inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,52 +0,0 @@
1
- ---
2
- title: About the sys_info Resource
3
- platform: os
4
- ---
5
-
6
- # sys_info
7
-
8
- Use the `sys_info` InSpec audit resource to test for operating system properties for the named host, and then returns that info as standard output.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An `sys_info` resource block declares the hostname to be tested:
25
-
26
- describe sys_info do
27
- its('hostname') { should eq 'value' }
28
- end
29
-
30
- <br>
31
-
32
- ## Examples
33
-
34
- The following examples show how to use this InSpec audit resource.
35
-
36
- ### Get system information for example.com
37
-
38
- describe sys_info do
39
- its('hostname') { should eq 'example.com' }
40
- end
41
-
42
- <br>
43
-
44
- ## Matchers
45
-
46
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
47
-
48
- ### hostname
49
-
50
- The `hostname` matcher tests the host for which standard output is returned:
51
-
52
- its('hostname') { should eq 'value' }
@@ -1,67 +0,0 @@
1
- ---
2
- title: About the systemd_service Resource
3
- platform: linux
4
- ---
5
-
6
- # systemd_service
7
-
8
- Use the `systemd_service` InSpec audit resource to test a service using SystemD.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `systemd_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
25
-
26
- describe systemd_service('service_name') do
27
- it { should be_installed }
28
- it { should be_enabled }
29
- it { should be_running }
30
- end
31
-
32
- where
33
-
34
- * `('service_name')` must specify a service name
35
- * `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
36
-
37
- The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example:
38
-
39
- describe systemd_service('service_name', '/path/to/control') do
40
- it { should be_enabled }
41
- it { should be_installed }
42
- it { should be_running }
43
- end
44
-
45
- <br>
46
-
47
- ## Matchers
48
-
49
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
50
-
51
- ### be_enabled
52
-
53
- The `be_enabled` matcher tests if the named service is enabled:
54
-
55
- it { should be_enabled }
56
-
57
- ### be_installed
58
-
59
- The `be_installed` matcher tests if the named service is installed:
60
-
61
- it { should be_installed }
62
-
63
- ### be_running
64
-
65
- The `be_running` matcher tests if the named service is running:
66
-
67
- it { should be_running }
@@ -1,67 +0,0 @@
1
- ---
2
- title: About the sysv_service Resource
3
- platform: linux
4
- ---
5
-
6
- # sysv_service
7
-
8
- Use the `sysv_service` InSpec audit resource to test a service using SystemV.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `sysv_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
25
-
26
- describe sysv_service('service_name') do
27
- it { should be_installed }
28
- it { should be_enabled }
29
- it { should be_running }
30
- end
31
-
32
- where
33
-
34
- * `('service_name')` must specify a service name
35
- * `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
36
-
37
- The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example:
38
-
39
- describe sysv_service('service_name', '/path/to/control') do
40
- it { should be_enabled }
41
- it { should be_installed }
42
- it { should be_running }
43
- end
44
-
45
- <br>
46
-
47
- ## Matchers
48
-
49
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
50
-
51
- ### be_enabled
52
-
53
- The `be_enabled` matcher tests if the named service is enabled:
54
-
55
- it { should be_enabled }
56
-
57
- ### be_installed
58
-
59
- The `be_installed` matcher tests if the named service is installed:
60
-
61
- it { should be_installed }
62
-
63
- ### be_running
64
-
65
- The `be_running` matcher tests if the named service is running:
66
-
67
- it { should be_running }
@@ -1,67 +0,0 @@
1
- ---
2
- title: About the upstart_service Resource
3
- platform: linux
4
- ---
5
-
6
- # upstart_service
7
-
8
- Use the `upstart_service` InSpec audit resource to test a service using Upstart.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An `upstart_service` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
25
-
26
- describe upstart_service('service_name') do
27
- it { should be_installed }
28
- it { should be_enabled }
29
