inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,151 +0,0 @@
1
- ---
2
- title: About the passwd Resource
3
- platform: linux
4
- ---
5
-
6
- # passwd
7
-
8
- Use the `passwd` InSpec audit resource to test the contents of `/etc/passwd`, which contains the following information for users that may log into the system and/or as users that own running processes. The format for `/etc/passwd` includes:
9
-
10
- * A username
11
- * The password for that user (on newer systems passwords should be stored in `/etc/shadow` )
12
- * The user identifier (UID) assigned to that user
13
- * The group identifier (GID) assigned to that user
14
- * Additional information about that user
15
- * That user's home directory
16
- * That user's default command shell
17
-
18
- These entries are defined as a colon-delimited row in the file, one row per user:
19
-
20
- root:x:1234:5678:additional_info:/home/dir/:/bin/bash
21
-
22
- <br>
23
-
24
- ## Availability
25
-
26
- ### Installation
27
-
28
- This resource is distributed along with InSpec itself. You can use it automatically.
29
-
30
- ### Version
31
-
32
- This resource first became available in v1.0.0 of InSpec.
33
-
34
- ## Syntax
35
-
36
- A `passwd` resource block declares one (or more) users and associated user information to be tested:
37
-
38
- describe passwd do
39
- its('users') { should_not include 'forbidden_user' }
40
- end
41
-
42
- describe passwd.uid(filter) do
43
- its('users') { should cmp 'root' }
44
- its('count') { should eq 1 }
45
- end
46
-
47
- where
48
-
49
- * `homes`, `gids`, `passwords`, `shells`, `uids`, and `users` are valid accessors for `passwd`
50
- * `filter` one (or more) arguments, for example: `passwd.users(/name/)` used to define filtering
51
- * `filter` may take any of the following arguments: `count` (retrieves the number of entries), `lines` (provides raw `passwd` lines), and `params` (returns an array of maps for all entries)
52
-
53
- <br>
54
-
55
- ## Examples
56
-
57
- The following examples show how to use this InSpec audit resource.
58
-
59
- ### Test usernames and UIDs
60
-
61
- describe passwd do
62
- its('users') { should eq ['root', 'www-data'] }
63
- its('uids') { should eq [0, 33] }
64
- end
65
-
66
- ### Select one user and test for multiple occurrences
67
-
68
- describe passwd.uids(0) do
69
- its('users') { should cmp 'root' }
70
- its('count') { should eq 1 }
71
- end
72
-
73
- describe passwd.where { user == 'www-data' } do
74
- its('uids') { should cmp 33 }
75
- its('count') { should eq 1 }
76
- end
77
-
78
- <br>
79
-
80
- ## Matchers
81
-
82
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
83
-
84
- ### gids
85
-
86
- The `gids` matcher tests if the group indentifiers in the test match group identifiers in `/etc/passwd`:
87
-
88
- its('gids') { should include 1234 }
89
- its('gids') { should cmp 0 }
90
-
91
- ### homes
92
-
93
- The `homes` matcher tests the absolute path to a user's home directory:
94
-
95
- its('home') { should eq '/' }
96
-
97
- ### length
98
-
99
- The `length` matcher tests the length of a password that appears in `/etc/passwd`:
100
-
101
- its('length') { should be <= 32 }
102
-
103
- This matcher is best used in conjunction with filters. For example:
104
-
105
- describe passwd.users('highlander') do
106
- its('length') { should_not be < 16 }
107
- end
108
-
109
- ### passwords
110
-
111
- The `passwords` matcher tests if passwords are
112
-
113
- * Encrypted
114
- * Have direct logins disabled, as indicated by an asterisk (`*`)
115
- * In the `/etc/shadow` file, as indicated by the letter x (`x`)
116
-
117
- For example:
118
-
119
- its('passwords') { should eq ['x'] }
120
- its('passwords') { should cmp '*' }
121
-
122
- ### shells
123
-
124
- The `shells` matcher tests the absolute path of a shell (or command) to which a user has access:
125
-
126
- its('shells') { should_not include 'user' }
127
-
128
- or to find all users with the nologin shell:
129
-
130
- describe passwd.shells(/nologin/) do
131
- its('users') { should_not include 'my_login_user' }
132
- end
133
-
134
- ### uids
135
-
136
- The `uids` matcher tests if the user indentifiers in the test match user identifiers in `/etc/passwd`:
137
-
138
- its('uids') { should eq ['1234', '1235'] }
139
-
140
- or:
141
-
142
- describe passwd.uids(0) do
143
- its('users') { should cmp 'root' }
144
- its('count') { should eq 1 }
145
- end
146
-
147
- ### users
148
-
149
- The `users` matcher tests if the user names in the test match user names in `/etc/passwd`:
150
-
151
- its('users') { should eq ['root', 'www-data'] }
@@ -1,77 +0,0 @@
1
- ---
2
- title: About the pip Resource
3
- platform: os
4
- ---
5
-
6
- # pip
7
-
8
- Use the `pip` InSpec audit resource to test packages that are installed using the Python PIP installer.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `pip` resource block declares a package and (optionally) a package version:
25
-
26
- describe pip('package_name') do
27
- it { should be_installed }
28
- end
29
-
30
- where
31
-
32
- * `'package_name'` is the name of the package, such as `'Jinja2'`
33
- * `be_installed` tests to see if the package described above is installed
34
-
35
- <br>
36
-
37
- ## Examples
38
-
39
- The following examples show how to use this InSpec audit resource.
