inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,65 +0,0 @@
1
- ---
2
- title: About the vbscript Resource
3
- platform: windows
4
- ---
5
-
6
- # vbscript
7
-
8
- Use the `vbscript` InSpec audit resource to test a VBScript on the Windows platform.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `vbscript` resource block tests the output of a VBScript on the Windows platform:
25
-
26
- describe vbscript('script contents') do
27
- its('stdout') { should eq 'output' }
28
- end
29
-
30
- where
31
-
32
- * `'script_name'` is the name of the VBScript to test
33
- * `('output')` is the expected output of the VBScript
34
-
35
- <br>
36
-
37
- ## Examples
38
-
39
- The following examples show how to use this InSpec audit resource.
40
-
41
- ### Test a VBScript
42
-
43
- A VBScript file similar to:
44
-
45
- script = <<-EOH
46
- WScript.Echo "hello"
47
- EOH
48
-
49
- may be tested for multiple lines:
50
-
51
- describe vbscript(script) do
52
- its('stdout') { should eq "hello\r\n" }
53
- end
54
-
55
- and tested for whitespace removal from standard output:
56
-
57
- describe vbscript(script) do
58
- its('strip') { should eq "hello" }
59
- end
60
-
61
- <br>
62
-
63
- ## Matchers
64
-
65
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,67 +0,0 @@
1
- ---
2
- title: About the virtualization Resource
3
- platform: linux
4
- ---
5
-
6
- # virtualization
7
-
8
- Use the `virtualization` InSpec audit resource to test the virtualization platform on which the system is running.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.28.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An `virtualization` resource block declares the virtualization platform that should be tested:
25
-
26
- describe virtualization do
27
- its('system') { should MATCHER 'value' }
28
- end
29
-
30
- where
31
-
32
- * `('system')` is the name of the system information of the virtualization platform (e.g. docker, lxc, vbox, kvm, etc)
33
- * `MATCHER` is a valid matcher for this resource
34
- * `'value'` is the value to be tested
35
-
36
- <br>
37
-
38
- ## Examples
39
-
40
- The following examples show how to use this InSpec audit resource.
41
-
42
- ### Test for Docker
43
-
44
- describe virtualization do
45
- its('system') { should eq 'docker' }
46
- end
47
-
48
- ### Test for VirtualBox
49
-
50
- describe virtualization do
51
- its('system') { should eq 'vbox' }
52
- its('role') { should eq 'guest' }
53
- end
54
-
55
- ### Detect the virtualization platform
56
-
57
- if virtualization.system == 'vbox'
58
- describe package('name') do
59
- it { should be_installed }
60
- end
61
- end
62
-
63
- <br>
64
-
65
- ## Matchers
66
-
67
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,69 +0,0 @@
1
- ---
2
- title: About the windows_feature Resource
3
- platform: windows
4
- ---
5
-
6
- # windows_feature
7
-
8
- Use the `windows_feature` InSpec audit resource to test features on Windows via the `Get-WindowsFeature` cmdlet.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `windows_feature` resource block declares the name of the Windows feature, tests if that feature is installed, and then returns information about that feature:
25
-
26
- describe windows_feature('feature_name') do
27
- it { should be_installed }
28
- end
29
-
30
- where
31
-
32
- * `('feature_name')` must specify a Windows feature name, such as `DHCP Server` or `IIS-Webserver`
33
- * `be_installed` is a valid matcher for this resource
34
-
35
- <br>
36
-
37
- ## Examples
38
-
39
- The following examples show how to use this InSpec audit resource.
