inspec 3.7.1 → 3.7.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +7 -2
- data/lib/inspec/config.rb +12 -0
- data/lib/inspec/shell.rb +2 -15
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-habitat/Berksfile +5 -0
- data/lib/plugins/inspec-habitat/README.md +150 -0
- data/lib/plugins/inspec-habitat/kitchen.yml +28 -0
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +9 -9
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +164 -280
- data/lib/plugins/inspec-habitat/templates/habitat/config/inspec_exec_config.json.erb +25 -0
- data/lib/plugins/inspec-habitat/templates/habitat/default.toml.erb +9 -0
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +32 -0
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +85 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +2 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/files/hab_setup.exp +28 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +9 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +61 -0
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +38 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +40 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +7 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +188 -132
- data/lib/plugins/inspec-init/templates/profiles/azure/README.md +56 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +15 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/inspec.yml +14 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/libraries/.gitkeep +0 -0
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +12 -0
- data/lib/resources/aide_conf.rb +2 -2
- data/lib/resources/apache.rb +2 -2
- data/lib/resources/apache_conf.rb +2 -2
- data/lib/resources/apt.rb +2 -2
- data/lib/resources/audit_policy.rb +2 -2
- data/lib/resources/auditd.rb +2 -2
- data/lib/resources/auditd_conf.rb +2 -2
- data/lib/resources/aws/aws_billing_report.rb +3 -2
- data/lib/resources/aws/aws_billing_reports.rb +11 -10
- data/lib/resources/aws/aws_cloudtrail_trail.rb +2 -2
- data/lib/resources/aws/aws_cloudtrail_trails.rb +2 -2
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +9 -9
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +18 -18
- data/lib/resources/aws/aws_config_delivery_channel.rb +2 -2
- data/lib/resources/aws/aws_config_recorder.rb +2 -2
- data/lib/resources/aws/aws_ebs_volume.rb +2 -2
- data/lib/resources/aws/aws_ebs_volumes.rb +2 -2
- data/lib/resources/aws/aws_ec2_instance.rb +2 -2
- data/lib/resources/aws/aws_ec2_instances.rb +2 -2
- data/lib/resources/aws/aws_ecs_cluster.rb +2 -2
- data/lib/resources/aws/aws_eks_cluster.rb +2 -2
- data/lib/resources/aws/aws_elb.rb +2 -2
- data/lib/resources/aws/aws_elbs.rb +2 -2
- data/lib/resources/aws/aws_flow_log.rb +2 -2
- data/lib/resources/aws/aws_iam_access_key.rb +2 -2
- data/lib/resources/aws/aws_iam_access_keys.rb +2 -2
- data/lib/resources/aws/aws_iam_group.rb +2 -2
- data/lib/resources/aws/aws_iam_groups.rb +2 -2
- data/lib/resources/aws/aws_iam_password_policy.rb +2 -2
- data/lib/resources/aws/aws_iam_policies.rb +2 -2
- data/lib/resources/aws/aws_iam_policy.rb +2 -2
- data/lib/resources/aws/aws_iam_role.rb +2 -2
- data/lib/resources/aws/aws_iam_root_user.rb +2 -2
- data/lib/resources/aws/aws_iam_user.rb +2 -2
- data/lib/resources/aws/aws_iam_users.rb +2 -2
- data/lib/resources/aws/aws_kms_key.rb +2 -2
- data/lib/resources/aws/aws_kms_keys.rb +2 -2
- data/lib/resources/aws/aws_rds_instance.rb +2 -2
- data/lib/resources/aws/aws_route_table.rb +2 -2
- data/lib/resources/aws/aws_route_tables.rb +2 -2
- data/lib/resources/aws/aws_s3_bucket.rb +2 -2
- data/lib/resources/aws/aws_s3_bucket_object.rb +2 -2
- data/lib/resources/aws/aws_s3_buckets.rb +2 -2
- data/lib/resources/aws/aws_security_group.rb +5 -5
