inspec 2.3.10 → 2.3.23

data/docs/resources/passwd.md.erb

@@ -1,151 +0,0 @@
----
-title: About the passwd Resource
-platform: linux
----
-
-# passwd
-
-Use the `passwd` InSpec audit resource to test the contents of `/etc/passwd`, which contains the following information for users that may log into the system and/or as users that own running processes. The format for `/etc/passwd` includes:
-
-* A username
-* The password for that user (on newer systems passwords should be stored in `/etc/shadow` )
-* The user identifier (UID) assigned to that user
-* The group identifier (GID) assigned to that user
-* Additional information about that user
-* That user's home directory
-* That user's default command shell
-
-These entries are defined as a colon-delimited row in the file, one row per user:
-
-    root:x:1234:5678:additional_info:/home/dir/:/bin/bash
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-A `passwd` resource block declares one (or more) users and associated user information to be tested:
-
-    describe passwd do
-      its('users') { should_not include 'forbidden_user' }
-    end
-
-    describe passwd.uid(filter) do
-      its('users') { should cmp 'root' }
-      its('count') { should eq 1 }
-    end
-
-where
-
-* `homes`, `gids`, `passwords`, `shells`, `uids`, and `users` are valid accessors for `passwd`
-* `filter` one (or more) arguments, for example: `passwd.users(/name/)` used to define filtering
-* `filter` may take any of the following arguments: `count` (retrieves the number of entries), `lines` (provides raw `passwd` lines), and `params` (returns an array of maps for all entries)
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test usernames and UIDs
-
-    describe passwd do
-      its('users') { should eq ['root', 'www-data'] }
-      its('uids') { should eq [0, 33] }
-    end
-
-### Select one user and test for multiple occurrences
-
-    describe passwd.uids(0) do
-      its('users') { should cmp 'root' }
-      its('count') { should eq 1 }
-    end
-
-    describe passwd.where { user == 'www-data' } do
-      its('uids') { should cmp 33 }
-      its('count') { should eq 1 }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### gids
-
-The `gids` matcher tests if the group indentifiers in the test match group identifiers in `/etc/passwd`:
-
-    its('gids') { should include 1234 }
-    its('gids') { should cmp 0 }
-
-### homes
-
-The `homes` matcher tests the absolute path to a user's home directory:
-
-    its('home') { should eq '/' }
-
-### length
-
-The `length` matcher tests the length of a password that appears in `/etc/passwd`:
-
-    its('length') { should be <= 32 }
-
-This matcher is best used in conjunction with filters. For example:
-
-    describe passwd.users('highlander') do
-       its('length') { should_not be < 16 }
-    end
-
-### passwords
-
-The `passwords` matcher tests if passwords are
-
-* Encrypted
-* Have direct logins disabled, as indicated by an asterisk (`*`)
-* In the `/etc/shadow` file, as indicated by the letter x (`x`)
-
-For example:
-
-    its('passwords') { should eq ['x'] }
-    its('passwords') { should cmp '*' }
-
-### shells
-
-The `shells` matcher tests the absolute path of a shell (or command) to which a user has access:
-
-    its('shells') { should_not include 'user' }
-
-or to find all users with the nologin shell:
-
-    describe passwd.shells(/nologin/) do
-      its('users') { should_not include 'my_login_user' }
-    end
-
-### uids
-
-The `uids` matcher tests if the user indentifiers in the test match user identifiers in `/etc/passwd`:
-
-    its('uids') { should eq ['1234', '1235'] }
-
-or:
-
-    describe passwd.uids(0) do
-      its('users') { should cmp 'root' }
-      its('count') { should eq 1 }
-    end
-
-### users
-
-The `users` matcher tests if the user names in the test match user names in `/etc/passwd`:
-
-    its('users') { should eq ['root', 'www-data'] }

data/docs/resources/pip.md.erb

@@ -1,77 +0,0 @@
----
-title: About the pip Resource
-platform: os
----
-
-# pip
-
-Use the `pip` InSpec audit resource to test packages that are installed using the Python PIP installer.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-A `pip` resource block declares a package and (optionally) a package version:
-
-    describe pip('package_name') do
-      it { should be_installed }
-    end
-
-where
-
-* `'package_name'` is the name of the package, such as `'Jinja2'`
-* `be_installed` tests to see if the package described above is installed
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test if Jinja2 is installed on the system
-
-    describe pip('Jinja2') do
-      it { should be_installed }
-    end
-
-### Test if Jinja2 2.8 is installed on the system
-
-    describe pip('Jinja2') do
-      it { should be_installed }
-      its('version') { should eq '2.8' }
-    end
-
-### Test packages installed into a non-default location (e.g. virtualenv) by passing a custom path to pip executable
-
-    describe pip('Jinja2', '/path/to/bin/pip') do
-      it { should be_installed }
-      its('version') { should eq '2.8' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### be_installed
-
-The `be_installed` matcher tests if the named package is installed on the system:
-
-    it { should be_installed }
-
-### version
-
-The `version` matcher tests if the named package version is on the system:
-
-    its('version') { should eq '1.2.3' }

