inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,161 +0,0 @@
1
- ---
2
- title: The x509_certificate Resource
3
- platform: os
4
- ---
5
-
6
- # x509_certificate
7
-
8
- Use the `x509_certificate` InSpec audit resource to test the fields and validity of an x.509 certificate.
9
-
10
- X.509 certificates use public/private key pairs to sign and encrypt documents
11
- or communications over a network. They may also be used for authentication.
12
-
13
- Examples include SSL certificates, S/MIME certificates and VPN authentication
14
- certificates.
15
-
16
- <br>
17
-
18
- ## Availability
19
-
20
- ### Installation
21
-
22
- This resource is distributed along with InSpec itself. You can use it automatically.
23
-
24
- ### Version
25
-
26
- This resource first became available in v1.18.0 of InSpec.
27
-
28
- ## Syntax
29
-
30
- An `x509_certificate` resource block declares a certificate `key file` to be tested.
31
-
32
- describe x509_certificate('mycertificate.pem') do
33
- its('validity_in_days') { should be > 30 }
34
- end
35
-
36
- <br>
37
-
38
- ## Properties
39
-
40
- ### subject.XX
41
-
42
- `subject` property makes it easier to access individual subject elements.
43
-
44
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
45
- its('subject.CN') { should eq "www.mywebsite.com" }
46
- end
47
-
48
- ### subject_dn (String)
49
-
50
- The `subject_dn` string returns the distinguished name of the subject field. It contains several fields separated by forward slashes. The field identifiers are the same ones used by OpenSSL to generate CSR's and certs. Use `subject.XX` instead to access the parsed version.
51
-
52
- e.g. `/C=US/L=Seattle/O=Chef Software Inc/OU=Chefs/CN=Richard Nixon`
53
-
54
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
55
- its('subject_dn') { should match "CN=www.mywebsite.com" }
56
- end
57
-
58
- ### issuer.XX
59
-
60
- `issuer` makes it easier to access individual issuer elements.
61
-
62
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
63
- its('issuer.CN') { should eq "Acme Trust CA" }
64
- end
65
-
66
- ### issuer_dn (String)
67
-
68
- The `issuer_dn` is the distinguished name from a CA (certificate authority) during the
69
- certificate signing process. It describes which authority is guaranteeing the
70
- identity of our certificate.
71
-
72
- e.g. `/C=US/L=Seattle/CN=Acme Trust CA/emailAddress=support@acmetrust.org`
73
-
74
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
75
- its('issuer_cn') { should match "CN=Acme Trust CA" }
76
- end
77
-
78
- ### public_key (String)
79
-
80
- The `public_key` property returns a base64 encoded public key in PEM format.
81
-
82
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
83
- its('public_key') { should match "-----BEGIN PUBLIC KEY-----\nblah blah blah..." }
84
- end
85
-
86
- ### key_length (Integer)
87
-
88
- The `key_length` property calculates the number of bits in the public key.
89
- More bits increase security, but at the cost of speed and in extreme cases, compatibility.
90
-
91
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
92
- its('key_length') { should be 2048 }
93
- end
94
-
95
- ### signature_algorithm (String)
96
-
97
- The `signature_algorithm` property describes which hash function was used by the CA to
98
- sign the certificate.
99
-
100
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
101
- its('signature_algorithm') { should be 'sha256WithRSAEncryption' }
102
- end
103
-
104
-
105
- ### validity\_in\_days (Float)
106
-
107
- The `validity_in_days` property can be used to check that certificates are not in
108
- danger of expiring soon.
109
-
110
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
111
- its('validity_in_days') { should be > 30 }
112
- end
113
-
114
- ### not\_before and not\_after (Time)
115
-
116
- The `not_before` and `not_after` properties expose the start and end dates of certificate
117
- validity. They are exposed as ruby Time class so that date arithmetic can be easily performed.