- data/lib/resources/aws/aws_security_groups.rb +2 -2
- data/lib/resources/aws/aws_sns_subscription.rb +2 -2
- data/lib/resources/aws/aws_sns_topic.rb +2 -2
- data/lib/resources/aws/aws_sns_topics.rb +2 -2
- data/lib/resources/aws/aws_sqs_queue.rb +2 -2
- data/lib/resources/aws/aws_subnet.rb +2 -2
- data/lib/resources/aws/aws_subnets.rb +2 -2
- data/lib/resources/aws/aws_vpc.rb +2 -2
- data/lib/resources/aws/aws_vpcs.rb +2 -2
- data/lib/resources/bash.rb +2 -2
- data/lib/resources/bond.rb +2 -2
- data/lib/resources/bridge.rb +2 -2
- data/lib/resources/chocolatey_package.rb +2 -2
- data/lib/resources/command.rb +2 -2
- data/lib/resources/cpan.rb +2 -2
- data/lib/resources/cran.rb +2 -2
- data/lib/resources/crontab.rb +2 -2
- data/lib/resources/csv.rb +2 -2
- data/lib/resources/dh_params.rb +2 -2
- data/lib/resources/directory.rb +2 -2
- data/lib/resources/docker.rb +2 -2
- data/lib/resources/docker_container.rb +2 -2
- data/lib/resources/docker_image.rb +2 -2
- data/lib/resources/docker_plugin.rb +2 -2
- data/lib/resources/docker_service.rb +2 -2
- data/lib/resources/elasticsearch.rb +2 -2
- data/lib/resources/etc_fstab.rb +2 -2
- data/lib/resources/etc_group.rb +2 -2
- data/lib/resources/etc_hosts.rb +2 -2
- data/lib/resources/etc_hosts_allow_deny.rb +4 -4
- data/lib/resources/file.rb +2 -2
- data/lib/resources/filesystem.rb +2 -2
- data/lib/resources/firewalld.rb +2 -2
- data/lib/resources/gem.rb +2 -2
- data/lib/resources/groups.rb +4 -4
- data/lib/resources/grub_conf.rb +2 -2
- data/lib/resources/host.rb +2 -2
- data/lib/resources/http.rb +25 -5
- data/lib/resources/iis_app.rb +2 -2
- data/lib/resources/iis_app_pool.rb +6 -3
- data/lib/resources/iis_site.rb +4 -4
- data/lib/resources/inetd_conf.rb +2 -2
- data/lib/resources/ini.rb +2 -2
- data/lib/resources/interface.rb +2 -2
- data/lib/resources/iptables.rb +2 -2
- data/lib/resources/json.rb +2 -3
- data/lib/resources/kernel_module.rb +17 -18
- data/lib/resources/kernel_parameter.rb +2 -2
- data/lib/resources/key_rsa.rb +2 -2
- data/lib/resources/ksh.rb +2 -2
- data/lib/resources/limits_conf.rb +2 -2
- data/lib/resources/login_def.rb +2 -2
- data/lib/resources/mount.rb +2 -2
- data/lib/resources/mssql_session.rb +2 -2
- data/lib/resources/mysql_conf.rb +2 -2
- data/lib/resources/mysql_session.rb +2 -2
- data/lib/resources/nginx.rb +2 -2
- data/lib/resources/nginx_conf.rb +2 -2
- data/lib/resources/npm.rb +2 -2
- data/lib/resources/ntp_conf.rb +2 -2
- data/lib/resources/oneget.rb +2 -2
- data/lib/resources/oracledb_session.rb +2 -2
- data/lib/resources/os.rb +2 -2
- data/lib/resources/os_env.rb +2 -2
- data/lib/resources/package.rb +2 -2
- data/lib/resources/packages.rb +2 -2
- data/lib/resources/parse_config.rb +4 -4
- data/lib/resources/passwd.rb +2 -2
- data/lib/resources/pip.rb +2 -2
- data/lib/resources/platform.rb +2 -2
- data/lib/resources/port.rb +2 -2
- data/lib/resources/postgres_conf.rb +2 -2
- data/lib/resources/postgres_hba_conf.rb +2 -2
- data/lib/resources/postgres_ident_conf.rb +2 -2
- data/lib/resources/postgres_session.rb +2 -2
- data/lib/resources/powershell.rb +2 -2
- data/lib/resources/processes.rb +2 -2
- data/lib/resources/rabbitmq_conf.rb +2 -2
- data/lib/resources/registry_key.rb +2 -2
- data/lib/resources/security_identifier.rb +2 -2
- data/lib/resources/security_policy.rb +2 -2
- data/lib/resources/service.rb +14 -14
- data/lib/resources/shadow.rb +2 -2
- data/lib/resources/ssh_conf.rb +4 -4
- data/lib/resources/ssl.rb +2 -2
- data/lib/resources/sys_info.rb +2 -2
- data/lib/resources/toml.rb +2 -2
- data/lib/resources/users.rb +4 -4
- data/lib/resources/vbscript.rb +2 -2
- data/lib/resources/virtualization.rb +2 -2
- data/lib/resources/windows_feature.rb +2 -2