- it { should be_running }
30
- end
31
-
32
- where
33
-
34
- * `('service_name')` must specify a service name
35
- * `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
36
-
37
- The path to the service manager's control may be specified for situations where the path isn't available in the current `PATH`. For example:
38
-
39
- describe upstart_service('service_name', '/path/to/control') do
40
- it { should be_enabled }
41
- it { should be_installed }
42
- it { should be_running }
43
- end
44
-
45
- <br>
46
-
47
- ## Matchers
48
-
49
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
50
-
51
- ### be_enabled
52
-
53
- The `be_enabled` matcher tests if the named service is enabled:
54
-
55
- it { should be_enabled }
56
-
57
- ### be_installed
58
-
59
- The `be_installed` matcher tests if the named service is installed:
60
-
61
- it { should be_installed }
62
-
63
- ### be_running
64
-
65
- The `be_running` matcher tests if the named service is running:
66
-
67
- it { should be_running }
@@ -1,150 +0,0 @@
1
- ---
2
- title: About the user Resource
3
- platform: os
4
- ---
5
-
6
- # user
7
-
8
- Use the `user` InSpec audit resource to test user profiles for a single, known/expected local user, including the groups to which that user belongs, the frequency of required password changes, and the directory paths to home and shell.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `user` resource block declares a user name, and then one (or more) matchers:
25
-
26
- describe user('root') do
27
- it { should exist }
28
- its('uid') { should eq 1234 }
29
- its('gid') { should eq 1234 }
30
- its('group') { should eq 'root' }
31
- its('groups') { should eq ['root', 'other']}
32
- its('home') { should eq '/root' }
33
- its('shell') { should eq '/bin/bash' }
34
- its('mindays') { should eq 0 }
35
- its('maxdays') { should eq 90 }
36
- its('warndays') { should eq 8 }
37
- end
38
-
39
- where
40
-
41
- * `('root')` is the user to be tested
42
- * `it { should exist }` tests if the user exists
43
- * `gid`, `group`, `groups`, `home`, `maxdays`, `mindays`, `shell`, `uid`, and `warndays` are valid matchers for this resource
44
-
45
- <br>
46
-
47
- ## Examples
48
-
49
- The following examples show how to use this InSpec audit resource.
50
-
51
- ### Verify available users for the MySQL server
52
-
53
- describe user('root') do
54
- it { should exist }
55
- its('uid') { should eq 0 }
56
- its('groups') { should eq ['root'] }
57
- end
58
-
59
- describe user('mysql') do
60
- it { should_not exist }
61
- end
62
-
63
- ### Test users on multiple platforms
64
-
65
- The `nginx` user is typically `www-data`, but on CentOS it's `nginx`. The following example shows how to test for the `nginx` user with a single test, but accounting for all platforms:
66
-
67
- web_user = 'www-data'
68
- web_user = 'nginx' if os[:family] == 'centos'
69
-
70
- describe user(web_user) do
71
- it { should exist }
72
- end
73
-
74
- <br>
75
-
76
- ## Matchers
77
-
78
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
79
-
80
- ### exist
81
-
82
- The `exist` matcher tests if the named user exists:
83
-
84
- it { should exist }
85
-
86
- ### gid
87
-
88
- The `gid` matcher tests the group identifier:
89
-
90
- its('gid') { should eq 1234 }
91
-
92
- where `1234` represents the user identifier.
93
-
94
- ### group
95
-
96
- The `group` matcher tests the group to which the user belongs:
97
-
98
- its('group') { should eq 'root' }
99
-
100
- where `root` represents the group.
101
-
102
- ### groups
103
-
104
- The `groups` matcher tests two (or more) groups to which the user belongs:
105
-
106
- its('groups') { should eq ['root', 'other'] }
107
-
108
- ### home
109
-
110
- The `home` matcher tests the home directory path for the user:
111
-
112
- its('home') { should eq '/root' }
113
-
114
- ### maxdays
115
-
116
- The `maxdays` matcher tests the maximum number of days between password changes:
117
-
118
- its('maxdays') { should eq 99 }
119
-
120
- where `99` represents the maximum number of days.
121
-
122
- ### mindays
123
-
124
- The `mindays` matcher tests the minimum number of days between password changes:
125
-
126
- its('mindays') { should eq 0 }
127
-
128
- where `0` represents the maximum number of days.