118
-
119
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
120
- its('not_before') { should be <= Time.utc.now }
121
- its('not_after') { should be >= Time.utc.now }
122
- end
123
-
124
- ### serial (Integer)
125
-
126
- The `serial` property exposes the serial number of the certificate. The serial number is set by the CA during the signing process and should be unique within that CA.
127
-
128
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
129
- its('serial') { should eq 9623283588743302433 }
130
- end
131
-
132
- ### version (Integer)
133
-
134
- The `version` property exposes the certificate version.
135
-
136
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
137
- its('version') { should eq 2 }
138
- end
139
-
140
- ### extensions (Hash)
141
-
142
- The `extensions` hash property is mainly used to determine what the certificate can be used for.
143
-
144
- describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
145
- # Check what extension categories we have
146
- its('extensions') { should include 'keyUsage' }
147
- its('extensions') { should include 'extendedKeyUsage' }
148
- its('extensions') { should include 'subjectAltName' }
149
-
150
- # Check examples of basic 'keyUsage'
151
- its('extensions.keyUsage') { should include 'Digital Signature' }
152
- its('extensions.keyUsage') { should include 'Non Repudiation' }
153
- its('extensions.keyUsage') { should include 'Data Encipherment' }
154
-
155
- # Check examples of newer 'extendedKeyUsage'
156
- its('extensions.extendedKeyUsage') { should include 'TLS Web Server Authentication' }
157
- its('extensions.extendedKeyUsage') { should include 'Code Signing' }
158
-
159
- # Check examples of 'subjectAltName'
160
- its('extensions.subjectAltName') { should include 'email:support@chef.io' }
161
- end
@@ -1,166 +0,0 @@
1
- ---
2
- title: About the xinetd_conf Resource
3
- platform: linux
4
- ---
5
-
6
- # xinetd_conf
7
-
8
- Use the `xinetd_conf` InSpec audit resource to test services under `/etc/xinet.d` on Linux and Unix platforms. xinetd---the extended Internet service daemon---listens on all ports, and then loads the appropriate program based on a request. The `xinetd.conf` file is typically located at `/etc/xinetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An `xinetd_conf` resource block declares settings found in a `xinetd.conf` file for the named service:
25
-
26
- describe xinetd_conf.services('service_name') do
27
- it { should be_enabled } # or be_disabled
28
- its('setting') { should eq 'value' }
29
- end
30
-
31
- where
32
-
33
- * `'service_name'` is a service located under `/etc/xinet.d`
34
- * `('setting')` is a setting in the `xinetd.conf` file
35
- * `should eq 'value'` is the value that is expected
36
-
37
- <br>
38
-
39
- ## Examples
40
-
41
- The following examples show how to use this InSpec audit resource.
42
-
43
- ### Test a socket_type
44
-
45
- The network socket type: `dgram` (a datagram-based service), `raw` (a service that requires direct access to an IP address), `stream` (a stream-based service), or `seqpacket` (a service that requires a sequenced packet).
46
-
47
- describe xinetd_conf.services('service_name') do
48
- its('socket_types') { should include 'dgram' }
49
- end
50
-
51
- ### Test a service type
52
-
53
- The type of service: `INTERNAL` (a service provided by xinetd), `RPC` (an RPC-based service), `TCPMUX` (a service that is started on a well-known TCPMUX port), or `UNLISTED` (a service that is not listed in a standard system file location).
