inspec 2.3.10 → 2.3.23

data/docs/resources/postgres_hba_conf.md.erb

@@ -1,103 +0,0 @@
----
-title: About the postgres_hba_conf Resource
-platform: linux
----
-
-# postgres\_hba\_conf
-
-Use the `postgres_hba_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.31.0 of InSpec.
-
-## Syntax
-
-An `postgres_hba_conf` InSpec audit resource block declares client authentication data that should be tested:
-
-    describe postgres_hba_conf.where { type == 'local' } do
-     its('auth_method') { should eq ['peer'] }
-    end
-
-where
-
-* `'attribute'` is a attribute in the  pg hba configuration file
-* `'filter_value'` is the value that is to be filtered for
-* `'value'` is the value that is to be matched expected
-
-<br>
-
-## Properties
-
-    'address', 'auth_method', 'auth_params', 'conf_dir' , 'conf_file' , 'database', 'params' ,'type', 'user'
-
-<br>
-
-## Property Examples
-
-### address([String])
-
-`address` returns a an array of strings that matches the where condition of the filter table
-
-    describe postgres_hba_conf.where { type == 'local' } do
-      its('address') { should cmp 'value' }
-    end
-
-### auth_method([String])
-
-`auth_method` returns a an array of strings that matches the where condition of the filter table
-
-    describe postgres_hba_conf.where { type == 'local' } do
-      its('auth_method') { should cmp 'value' }
-    end
-
-### database([String])
-
-`database` returns a an array of strings that matches the where condition of the filter table
-
-    describe postgres_hba_conf.where { type == 'local' } do
-      its('database') { should cmp 'value' }
-    end
-
-### type([String])
-
-`type` returns a an array of strings that matches the where condition of the filter table
-
-    describe postgres_hba_conf.where { database == 'acme_test_db' } do
-      its('type') { should cmp 'value' }
-    end
-
-### user([String])
-
-`user` returns a an array of strings that matches the where condition of the filter table
-
-    describe postgres_hba_conf.where { database == 'acme_test_db' } do
-      its('user') { should cmp 'value' }
-    end
-
-<br>
-
-## Matchers
-
-This InSpec audit resource matches any service that is listed in the HBA configuration file. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-    its('auth_method') { should_not cmp 'peer' }
-
-or:
-
-    its('auth_method') { should cmp 'peer' }
-
-For example:
-
-    describe postgres_hba_conf.where { type == 'type' } do
-      its('auth_method') { should cmp 'value' }
-      its('user') { should cmp 'value' }
-    end

data/docs/resources/postgres_ident_conf.md.erb

@@ -1,86 +0,0 @@
----
-title: About the postgres_ident_conf Resource
-platform: linux
----
-
-# postgres\_ident\_conf
-
-Use the `postgres_ident_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.31.0 of InSpec.
-
-## Syntax
-
-An `postgres_ident_conf` InSpec audit resource block declares client authentication data that should be tested:
-
-    describe postgres_ident_conf.where { pg_username == 'filter_value' } do
-      its('attribute') { should eq ['value'] }
-    end
-
-where
-
-* `'attribute'` is a attribute in the  pg ident configuration file
-* `'filter_value'` is the value that is to be filtered for
-* `'value'` is the value that is to be matched expected
-
-<br>
-
-## Properties
-
-    'conf_file', 'map_name', 'params', 'pg_username', 'system_username'
-
-<br>
-
-## Property Examples
-
-### map_name([String])
-
-`address` returns a an array of strings that matches the where condition of the filter table
-
-    describe pg_hba_conf.where { pg_username == 'name' } do
-      its('map_name') { should eq ['value'] }
-    end
-### pg_username([String])
-
-`pg_username` returns a an array of strings that matches the where condition of the filter table
-
-    describe pg_hba_conf.where { pg_username == 'name' } do
-      its('pg_username') { should eq ['value'] }
-    end
-
-### system_username([String])
-
-`system_username` returns a an array of strings that matches the where condition of the filter table
-
-    describe pg_hba_conf.where { pg_username == 'name' } do
-      its('system_username') { should eq ['value'] }
-    end
-
-<br>
-
-## Matchers
-
-This InSpec audit resource matches any service that is listed in the pg ident configuration file. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-    its('pg_username') { should_not eq ['peer'] }
-
-or:
-
-    its('map_name') { should eq ['value'] }
-
-For example:
-
-    describe postgres_ident_conf.where { pg_username == 'name' } do
-      its('system_username') { should eq ['value'] }
-      its('map_name') { should eq ['value'] }
-    end

data/docs/resources/postgres_session.md.erb

@@ -1,79 +0,0 @@
----
-title: About the postgres_session Resource
-platform: os
----
-
-# postgres_session
-
-Use the `postgres_session` InSpec audit resource to test SQL commands run against a PostgreSQL database.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:
-
-    # Create a PostgreSQL session:
-    sql = postgres_session('username', 'password', 'host')
-
-    # default values:
-    #   username: 'postgres'
-    #   host: 'localhost'
-
-    # Run an SQL query with an optional database to execute
-    sql.query('sql_query', ['database_name'])`
-
-A full example is:
-
-    sql = postgres_session('username', 'password', 'host')
-    describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
-      its('output') { should eq '' }
-    end
-
-where `its('output') { should eq '' }` compares the results of the query against the expected result in the test
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test the PostgreSQL shadow password
-
-    sql = postgres_session('my_user', 'password', '192.168.1.2')
-
-    describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;', ['testdb']) do
-      its('output') { should eq('') }
-    end
-
-### Test for risky database entries
-
-    describe postgres_session('my_user', 'password').query('SELECT count (*)
-                  FROM pg_language
-                  WHERE lanpltrusted = \'f\'
-                  AND lanname!=\'internal\'
-                  AND lanname!=\'c\';', ['postgres']) do
-      its('output') { should eq '0' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### output
-
-The `output` matcher tests the results of the query:
-
-    its('output') { should eq(/^0/) }