data/docs/resources/port.md.erb

@@ -1,147 +0,0 @@
----
-title: About the port Resource
-platform: os
----
-
-# port
-
-Use the `port` InSpec audit resource to test basic port properties, such as port, process, if it's listening.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-A `port` resource block declares a port, and then depending on what needs to be tested, a process, protocol, process identifier, and its state (is it listening?):
-
-    describe port(514) do
-      it { should be_listening }
-      its('processes') {should include 'syslog'}
-    end
-
-where the `processes` returns the processes listening on port 514.
-
-A filter may specify an attribute:
-
-    describe port.where { protocol =~ /tcp/ && port > 22 && port < 80 } do
-      it { should_not be_listening }
-    end
-
-where
-
-* `.where{}` specifies a block in which one (or more) attributes---`port`, `address`, `protocol`, `process`, `pid`, or `listening?`----scope the test to ports that match those attributes
-
-For example, to test if the SSH daemon is available on a Linux machine via the default port (22):
-
-    describe port(22) do
-      its('processes') { should include 'sshd' }
-      its('protocols') { should include 'tcp' }
-      its('addresses') { should include '0.0.0.0' }
-    end
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test port 80, listening with the TCP protocol
-
-    describe port(80) do
-      it { should be_listening }
-      its('protocols') { should cmp 'tcp' }
-    end
-
-### Test port 80, on a specific address
-
-A specific port address may be checked using either of the following examples:
-
-    describe port(80) do
-      it { should be_listening }
-      its('addresses') {should include '0.0.0.0'}
-    end
-
-or:
-
-    describe port('0.0.0.0', 80) do
-      it { should be_listening }
-    end
-
-### Test port 80, listening with TCP version IPv6 protocol
-
-    describe port(80) do
-      it { should be_listening }
-      its('protocols') { should cmp 'tcp6' }
-    end
-
-### Test that only secure ports accept requests
-
-    describe port(80) do
-      it { should_not be_listening }
-    end
-
-    describe port(443) do
-      it { should be_listening }
-      its('protocols') { should cmp 'tcp' }
-    end
-
-### Verify port 65432 is not listening
-
-    describe port(22) do
-      it { should be_listening }
-      its('protocols') { should include('tcp') }
-      its('protocols') { should_not include('udp') }
-    end
-
-    describe port(65432) do
-      it { should_not be_listening }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### address
-
-The `addresses` matcher tests if the specified address is associated with a port:
-
-    its('addresses') { should include '0.0.0.0' }
-
-### be_listening
-
-The `be_listening` matcher tests if the port is listening for traffic:
-
-    it { should be_listening }
-
-### pids
-
-The `pids` matcher tests the process identifiers (PIDs):
-
-    its('pids') { should cmp 27808 }
-
-### processes
-
-The `processes` matcher tests if the named process is running on the system:
-
-    its('processes') { should cmp 'syslog' }
-
-### protocols
-
-The `protocols` matcher tests the Internet protocol: ICMP (`'icmp'`), TCP (`'tcp'` or `'tcp6'`), or UDP (`'udp'` or `'udp6'`):
-
-    its('protocols') { should include 'tcp' }
-
-or for the IPv6 protocol:
-
-    its('protocols') { should include 'tcp6' }

data/docs/resources/postgres_conf.md.erb

@@ -1,89 +0,0 @@
----
-title: About the postgres_conf Resource
-platform: os
----
-
-# postgres_conf
-
-Use the `postgres_conf` InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at `/etc/postgresql/<version>/main/postgresql.conf` or `/var/lib/postgres/data/postgresql.conf`, depending on the platform.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-A `postgres_conf` resource block declares one (or more) settings in the `postgresql.conf` file, and then compares the setting in the configuration file to the value stated in the test:
-
-    describe postgres_conf('path') do
-      its('setting') { should eq 'value' }
-    end
-
-
-where
-
-* `'setting'` specifies a setting in the `postgresql.conf` file
-* `('path')` is the non-default path to the `postgresql.conf` file (optional)
-* `should eq 'value'` is the value that is expected
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test the maximum number of allowed client connections
-
-    describe postgres_conf do
-      its('max_connections') { should eq '5' }
-    end
-
-### Test system logging
-
-    describe postgres_conf do
-      its('logging_collector') { should eq 'on' }
-      its('log_connections') { should eq 'on' }
-      its('log_disconnections') { should eq 'on' }
-      its('log_duration') { should eq 'on' }
-      its('log_hostname') { should eq 'on' }
-      its('log_line_prefix') { should eq '%t %u %d %h' }
-      its(['pgaudit.log_parameter']) { should cmp 'on' }
-    end
-
-### Test the port on which PostgreSQL listens
-
-    describe postgres_conf do
-      its('port') { should eq '5432' }
-    end
-
-### Test the Unix socket settings
-
-    describe postgres_conf do
-      its('unix_socket_directories') { should eq '.s.PGSQL.5432' }
-      its('unix_socket_group') { should eq nil }
-      its('unix_socket_permissions') { should eq '0770' }
-    end
-
-where `unix_socket_group` is set to the PostgreSQL default setting (the group to which the server user belongs).
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### setting
-
-The `setting` matcher tests specific, named settings in the `postgresql.conf` file:
-
-    its('setting') { should eq 'value' }
-
-Use a `setting` matcher for each setting to be tested.