inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,51 +0,0 @@
1
- ---
2
- title: About the rabbitmq_config Resource
3
- platform: linux
4
- ---
5
-
6
- # rabbitmq_config
7
-
8
- Use the `rabbitmq_config` InSpec audit resource to test configuration data for the RabbitMQ daemon located at `/etc/rabbitmq/rabbitmq.config` on Linux and Unix platforms.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.20.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `rabbitmq_config` resource block declares the RabbitMQ configuration data to be tested:
25
-
26
- describe rabbitmq_config.params('rabbit', 'ssl_listeners') do
27
- it { should cmp 5671 }
28
- end
29
-
30
- where
31
-
32
- * `params` is the list of parameters configured in the RabbitMQ config file
33
- * `{ should cmp 5671 }` tests the value of `rabbit.ssl_listeners` as read from `rabbitmq.config` versus the value declared in the test
34
-
35
- <br>
36
-
37
- ## Examples
38
-
39
- The following examples show how to use this InSpec audit resource.
40
-
41
- ### Test the list of TCP listeners
42
-
43
- describe rabbitmq_config.params('rabbit', 'tcp_listeners') do
44
- it { should eq [5672] }
45
- end
46
-
47
- <br>
48
-
49
- ## Matchers
50
-
51
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,197 +0,0 @@
1
- ---
2
- title: About the registry_key Resource
3
- platform: windows
4
- ---
5
-
6
- # registry_key
7
-
8
- Use the `registry_key` InSpec audit resource to test key values in the Windows registry.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `registry_key` resource block declares the item in the Windows registry, the path to a setting under that item, and then one (or more) name/value pairs to be tested.
25
-
26
- Use a registry key name and path:
27
-
28
- describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do
29
- its('Start') { should eq 2 }
30
- end
31
-
32
- Use only a registry key path:
33
-
34
- describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do
35
- its('Start') { should eq 2 }
36
- end
37
-
38
- Or use a Ruby Hash:
39
-
40
- describe registry_key({
41
- name: 'Task Scheduler',
42
- hive: 'HKEY_LOCAL_MACHINE',
43
- key: '\SYSTEM\CurrentControlSet\services\Schedule'
44
- }) do
45
- its('Start') { should eq 2 }
46
- end
47
-
48
-
49
- ### Registry Key Path Separators
50
-
51
- A Windows registry key can be used as a string in Ruby code, such as when a registry key is used as the name of a recipe. In Ruby, when a registry key is enclosed in a double-quoted string (`" "`), the same backslash character (`\`) that is used to define the registry key path separator is also used in Ruby to define an escape character. Therefore, the registry key path separators must be escaped when they are enclosed in a double-quoted string. For example, the following registry key:
52
-
53
- HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Themes
54
-
55
- may be enclosed in a single-quoted string with a single backslash:
56
-
57
- 'HKCU\SOFTWARE\path\to\key\Themes'
58
-
59
- or may be enclosed in a double-quoted string with an extra backslash as an escape character:
60
-
61
- "HKCU\\SOFTWARE\\path\\to\\key\\Themes"
62
-
63
-
64
- <p class="warning">
65
- Please make sure that you use backslashes instead of forward slashes. Forward slashes will not work for registry keys.
66
- </p>
67
-
68
- # The following will not work:
69
- # describe registry_key('HKLM/SOFTWARE/Microsoft/NET Framework Setup/NDP/v4/Full/1033') do
70
- # its('Release') { should eq 378675 }
71
- # end
72
- # You should use:
73
- describe registry_key('HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\1033') do
74
- its('Release') { should eq 378675 }
75
- end
76
-
77
- <br>
78
-
79
- ## Examples
80
-
81
- The following examples show how to use this InSpec audit resource.
82
-
83
- ### Test the start time for the Schedule service
84
-
85
- describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\...\Schedule') do
86
- its('Start') { should eq 2 }
87
- end
88
-
89
- where `'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule'` is the full path to the setting.
90
-
91
- ### Use a regular expression in responses
92
-
93
- describe registry_key({
94
- hive: 'HKEY_LOCAL_MACHINE',
95
- key: 'SOFTWARE\Microsoft\Windows NT\CurrentVersion'
96
- }) do
97
- its('ProductName') { should match /^[a-zA-Z0-9\(\)\s]*2012\s[rR]2[a-zA-Z0-9\(\)\s]*$/ }
98
- end
99
-
100
- <br>
101
-
102
- ## Matchers
103
-
104
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
105
-
106
- ### children
107
-
108
- The `children` matcher return all of the child items of a registry key. A regular expression may be used to filter child items:
109
-
110
- describe registry_key('Key Name', '\path\to\key').children(regex)
111
- ...