54
-
55
- describe xinetd_conf.services('service_name') do
56
- its('type') { should include 'RPC' }
57
- end
58
-
59
- ### Test the telnet service
60
-
61
- For example, a `telnet` file under `/etc/xinet.d` contains the following settings:
62
-
63
- service telnet
64
- {
65
- disable = yes
66
- flags = REUSE
67
- socket_type = stream
68
- wait = no
69
- user = root
70
- server = /usr/sbin/in.telnetd
71
- log_on_failure += USERID
72
- }
73
-
74
- Some examples of tests that can be run against that file include:
75
-
76
- describe xinetd_conf.services('telnet') do
77
- it { should be_disabled }
78
- end
79
-
80
- and
81
-
82
- describe xinetd_conf.services('telnet') do
83
- its('socket_type') { should include 'stream' }
84
- end
85
-
86
- and
87
-
88
- describe xinetd_conf.services('telnet') do
89
- its('wait') { should eq 'no' }
90
- end
91
-
92
- All three settings can be tested in the same block as well:
93
-
94
- describe xinetd_conf.services('telnet') do
95
- it { should be_disabled }
96
- its('socket_type') { should include 'stream' }
97
- its('wait') { should eq 'no' }
98
- end
99
-
100
- <br>
101
-
102
- ## Matchers
103
-
104
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
105
-
106
- ### be_enabled
107
-
108
- The `be_enabled` matcher tests if a service listed under `/etc/xinet.d` is enabled:
109
-
110
- it { should be_enabled }
111
-
112
- ### ids
113
-
114
- The `ids` matcher tests if the named service is located under `/etc/xinet.d`:
115
-
116
- its('ids') { should include 'service_name' }
117
-
118
- For example:
119
-
120
- its('ids') { should include 'chargen-stream chargen-dgram'}
121
-
122
- ### services
123
-
124
- The `services` matcher tests if the named service is listed under `/etc/xinet.d`:
125
-
126
- its('services') { should include 'service_name' }
127
-
128
- ### socket_types
129
-
130
- The `socket_types` matcher tests if a service listed under `/etc/xinet.d` is configured to use the named socket type:
131
-
132
- its('socket_types') { should eq 'socket' }
133
-
134
- where `socket` is one of `dgram`, `raw`, or `stream`. For a UDP-based service:
135
-
136
- its('socket_types') { should eq 'dgram' }
137
-
138
- For a raw socket (such as a service using a non-standard protocol or a service that requires direct access to IP):
139
-
140
- its('socket_types') { should eq 'raw' }
141
-
142
- For a TCP-based service:
143
-
144
- its('socket_types') { should eq 'stream' }
145
-
146
- ### types
147
-
148
- The `types` matcher tests the service type:
149
-
150
- its('type') { should eq 'TYPE' }
151
-
152
- where `'TYPE'` is `INTERNAL` (for a service provided by xinetd), `RPC` (for a service based on remote procedure call), or `UNLISTED` (for services not under `/etc/services` or `/etc/rpc`).
153
-
154
- ### wait
155
-
156
- The `wait` matcher tests how a service handles incoming connections.
157
-
158
- For UDP (`dgram`) socket types the `wait` matcher should test for `yes`:
159
-
160
- its('socket_types') { should eq 'dgram' }
161
- its('wait') { should eq 'yes' }
162
-
163
- For TCP (`stream`) socket types the `wait` matcher should test for `no`:
164
-
165
- its('socket_types') { should eq 'stream' }
166
- its('wait') { should eq 'no' }
@@ -1,95 +0,0 @@
1
- ---
2
- title: About the xml Resource
3
- platform: os
4
- ---
5
-
6
- # xml
7
-
8
- Use the `xml` InSpec audit resource to test data in an XML file.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.37.6 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An `xml` resource block declares the data to be tested. Assume the following XML file:
25
-
26
- <root>
27
- <name>hello</name>
28
- <meta>
29
- <creator>John Doe</creator>
30
- </meta>
31
- <array>
32
- <element>one</element>
33
- <element>two</element>
34
- </array>
35
- <array>
36
- <element value="one"></element>
37
- <element value="two"></element>
38
- </array>
39
- </root>
40
-
41
- This file can be queried for elements using:
42
-
43
- describe xml('/path/to/name.xml') do
44
- its('root/name') { should eq ['hello'] }
45
- its('root/meta/creator') { should eq ['John Doe'] }
46
- its('root/array[2]/element') { should eq ['two'] }
47
- end
48
-
49
- This file can be queried for attributes using:
50
-
51
- describe xml('/path/to/name.xml') do
52
- its('root/array[2]/element/@value') { should eq ['one', 'two'] }
53
- its('root/array[2]/element/attribute::value') { should eq ['one', 'two'] }
54
- its('root/array[2]/element[2]/attribute::value') { should eq ['two'] }
55
- end
56
-
57
- where
58
-
59
- * `root/name` and `root/array[2]/element/@value` is an XPath expression
60
- * `should eq ['foo']` tests a value of `root/name` as read from an XML file versus the value declared in the test
61
-
62
- In the above example, you see the use of `@` and `attribute::` which are both methods of fetching attributes.