40
-
41
- ### Test the DHCP feature (Attempts PowerShell then DISM)
42
-
43
- describe windows_feature('DHCP') do
44
- it{ should be_installed }
45
- end
46
-
47
- ### Test the IIS-WebServer feature using DISM
48
-
49
- describe windows_feature('IIS-WebServer', DISM) do
50
- it{ should be_installed }
51
- end
52
-
53
- ### Test the NetFx3 feature using DISM
54
-
55
- describe windows_feature('NetFx3', :dism) do
56
- it{ should be_installed }
57
- end
58
-
59
- <br>
60
-
61
- ## Matchers
62
-
63
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
64
-
65
- ### be_installed
66
-
67
- The `be_installed` matcher tests if the named Windows feature is installed:
68
-
69
- it { should be_installed }
@@ -1,63 +0,0 @@
1
- ---
2
- title: About the windows_hotfix Resource
3
- platform: windows
4
- ---
5
-
6
- # windows_hotfix
7
-
8
- Use the `windows_hotfix` InSpec audit resource to test if the hotfix has been installed on a Windows system.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.39.1 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `windows_hotfix` resource block declares a hotfix to validate:
25
-
26
- describe windows_hotfix('name') do
27
- it { should be_installed }
28
- end
29
-
30
- where
31
-
32
- * `('name')` must specify the name of a hotfix, such as `'KB4012213'`
33
- * `be_installed` is a valid matcher for this resource
34
-
35
- <br>
36
-
37
- ## Examples
38
-
39
- The following examples show how to use this InSpec audit resource.
40
-
41
- ### Test if KB4012213 is installed
42
-
43
- describe windows_hotfix('KB4012213') do
44
- it { should be_installed }
45
- end
46
-
47
- ### Test that a hotfix is not installed
48
-
49
- describe windows_hotfix('KB9999999') do
50
- it { should_not be_installed }
51
- end
52
-
53
- <br>
54
-
55
- ## Matchers
56
-
57
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
58
-
59
- ### be_installed
60
-
61
- The `be_installed` matcher tests if the named hotfix is installed on the system:
62
-
63
- it { should be_installed }
@@ -1,95 +0,0 @@
1
- ---
2
- title: About the windows_task Resource
3
- platform: windows
4
- ---
5
-
6
- # windows_task
7
-
8
- Use the `windows_task` InSpec audit resource to test a scheduled tasks configuration on a Windows platform.
9
- Microsoft and application vendors use scheduled tasks to perform a variety of system maintenance tasks but system administrators can schedule their own.
10
-
11
- <br>
12
-
13
- ## Availability
14
-
15
- ### Installation
16
-
17
- This resource is distributed along with InSpec itself. You can use it automatically.
18
-
19
- ### Version
20
-
21
- This resource first became available in v1.10.0 of InSpec.
22
-
23
- ## Syntax
24
-
25
- A `windows_task` resource block declares the name of the task (as its full path) and tests its configuration:
26
-
27
- describe windows_task('task name uri') do
28
- its('parameter') { should eq 'value' }
29
- it { should be_enabled }
30
- end
31
-
32
- where
33
-
34
- * `'parameter'` must be a valid parameter defined within this resource ie `logon_mode`, `last_result`, `task_to_run`, `run_as_user`
35
- * `'value'` will be used to compare the value gather from your chosen parameter
36
- * `'be_enabled'` is an example of a valid matcher that checks the state of a task, other examples are `exist` or `be_disabled`
37
-
38
- <br>
39
-
40
- ## Examples
41
-
42
- The following examples show how to use this InSpec resource.
43
-
44
- ### Tests that a task is enabled
45
-
46
- describe windows_task('\Microsoft\Windows\Time Synchronization\SynchronizeTime') do
47
- it { should be_enabled }
48
- end
49
-
50
- ### Tests that a task is disabled
51
-
52
- describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
53
- it { should be_disabled }
54
- end
55
-
56
- ### Tests the configuration parameters of a task
57
-
58
- describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
59
- its('logon_mode') { should eq 'Interactive/Background' }
60
- its('last_result') { should eq '1' }
61
- its('task_to_run') { should cmp '%Windir%\system32\appidpolicyconverter.exe' }
62
- its('run_as_user') { should eq 'LOCAL SERVICE' }
63
- end
64
-
65
- ### Tests that a task is defined
66
-
67
- describe windows_task('\Microsoft\Windows\Defrag\ScheduledDefrag') do
68
- it { should exist }
69
- end
70
-
71
- ## Gathering Tasknames
72
-
73
- Rather then use the GUI you can use the `schtasks.exe` to output a full list of tasks available on the system
74
-
75
- `schtasks /query /FO list`
76
-
77
- rather than use the `list` output you can use `CSV` if it is easier.