data/docs/resources/powershell.md.erb

@@ -1,112 +0,0 @@
----
-title: About the powershell Resource
-platform: windows
----
-
-# powershell
-
-Use the `powershell` InSpec audit resource to test a Powershell script on the Windows platform.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-A `powershell` resource block declares a Powershell script to be tested, and then compares the output of that command to the matcher in the test:
-
-    script = <<-EOH
-      # a PowerShell script
-    EOH
-
-    describe powershell(script) do
-      its('property') { should eq 'output' }
-    end
-
-where
-
-* `'script'` must specify a Powershell script to be run
-* `'matcher'` is one of `exit_status`, `stderr`, or `stdout`
-* `'output'` tests the output of the command run on the system versus the output value stated in the test
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Get all groups of Administrator user
-
-    script = <<-EOH
-      # find user
-      $user = Get-WmiObject Win32_UserAccount -filter "Name = 'Administrator'"
-      # get related groups
-      $groups = $user.GetRelated('Win32_Group') | Select-Object -Property Caption, Domain, Name, LocalAccount, SID, SIDType, Status
-      $groups | ConvertTo-Json
-    EOH
-
-    describe powershell(script) do
-      its('stdout') { should_not eq '' }
-    end
-
-### Write-Output 'hello'
-
-The following Powershell script:
-
-    script = <<-EOH
-      Write-Output 'hello'
-    EOH
-
-can be tested in the following ways.
-
-For a newline:
-
-    describe powershell(script) do
-      its('stdout') { should eq "hello\r\n" }
-      its('stderr') { should eq '' }
-    end
-
-Removing whitespace `\r\n` from `stdout`:
-
-    describe powershell(script) do
-      its('strip') { should eq "hello" }
-    end
-
-No newline:
-
-    describe powershell("'hello' | Write-Host -NoNewLine") do
-      its('stdout') { should eq 'hello' }
-      its('stderr') { should eq '' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### exit_status
-
-The `exit_status` matcher tests the exit status for the command:
-
-    its('exit_status') { should eq 123 }
-
-### stderr
-
-The `stderr` matcher tests results of the command as returned in standard error (stderr):
-
-    its('stderr') { should eq 'error' }
-
-### stdout
-
-The `stdout` matcher tests results of the command as returned in standard output (stdout):
-
-    its('stdout') { should eq '/^1$/' }

data/docs/resources/processes.md.erb

@@ -1,119 +0,0 @@
----
-title: About the processes Resource
-platform: os
----
-
-# processes
-
-Use the `processes` InSpec audit resource to test properties for programs that are running on the system.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v1.0.0 of InSpec.
-
-## Syntax
-
-A `processes` resource block declares the name of the process to be tested, and then declares one (or more) property/value pairs:
-
-    describe processes('process_name') do
-      its('property_name') { should eq ['property_value'] }
-    end
-
-where
-
-* `processes('process_name')` specifies the name of a process to check. If this is a string, it will be converted to a Regexp. For more specificity, pass a Regexp directly. If left blank, all processes will be returned.
-* `property_name` may be used to test user (`its('users')`) and state properties (`its('states')`)
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test if the list length for the mysqld process is 1
-
-    describe processes('mysqld') do
-      its('list.length') { should eq 1 }
-    end
-
-### Test if the process is owned by a specific user
-
-    describe processes('init') do
-      its('users') { should eq ['root'] }
-    end
-
-    describe processes('winlogon') do
-      its('users') { should cmp "NT AUTHORITY\\SYSTEM" }
-    end
-
-
-### Test if a high-priority process is running
-
-    describe processes('linux_process') do
-      its('states') { should eq ['R<'] }
-    end
-
-    describe processes('windows_process') do
-      its('labels') { should cmp "High" }
-    end
-
-### Test if a process exists on the system
-
-    describe processes('some_process') do
-      it { should exist }
-    end
-
-### Test for a process using a specific Regexp
-
-If the process name is too common for a string to uniquely find it,
-you may use a regexp. Inclusion of whitespace characters may be
-needed.
-
-    describe processes(Regexp.new("/usr/local/bin/swap -d")) do
-      its('list.length') { should eq 1 }
-    end
-
-### Notes for auditing Windows systems
-
-Sometimes with system properties there isn't a direct comparison between different operating systems.
-Most of the `property_name`'s do align between the different OS's.
-
-There are however some exception's, for example, within linux `states` offers multiple properties.
-Windows doesn't have direct comparison that is a single property so instead `states` is mapped to the property of `Responding`, This is a boolean true/false flag to help determine if the process is hung.
-
-Below is a mapping table to help you understand what property the unix field maps to the windows `Get-Process` Property
-
-| *unix ps field* | *windows PowerShell Property* |
-|:---------------:|:-----------------------------:|
-|labels           |PriorityClass|
-|pids             |Id|
-|cpus             |CPU|
-|mem              |PM|
-|vsz              |VirtualMemorySize|
-|rss              |NPM|
-|tty              |SessionId|
-|states           |Responding|
-|start            |StartTime|
-|time             |TotalProcessorTime|
-|users            |UserName|
-|commands         |Path|
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### property_name
-
-The `property_name` matcher tests the named property for the specified value:
-
-    its('property_name') { should eq ['property_value'] }