40
-
41
- ### Test if Jinja2 is installed on the system
42
-
43
- describe pip('Jinja2') do
44
- it { should be_installed }
45
- end
46
-
47
- ### Test if Jinja2 2.8 is installed on the system
48
-
49
- describe pip('Jinja2') do
50
- it { should be_installed }
51
- its('version') { should eq '2.8' }
52
- end
53
-
54
- ### Test packages installed into a non-default location (e.g. virtualenv) by passing a custom path to pip executable
55
-
56
- describe pip('Jinja2', '/path/to/bin/pip') do
57
- it { should be_installed }
58
- its('version') { should eq '2.8' }
59
- end
60
-
61
- <br>
62
-
63
- ## Matchers
64
-
65
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
66
-
67
- ### be_installed
68
-
69
- The `be_installed` matcher tests if the named package is installed on the system:
70
-
71
- it { should be_installed }
72
-
73
- ### version
74
-
75
- The `version` matcher tests if the named package version is on the system:
76
-
77
- its('version') { should eq '1.2.3' }
@@ -1,147 +0,0 @@
1
- ---
2
- title: About the port Resource
3
- platform: os
4
- ---
5
-
6
- # port
7
-
8
- Use the `port` InSpec audit resource to test basic port properties, such as port, process, if it's listening.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `port` resource block declares a port, and then depending on what needs to be tested, a process, protocol, process identifier, and its state (is it listening?):
25
-
26
- describe port(514) do
27
- it { should be_listening }
28
- its('processes') {should include 'syslog'}
29
- end
30
-
31
- where the `processes` returns the processes listening on port 514.
32
-
33
- A filter may specify an attribute:
34
-
35
- describe port.where { protocol =~ /tcp/ && port > 22 && port < 80 } do
36
- it { should_not be_listening }
37
- end
38
-
39
- where
40
-
41
- * `.where{}` specifies a block in which one (or more) attributes---`port`, `address`, `protocol`, `process`, `pid`, or `listening?`----scope the test to ports that match those attributes
42
-
43
- For example, to test if the SSH daemon is available on a Linux machine via the default port (22):
44
-
45
- describe port(22) do
46
- its('processes') { should include 'sshd' }
47
- its('protocols') { should include 'tcp' }
48
- its('addresses') { should include '0.0.0.0' }
49
- end
50
-
51
- <br>
52
-
53
- ## Examples
54
-
55
- The following examples show how to use this InSpec audit resource.