112
- end
113
-
114
- For example, to get all child items for a registry key:
115
-
116
- describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet').children do
117
- it { should_not eq [] }
118
- end
119
-
120
- The following example shows how find a property that may exist against multiple registry keys, and then test that property for every registry key in which that property is located:
121
-
122
- describe registry_key({
123
- hive: 'HKEY_USERS'
124
- }).children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}\\Software\\Policies\\Microsoft\\Windows\\Installer/).each { |key|
125
- describe registry_key(key) do
126
- its('AlwaysInstallElevated') { should eq 'value' }
127
- end
128
- }
129
-
130
- ### exist
131
-
132
- The `exist` matcher tests if the registry key is present:
133
-
134
- it { should exist }
135
-
136
- ### have_property
137
-
138
- The `have_property` matcher tests if a property exists for a registry key:
139
-
140
- it { should have_property 'value' }
141
-
142
- ### have\_property\_value
143
-
144
- The `have_property_value` matcher tests if a property value exists for a registry key:
145
-
146
- it { should have_property_value 'value' }
147
-
148
- ### have_value
149
-
150
- The `have_value` matcher tests if a value exists for a registry key:
151
-
152
- it { should have_value 'value' }
153
-
154
- ### name
155
-
156
- The `name` matcher tests the value for the specified registry setting:
157
-
158
- its('name') { should eq 'value' }
159
-
160
-
161
- <p class="warning">
162
- Any name with a dot will not work as expected: <code>its('explorer.exe') { should eq 'test' }</code>. For details, see <a href="https://github.com/inspec/inspec/issues/1281">https://github.com/inspec/inspec/issues/1281</a>
163
- </p>
164
-
165
- # instead of:
166
- # its('explorer.exe') { should eq 'test' }
167
- # either use have_property_value...
168
- it { should have_property_value('explorer.exe', :string, 'test') }
169
-
170
- # ...or provide the name in an array
171
- its(['explorer.exe']) { should eq 'test' }
172
-
173
- The latter workaround may be preferable because upon failure, Inspec will present the expected and actual values:
174
-
175
- inspec> describe registry_key('HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop') do
176
- inspec> its(["SCRNSAVE.EXE"]) { should eq "FlyingToasters.scr" }
177
- inspec> end
178
-
179
- Profile: inspec-shell
180
- Version: (not specified)
181
-
182
- Registry Key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop
183
- × ["SCRNSAVE.EXE"] should eq "FlyingToasters.scr"
184
-
185
- expected: "FlyingToasters.scr"
186
- got: "scrnsave.scr"
187
-
188
- (compared using ==)
189
-
190
-
191
- Test Summary: 0 successful, 1 failure, 0 skipped
192
-
193
- `have_property_value` only presents a false assertion:
194
-
195
- Registry Key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop
196
- × should have property value "SCRNSAVE.EXE", "FlyingToasters.scr"
197
- expected #has_property_value?("SCRNSAVE.EXE", "FlyingToasters.scr") to return true, got false
@@ -1,67 +0,0 @@
1
- ---
2
- title: About the runit_service Resource
3
- platform: linux
4
- ---
5
-
6
- # runit_service
7
-
8
- Use the `runit_service` InSpec audit resource to test a service using runit.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `runit_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
25
-
26
- describe runit_service('service_name') do
27
- it { should be_installed }
28
- it { should be_enabled }
29
- it { should be_running }
30
- end
31
-
32
- where
33
-
34
- * `('service_name')` must specify a service name
35
- * `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
36
-
37
- The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example:
38
-
39
- describe runit_service('service_name', '/path/to/control') do
40
- it { should be_enabled }
41
- it { should be_installed }
42
- it { should be_running }
43
- end
44
-
45
- <br>
46
-
47
- ## Matchers
48
-
49
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
50
-
51
- ### be_enabled
52
-
53
- The `be_enabled` matcher tests if the named service is enabled:
54
-
55
- it { should be_enabled }
56
-
57
- ### be_installed
58
-
59
- The `be_installed` matcher tests if the named service is installed:
60
-
61
- it { should be_installed }
62
-
63
- ### be_running
64
-
65
- The `be_running` matcher tests if the named service is running:
66
-
67
- it { should be_running }
@@ -1,57 +0,0 @@
1
- ---
2
- title: About the security_policy Resource
3
- platform: windows
4
- ---
5
-
6
- # security_policy
7
-
8
- Use the `security_policy` InSpec audit resource to test security policies on the Windows platform.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `security_policy` resource block declares the name of a security policy and the value to be tested:
25
-
26
- describe security_policy do
27
- its('policy_name') { should eq 'value' }
28
- end
29
-
30
- where
31
-
32
- * `'policy_name'` must specify a security policy
33
- * `{ should eq 'value' }` tests the value of `policy_name` against the value declared in the test
34
-
35
- <br>
36
-
37
- ## Examples
38
-
39
- The following examples show how to use this InSpec audit resource.
