- describe ntp_conf('path') do
27
- its('setting_name') { should eq 'value' }
28
- end
29
-
30
- where
31
-
32
- * `'setting_name'` is a synchronization setting defined in the `ntp.conf` file
33
- * `('path')` is the non-default path to the `ntp.conf` file
34
- * `{ should eq 'value' }` is the value that is expected
35
-
36
- <br>
37
-
38
- ## Examples
39
-
40
- The following examples show how to use this InSpec audit resource.
41
-
42
- ### Test for clock drift against named servers
43
-
44
- describe ntp_conf do
45
- its('driftfile') { should eq '/var/lib/ntp/ntp.drift' }
46
- its('server') { should eq [
47
- 0.ubuntu.pool.ntp.org,
48
- 1.ubuntu.pool.ntp.org,
49
- 2.ubuntu.pool.ntp.org
50
- ] }
51
- end
52
-
53
- <br>
54
-
55
- ## Matchers
56
-
57
- This resource matches any service that is listed in the `ntp.conf` file. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
58
-
59
- its('server') { should_not eq nil }
60
-
61
- or:
62
-
63
- its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
64
-
65
- For example:
66
-
67
- describe ntp_conf do
68
- its('server') { should_not eq nil }
69
- its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
70
- end
@@ -1,63 +0,0 @@
1
- ---
2
- title: About the oneget Resource
3
- platform: windows
4
- ---
5
-
6
- # oneget
7
-
8
- Use the `oneget` InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses Oneget, which is `part of the Windows Management Framework 5.0 and Windows 10 <https://github.com/OneGet/oneget>`__. This resource uses the `Get-Package` cmdlet to return all of the package names in the Oneget repository.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `oneget` resource block declares a package and (optionally) a package version:
25
-
26
- describe oneget('name') do
27
- it { should be_installed }
28
- end
29
-
30
- where
31
-
32
- * `('name')` must specify the name of a package, such as `'VLC'`
33
- * `be_installed` is a valid matcher for this resource
34
-
35
- <br>
36
-
37
- ## Examples
38
-
39
- The following examples show how to use this InSpec audit resource.
40
-
41
- ### Test if VLC is installed
42
-
43
- describe oneget('VLC') do
44
- it { should be_installed }
45
- end
46
-
47
- <br>
48
-
49
- ## Matchers
50
-
51
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
52
-
53
- ### be_installed
54
-
55
- The `be_installed` matcher tests if the named package is installed on the system:
56
-
57
- it { should be_installed }
58
-
59
- ### version
60
-
61
- The `version` matcher tests if the named package version is on the system:
62
-
63
- its('version') { should eq '1.2.3' }
@@ -1,103 +0,0 @@
1
- ---
2
- title: About the oracledb_session Resource
3
- platform: os
4
- ---
5
-
6
- # oracledb_session
7
-
8
- Use the `oracledb_session` InSpec audit resource to test SQL commands run against a Oracle database.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `oracledb_session` resource block declares the username and password to use for the session with an optional service to connect to, and then the command to be run:
25
-
26
- describe oracledb_session(user: 'username', password: 'password', service: 'ORCL.localdomain').query('QUERY').row(0).column('result') do
27
- its('value') { should eq('') }
28
- end
29
-
30
- where
31
-
32
- * `oracledb_session` declares a username and password with permission to run the query (required), and an optional parameters for host (default: `localhost`), SID (default: `nil`, which uses the default SID, and path to the sqlplus binary (default: `sqlplus`).
33
- * it is possible to run queries as sysdba/sysoper by using `as_db_role option`, see examples
34
- * `query('QUERY')` contains the query to be run
35
- * `its('value') { should eq('') }` compares the results of the query against the expected result in the test
36
-
37
- <br>
38
-
39
- ## oracledb_session(...).query method Properties
40
- * rows the query result as array of hashes
41
- * row(number) selected row from query result, where number is just a row number in the query result
42
- * column(name) array with values from selected column
43
-
44
- ## Examples
45
-
46
- The following examples show how to use this InSpec audit resource.