63
-
64
- In the event the path contains an element which contains periods, the alternate syntax can be used:
65
-
66
- its(['root/name.with.a.period']) { should cmp 'so_many_dots' }
67
-
68
- <br>
69
-
70
- ## Examples
71
-
72
- The following examples show how to use this InSpec audit resource.
73
-
74
- ### Test an AppPool's presence in an applicationHost.config file or the default site under applicationHost.sites
75
-
76
- describe xml('applicationHost.config') do
77
- # using the alternate syntax as described above because of the . in the key name
78
- its(['configuration/system.applicationHost/applicationPools/add@name']) { should contain('my_pool') }
79
- end
80
-
81
- describe xml('applicationHost.sites') do
82
- its('site[@name="Default Web Site"]/application/virtualDirectory/@path') { should eq ['/'] }
83
- end
84
-
85
- <br>
86
-
87
- ## Matchers
88
-
89
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
90
-
91
- ### name
92
-
93
- The `name` matcher tests the value of `name` as read from a JSON file versus the value declared in the test:
94
-
95
- its('name') { should eq 'foo' }
@@ -1,79 +0,0 @@
1
- ---
2
- title: About the yaml Resource
3
- platform: os
4
- ---
5
-
6
- # yaml
7
-
8
- Use the `yaml` InSpec audit resource to test configuration data in a Yaml file.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v1.0.0 of InSpec.
21
-
22
- ## Syntax
23
-
24
- A `yaml` resource block declares the configuration data to be tested. Assume the following Yaml file:
25
-
26
- name: foo
27
- array:
28
- - zero
29
- - one
30
-
31
- This file can be queried using:
32
-
33
- describe yaml('filename.yml') do
34
- its('name') { should eq 'foo' }
35
- its(['array', 1]) { should eq 'one' }
36
- end
37
-
38
- where
39
-
40
- * `name` is a configuration setting in a Yaml file
41
- * `should eq 'foo'` tests a value of `name` as read from a Yaml file versus the value declared in the test
42
-
43
- Like the `json` resource, the `yaml` resource can read a file, run a command, or accept content inline:
44
-
45
- describe yaml('config.yaml') do
46
- its(['driver', 'name']) { should eq 'vagrant' }
47
- end
48
-
49
- describe yaml({ command: 'retrieve_data.py --yaml' }) do
50
- its('state') { should eq 'open' }
51
- end
52
-
53
- describe yaml({ content: "\"key1: value1\nkey2: value2\"" }) do
54
- its('key2') { should cmp 'value2' }
55
- end
56
-
57
- <br>
58
-
59
- ## Examples
60
-
61
- The following examples show how to use this InSpec audit resource.
62
-
63
- ### Test a kitchen.yml file driver
64
-
65
- describe yaml('.kitchen.yaml') do
66
- its(['driver','name']) { should eq('vagrant') }
67
- end
68
-
69
- <br>
70
-
71
- ## Matchers
72
-
73
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
74
-
75
- ### name
76
-
77
- The `name` matcher tests the value of `name` as read from a Yaml file versus the value declared in the test:
78
-
79
- its('name') { should eq 'foo' }