56
-
57
- ### Test port 80, listening with the TCP protocol
58
-
59
- describe port(80) do
60
- it { should be_listening }
61
- its('protocols') { should cmp 'tcp' }
62
- end
63
-
64
- ### Test port 80, on a specific address
65
-
66
- A specific port address may be checked using either of the following examples:
67
-
68
- describe port(80) do
69
- it { should be_listening }
70
- its('addresses') {should include '0.0.0.0'}
71
- end
72
-
73
- or:
74
-
75
- describe port('0.0.0.0', 80) do
76
- it { should be_listening }
77
- end
78
-
79
- ### Test port 80, listening with TCP version IPv6 protocol
80
-
81
- describe port(80) do
82
- it { should be_listening }
83
- its('protocols') { should cmp 'tcp6' }
84
- end
85
-
86
- ### Test that only secure ports accept requests
87
-
88
- describe port(80) do
89
- it { should_not be_listening }
90
- end
91
-
92
- describe port(443) do
93
- it { should be_listening }
94
- its('protocols') { should cmp 'tcp' }
95
- end
96
-
97
- ### Verify port 65432 is not listening
98
-
99
- describe port(22) do
100
- it { should be_listening }
101
- its('protocols') { should include('tcp') }
102
- its('protocols') { should_not include('udp') }
103
- end
104
-
105
- describe port(65432) do
106
- it { should_not be_listening }
107
- end
108
-
109
- <br>
110
-
111
- ## Matchers
112
-
113
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
114
-
115
- ### address
116
-
117
- The `addresses` matcher tests if the specified address is associated with a port:
118
-
119
- its('addresses') { should include '0.0.0.0' }
120
-
121
- ### be_listening
122
-
123
- The `be_listening` matcher tests if the port is listening for traffic:
124
-
125
- it { should be_listening }
126
-
127
- ### pids
128
-
129
- The `pids` matcher tests the process identifiers (PIDs):
130
-
131
- its('pids') { should cmp 27808 }
132
-
133
- ### processes
134
-
135
- The `processes` matcher tests if the named process is running on the system:
136
-
137
- its('processes') { should cmp 'syslog' }
138
-
139
- ### protocols
140
-
141
- The `protocols` matcher tests the Internet protocol: ICMP (`'icmp'`), TCP (`'tcp'` or `'tcp6'`), or UDP (`'udp'` or `'udp6'`):
142
-
143
- its('protocols') { should include 'tcp' }
144
-
145
- or for the IPv6 protocol:
146
-
147
- its('protocols') { should include 'tcp6' }
@@ -1,89 +0,0 @@
1
- ---
2
- title: About the postgres_conf Resource
3
- platform: os
4
- ---
5
-
6
- # postgres_conf
7
-
8
- Use the `postgres_conf` InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at `/etc/postgresql/<version>/main/postgresql.conf` or `/var/lib/postgres/data/postgresql.conf`, depending on the platform.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `postgres_conf` resource block declares one (or more) settings in the `postgresql.conf` file, and then compares the setting in the configuration file to the value stated in the test:
25
-
26
- describe postgres_conf('path') do
27
- its('setting') { should eq 'value' }
28
- end
29
-
30
-
31
- where
32
-
33
- * `'setting'` specifies a setting in the `postgresql.conf` file
34
- * `('path')` is the non-default path to the `postgresql.conf` file (optional)
35
- * `should eq 'value'` is the value that is expected
36
-
37
- <br>
38
-
39
- ## Examples
40
-
41
- The following examples show how to use this InSpec audit resource.
42
-
43
- ### Test the maximum number of allowed client connections
44
-
45
- describe postgres_conf do
46
- its('max_connections') { should eq '5' }
47
- end
48
-
49
- ### Test system logging
50
-
51
- describe postgres_conf do
52
- its('logging_collector') { should eq 'on' }
53
- its('log_connections') { should eq 'on' }
54
- its('log_disconnections') { should eq 'on' }
55
- its('log_duration') { should eq 'on' }
56
- its('log_hostname') { should eq 'on' }
57
- its('log_line_prefix') { should eq '%t %u %d %h' }
58
- its(['pgaudit.log_parameter']) { should cmp 'on' }
59
- end
60
-
61
- ### Test the port on which PostgreSQL listens
62
-
63
- describe postgres_conf do
64
- its('port') { should eq '5432' }
65
- end
66
-
67
- ### Test the Unix socket settings
68
-
69
- describe postgres_conf do
70
- its('unix_socket_directories') { should eq '.s.PGSQL.5432' }
71
- its('unix_socket_group') { should eq nil }
72
- its('unix_socket_permissions') { should eq '0770' }
73
- end
74
-
75
- where `unix_socket_group` is set to the PostgreSQL default setting (the group to which the server user belongs).
76
-
77
- <br>
78
-
79
- ## Matchers
80
-
81
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
82
-
83
- ### setting
84
-
85
- The `setting` matcher tests specific, named settings in the `postgresql.conf` file:
86
-
87
- its('setting') { should eq 'value' }
88
-
89
- Use a `setting` matcher for each setting to be tested.