47
-
48
- ### Test for matching databases
49
-
50
- sql = oracledb_session(user: 'my_user', pass: 'password')
51
-
52
- describe sql.query('SELECT NAME AS VALUE FROM v$database;').row(0).column('value') do
53
- its('value') { should cmp 'ORCL' }
54
- end
55
-
56
- ### Test for matching databases with custom host, SID and sqlplus binary location
57
-
58
- sql = oracledb_session(user: 'my_user', pass: 'password', host: 'oraclehost', sid: 'mysid', sqlplus_bin: '/u01/app/oracle/product/12.1.0/dbhome_1/bin/sqlplus')
59
-
60
- describe sql.query('SELECT NAME FROM v$database;').row(0).column('name') do
61
- its('value') { should cmp 'ORCL' }
62
- end
63
-
64
- ### Test for table contains a specified value in any row for the given column name
65
-
66
- sql = oracledb_session(user: 'my_user', pass: 'password', service: 'MYSID')
67
-
68
- describe sql.query('SELECT * FROM my_table;').column('my_column') do
69
- it { should include 'my_value' }
70
- end
71
-
72
- ### Test tablespace exists as sysdba
73
- The check will change user (with su) to specified user and run 'sqlplus / as sysdba' (sysoper, sysasm)
74
-
75
- sql = oracledb_session(as_os_user: 'oracle', as_db_role: 'sysdba', service: 'MYSID')
76
-
77
- describe sql.query('SELECT tablespace_name AS name FROM dba_tablespaces;').column('name') do
78
- it { should include 'MYTABLESPACE' }
79
- end
80
- NOTE: option `as_os_user` available only on unix-like systems and not supported on Windows. Also this option requires that you are running inspec as `root` or with `--sudo`
81
-
82
- ### Test number of rows in the query result
83
-
84
- sql = oracledb_session(user: 'my_user', pass: 'password')
85
-
86
- describe sql.query('SELECT * FROM my_table;').rows do
87
- its('count') { should eq 20 }
88
- end
89
-
90
- ### Use data out of (remote) DB query to build other tests
91
-
92
- sql = oracledb_session(user: 'my_user', pass: 'password', host: 'my.remote.db', service: 'MYSID')
93
-
94
- sql.query('SELECT * FROM files;').rows.each do |file_row|
95
- describe file(file_row['path']) do
96
- its('owner') { should eq file_row['owner']}
97
- end
98
- end
99
- <br>
100
-
101
- ## Matchers
102
-
103
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,153 +0,0 @@
1
- ---
2
- title: About the os Resource
3
- platform: os
4
- ---
5
-
6
- # os
7
-
8
- Use the `os` InSpec audit resource to test the platform on which the system is running.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An `os` resource block declares the platform to be tested. The platform may specified via matcher or control block name. For example, using a matcher:
25
-
26
- describe os.family do
27
- it { should eq 'platform_family_name' }
28
- end
29
-
30
- * `'platform_family_name'` (a string) is one of `aix`, `bsd`, `darwin`, `debian`, `hpux`, `linux`, `redhat`, `solaris`, `suse`, `unix`, or `windows`
31
-
32
- The parameters available to `os` are:
33
-
34
- * `:name` - the operating system name, such as `centos`
35
- * `:family` - the operating system family, such as `redhat`
36
- * `:release` - the version of the operating system, such as `7.3.1611`
37
- * `:arch` - the architecture of the operating system, such as `x86_64`
38
- <br>
39
-
40
- ## Examples
41
-
42
- The following examples show how to use this InSpec audit resource.
43
-
44
- ### Test for RedHat
45
-
46
- describe os.family do
47
- it { should eq 'redhat' }
48
- end
49
-
50
- ### Test for Ubuntu
51
-
52
- describe os.family do
53
- it { should eq 'debian' }
54
- end
55
-
56
- ### Test for Microsoft Windows
57
-
58
- describe os.family do
59
- it { should eq 'windows' }
60
- end
61
-
62
- <br>
63
-
64
- ## Matchers
65
-
66
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
67
-
68
- ### os.family? Helpers
69
-
70
- The `os` audit resource includes a collection of helpers that enable more granular testing of platforms, platform names, architectures, and releases. Use any of the following platform-specific helpers to test for specific platforms:
71
-
72
- * `aix?`
73
- * `bsd?` (including Darwin, FreeBSD, NetBSD, and OpenBSD)
74
- * `darwin?`
75
- * `debian?`
76
- * `hpux?`
77
- * `linux?` (including Alpine Linux, Amazon Linux, ArchLinux, CoreOS, Exherbo, Fedora, Gentoo, and Slackware)
78
- * `redhat?` (including CentOS)
79
- * `solaris?` (including Nexenta Core, OmniOS, Open Indiana, Solaris Open, and SmartOS)
80
- * `suse?`
81
- * `unix?`
82
- * `windows?`
83
-
84
- For example, to test for Darwin use:
85
-
86
- describe os.bsd? do
87
- it { should eq true }
88
- end
89
-
90
- To test for Windows use:
91
-
92
- describe os.windows? do
93
- it { should eq true }
94
- end
95
-
96
- and to test for Redhat use:
97
-
98
- describe os.redhat? do
99
- it { should eq true }
100
- end
101
-
102
- Use the following helpers to test for operating system names, releases, and architectures:
103
-
104
- describe os.name do
105
- it { should eq 'foo' }
106
- end
107
-
108
- describe os.release do
109
- it { should eq 'foo' }
110
- end
111
-
112
- describe os.arch do
113
- it { should eq 'foo' }
114
- end
115
-
116
- ### os.family names
117
-
118
- Use `os.family` to enable more granular testing of platforms, platform names, architectures, and releases. Use any of the following platform-specific names to test for specific platforms:
119
-
120
- * `aix`
121
- * `bsd` For platforms that are part of the Berkeley OS family `darwin`, `freebsd`, `netbsd`, and `openbsd`.
122
- * `debian`
123
- * `hpux`
124
- * `linux`. For platforms that are part of the Linux family `alpine`, `amazon`, `arch`, `coreos`, `exherbo`, `fedora`, `gentoo`, and `slackware`.
125
- * `redhat`. For platforms that are part of the Redhat family `centos`.
126
- * `solaris`. For platforms that are part of the Solaris family `nexentacore`, `omnios`, `openindiana`, `opensolaris`, and `smartos`.
127
- * `suse`
128
- * `unix`
129
- * `windows`
130
-
131
- For example, both of the following tests should have the same result:
132
-
133
- ```ruby
134
- if os.family == 'debian'
135
- describe port(69) do
136
- its('processes') { should include 'in.tftpd' }
137
- end
138
- elsif os.family == 'redhat'
139
- describe port(69) do
140
- its('processes') { should include 'xinetd' }
141
- end
142
- end
143
-
144
- if os.debian?
145
- describe port(69) do
146
- its('processes') { should include 'in.tftpd' }
147
- end
148
- elsif os.redhat?
149
- describe port(69) do
150
- its('processes') { should include 'xinetd' }
151
- end
152
- end
153
- ```