78
-
79
- Please make sure you use the full TaskName (include the prefix `\`) within your control
80
-
81
- C:\>schtasks /query /FO list
82
- ...
83
- Folder: \Microsoft\Windows\Diagnosis
84
- HostName: XPS15
85
- TaskName: \Microsoft\Windows\Diagnosis\Scheduled
86
- Next Run Time: N/A
87
- Status: Ready
88
- Logon Mode: Interactive/Background
89
- ...
90
-
91
- <br>
92
-
93
- ## Matchers
94
-
95
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
@@ -1,91 +0,0 @@
1
- ---
2
- title: About the wmi Resource
3
- platform: windows
4
- ---
5
-
6
- # wmi
7
-
8
- Use the `wmi` InSpec audit resource to test WMI settings on the Windows platform.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `wmi` resource block tests WMI settings on the Windows platform:
25
-
26
- describe wmi({
27
- class: 'class_name'
28
- namespace: 'path\\to\\setting'
29
- filter: 'filter'
30
- query: 'query'
31
- }) do
32
- its('setting_name') { should eq '' }
33
- end
34
-
35
- where
36
-
37
- * `class`, `namespace`, `filter`, and `query` comprise a Ruby Hash of the WMI object
38
- * `('class')` is the WMI class to which the setting belongs, such as `win32_service`
39
- * `('namespace')` is path to that object, such as `root\\cimv2`
40
- * Use `('filter')` fine-tune the information defined by the WMI class, such as to find a specific service (`filter: "name like '%winrm%'")`, to find a specific setting (`filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'`), and so on
41
- * Use `('query')` to run a query that returns data to be tested, such as `"SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"`
42
- * `('setting_name')` is a setting in the WMI object to be tested, and then `should eq ''` is the expected value for that setting
43
-
44
- For example, both of the following tests will verify if WinRM is present on the target node. The first tests if WinRM belongs to the list of services running under the `win32_service` class:
45
-
46
- describe wmi({class: 'win32_service'}) do
47
- its('DisplayName') { should include 'Windows Remote Management (WS-Management)'}
48
- end
49
-
50
- and the second uses a filter in the Ruby Hash to first identify WinRM, and then perform additional tests:
51
-
52
- describe wmi({
53
- class: 'win32_service',
54
- filter: "name like '%winrm%'"
55
- }) do
56
- its('Status') { should cmp 'ok' }
57
- its('State') { should cmp 'Running' }
58
- its('ExitCode') { should cmp 0 }
59
- its('DisplayName') { should eq 'Windows Remote Management (WS-Management)'}
60
- end
61
-
62
- <br>
63
-
64
- ## Examples
65
-
66
- The following examples show how to use this InSpec audit resource.
67
-
68
- ### Test a password expiration policy
69
-
70
- describe wmi({
71
- class: 'RSOP_SecuritySettingNumeric',
72
- namespace: 'root\\rsop\\computer',
73
- filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
74
- }) do
75
- its('Setting') { should eq 1 }
76
- end
77
-
78
- ### Test if an anonymous user can query the Local Security Authority (LSA)
79
-
80
- describe wmi({
81
- namespace: 'root\rsop\computer',
82
- query: "SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"
83
- }) do
84
- its('Setting') { should eq false }
85
- end
86
-
87
- <br>
88
-
89
- ## Matchers
90
-
91
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).