129
-
130
- ### shell
131
-
132
- The `shell` matcher tests the path to the default shell for the user:
133
-
134
- its('shell') { should eq '/bin/bash' }
135
-
136
- ### uid
137
-
138
- The `uid` matcher tests the user identifier:
139
-
140
- its('uid') { should eq 1234 }
141
-
142
- where `1234` represents the user identifier.
143
-
144
- ### warndays
145
-
146
- The `warndays` matcher tests the number of days a user is warned before a password must be changed:
147
-
148
- its('warndays') { should eq 5 }
149
-
150
- where `5` represents the number of days a user is warned.
@@ -1,137 +0,0 @@
1
- ---
2
- title: About the users Resource
3
- platform: os
4
- ---
5
-
6
- # users
7
-
8
- Use the `users` InSpec audit resource to look up all local users available on the system, and then test specific properties of those users. This resource does not return information about users that may be located on other systems, such as LDAP or Active Directory.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `users` resource block declares a user name, and then one (or more) matchers:
25
-
26
- describe users.where(uid: 0).entries do
27
- it { should eq ['root'] }
28
- its('uids') { should eq [1234] }
29
- its('gids') { should eq [1234] }
30
- end
31
-
32
- where
33
-
34
- * `gid`, `group`, `groups`, `home`, `maxdays`, `mindays`, `shell`, `uid`, and `warndays` are valid matchers for this resource
35
- * `where(uid: 0).entries` represents a filter that runs the test only against matching users
36
-
37
- For example:
38
-
39
- describe users.where { username =~ /.*/ } do
40
- it { should exist }
41
- end
42
-
43
- or:
44
-
45
- describe users.where { uid =~ /^S-1-5-[0-9-]+-501$/ } do
46
- it { should exist }
47
- end
48
-
49
- <br>
50
-
51
- ## Examples
52
-
53
- The following examples show how to use this InSpec audit resource.
54
-
55
- ### Use a regular expression to find users
56
-
57
- describe users.where { uid =~ /S\-1\-5\-21\-\d+\-\d+\-\d+\-500/ } do
58
- it { should exist }
59
- end
60
-
61
- <br>
62
-
63
- ## Matchers
64
-
65
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
66
-
67
- ### exist
68
-
69
- The `exist` matcher tests if the named user exists:
70
-
71
- it { should exist }
72
-
73
- ### gid
74
-
75
- The `gid` matcher tests the group identifier:
76
-
77
- its('gid') { should eq 1234 } }
78
-
79
- where `1234` represents the user identifier.
80
-
81
- ### group
82
-
83
- The `group` matcher tests the group to which the user belongs:
84
-
85
- its('group') { should eq 'root' }
86
-
87
- where `root` represents the group.
88
-
89
- ### groups
90
-
91
- The `groups` matcher tests two (or more) groups to which the user belongs:
92
-
93
- its('groups') { should eq ['root', 'other']}
94
-
95
- ### home
96
-
97
- The `home` matcher tests the home directory path for the user:
98
-
99
- its('home') { should eq '/root' }
100
-
101
- ### maxdays
102
-
103
- The `maxdays` matcher tests the maximum number of days between password changes:
104
-
105
- its('maxdays') { should eq 99 }
106
-
107
- where `99` represents the maximum number of days.
108
-
109
- ### mindays
110
-
111
- The `mindays` matcher tests the minimum number of days between password changes:
112
-
113
- its('mindays') { should eq 0 }
114
-
115
- where `0` represents the maximum number of days.
116
-
117
- ### shell
118
-
119
- The `shell` matcher tests the path to the default shell for the user:
120
-
121
- its('shells') { should eq ['/bin/bash'] }
122
-
123
- ### uid
124
-
125
- The `uid` matcher tests the user identifier:
126
-
127
- its('uid') { should eq 1234 } }
128
-
129
- where `1234` represents the user identifier.
130
-
131
- ### warndays
132
-
133
- The `warndays` matcher tests the number of days a user is warned before a password must be changed:
134
-
135
- its('warndays') { should eq 5 }
136
-
137
- where `5` represents the number of days a user is warned.