40
-
41
- ### Verify that only the Administrators group has remote access
42
-
43
- describe security_policy do
44
- its('SeRemoteInteractiveLogonRight') { should eq '*S-1-5-32-544' }
45
- end
46
-
47
- <br>
48
-
49
- ## Matchers
50
-
51
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
52
-
53
- ### policy_name
54
-
55
- The `policy_name` matcher must be the name of a security policy:
56
-
57
- its('SeNetworkLogonRight') { should eq '*S-1-5-11' }
@@ -1,131 +0,0 @@
1
- ---
2
- title: About the service Resource
3
- platform: os
4
- ---
5
-
6
- # service
7
-
8
- Use the `service` InSpec audit resource to test if the named service is installed, running and/or enabled.
9
-
10
- Under some circumstances, it may be necessary to specify the service manager by using one of the following service manager-specific resources: `bsd_service`, `launchd_service`, `runit_service`, `systemd_service`, `sysv_service`, or `upstart_service`. These resources are based on the `service` resource.
11
-
12
- <br>
13
-
14
- ## Availability
15
-
16
- ### Installation
17
-
18
- This resource is distributed along with InSpec itself. You can use it automatically.
19
-
20
- ### Version
21
-
22
- This resource first became available in v1.0.0 of InSpec.
23
-
24
- ## Syntax
25
-
26
- A `service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
27
-
28
- describe service('service_name') do
29
- it { should be_installed }
30
- it { should be_enabled }
31
- it { should be_running }
32
- end
33
-
34
- where
35
-
36
- * `('service_name')` must specify a service name
37
- * `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource
38
-
39
- <br>
40
-
41
- ## Examples
42
-
43
- The following examples show how to use this InSpec audit resource.
44
-
45
- ### Test if the postgresql service is both running and enabled
46
-
47
- describe service('postgresql') do
48
- it { should be_enabled }
49
- it { should be_running }
50
- end
51
-
52
- ### Test if the mysql service is both running and enabled
53
-
54
- describe service('mysqld') do
55
- it { should be_enabled }
56
- it { should be_running }
57
- end
58
-
59
- ### Test if ClamAV (an antivirus engine) is installed and running
60
-
61
- describe package('clamav') do
62
- it { should be_installed }
63
- its('version') { should eq '0.98.7' }
64
- end
65
-
66
- describe service('clamd') do
67
- it { should_not be_enabled }
68
- it { should_not be_installed }
69
- it { should_not be_running }
70
- end
71
-
72
- ### Test Unix System V run levels
73
-
74
- On targets that are using SystemV services, the existing run levels can also be checked:
75
-
76
- describe service('sshd').runlevels do
77
- its('keys') { should include(2) }
78
- end
79
-
80
- describe service('sshd').runlevels(2,4) do
81
- it { should be_enabled }
82
- end
83
-
84
- ### Override the service manager
85
-
86
- Under some circumstances, it may be required to override the logic in place to select the right service manager. For example, to check a service managed by Upstart:
87
-
88
- describe upstart_service('service') do
89
- it { should_not be_enabled }
90
- it { should be_installed }
91
- it { should be_running }
92
- end
93
-
94
- This is also possible with `systemd_service`, `runit_service`, `sysv_service`, `bsd_service`, and `launchd_service`. Provide the control command when it is not to be found at the default location. For example, if the `sv` command for services managed by runit is not in the `PATH`:
95
-
96
- describe runit_service('service', '/opt/chef/embedded/sbin/sv') do
97
- it { should be_enabled }
98
- it { should be_installed }
99
- it { should be_running }
100
- end
101
-
102
- ### Verify that IIS is running
103
-
104
- describe service('W3SVC') do
105
- it { should be_installed }
106
- it { should be_running }
107
- end
108
-
109
- <br>
110
-
111
- ## Matchers
112
-
113
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
114
-
115
- ### be_enabled
116
-
117
- The `be_enabled` matcher tests if the named service is enabled:
118
-
119
- it { should be_enabled }
120
-
121
- ### be_installed
122
-
123
- The `be_installed` matcher tests if the named service is installed:
124
-
125
- it { should be_installed }
126
-
127
- ### be_running
128
-
129
- The `be_running` matcher tests if the named service is running:
130
-
131
- it { should be_running }