- data/lib/resources/windows_hotfix.rb +2 -2
- data/lib/resources/windows_task.rb +2 -2
- data/lib/resources/wmi.rb +2 -2
- data/lib/resources/x509_certificate.rb +2 -2
- data/lib/resources/xinetd.rb +2 -2
- data/lib/resources/xml.rb +2 -2
- data/lib/resources/yaml.rb +2 -2
- data/lib/resources/yum.rb +2 -2
- data/lib/resources/zfs_dataset.rb +2 -2
- data/lib/resources/zfs_pool.rb +2 -2
- metadata +26 -4
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsEc2Instances < Inspec.resource(1)
|
|
2
2
|
name 'aws_ec2_instances'
|
|
3
3
|
desc 'Verifies settings for AWS EC2 Instances in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_ec2_instances do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -2,11 +2,11 @@ class AwsEcsCluster < Inspec.resource(1)
|
|
|
2
2
|
name 'aws_ecs_cluster'
|
|
3
3
|
desc 'Verifies settings for an ECS cluster'
|
|
4
4
|
|
|
5
|
-
example
|
|
5
|
+
example <<~EXAMPLE
|
|
6
6
|
describe aws_ecs_cluster('default') do
|
|
7
7
|
it { should exist }
|
|
8
8
|
end
|
|
9
|
-
|
|
9
|
+
EXAMPLE
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
12
12
|
include AwsSingularResourceMixin
|
|
@@ -2,11 +2,11 @@ class AwsEksCluster < Inspec.resource(1)
|
|
|
2
2
|
name 'aws_eks_cluster'
|
|
3
3
|
desc 'Verifies settings for an EKS cluster'
|
|
4
4
|
|
|
5
|
-
example
|
|
5
|
+
example <<~EXAMPLE
|
|
6
6
|
describe aws_eks_cluster('default') do
|
|
7
7
|
it { should exist }
|
|
8
8
|
end
|
|
9
|
-
|
|
9
|
+
EXAMPLE
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
12
12
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsElb < Inspec.resource(1)
|
|
2
2
|
name 'aws_elb'
|
|
3
3
|
desc 'Verifies settings for AWS Elastic Load Balancer'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_elb('myelb') do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsElbs < Inspec.resource(1)
|
|
2
2
|
name 'aws_elbs'
|
|
3
3
|
desc 'Verifies settings for AWS ELBs (classic Elastic Load Balancers) in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_elbs do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -2,11 +2,11 @@ class AwsFlowLog < Inspec.resource(1)
|
|
|
2
2
|
name 'aws_flow_log'
|
|
3
3
|
supports platform: 'aws'
|
|
4
4
|
desc 'This resource is used to test the attributes of a Flow Log.'
|
|
5
|
-
example <<~
|
|
5
|
+
example <<~EXAMPLE
|
|
6
6
|
describe aws_flow_log('fl-9c718cf5') do
|
|
7
7
|
it { should exist }
|
|
8
8
|
end
|
|
9
|
-
|
|
9
|
+
EXAMPLE
|
|
10
10
|
|
|
11
11
|
include AwsSingularResourceMixin
|
|
12
12
|
|
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
class AwsIamAccessKey < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_access_key'
|
|
3
3
|
desc 'Verifies settings for an individual IAM access key'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_access_key(username: 'username', id: 'access-key id') do
|
|
6
6
|
it { should exist }
|
|
7
7
|
it { should_not be_active }
|
|
8
8
|
its('create_date') { should be > Time.now - 365 * 86400 }
|
|
9
9
|
its('last_used_date') { should be > Time.now - 90 * 86400 }
|
|
10
10
|
end
|
|
11
|
-
|
|
11
|
+
EXAMPLE
|
|
12
12
|
supports platform: 'aws'
|
|
13
13
|
|
|
14
14
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsIamAccessKeys < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_access_keys'
|
|
3
3
|
desc 'Verifies settings for AWS IAM Access Keys in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_access_keys do
|
|
6
6
|
it { should_not exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsIamGroup < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_group'
|
|
3
3
|
desc 'Verifies settings for AWS IAM Group'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_group('mygroup') do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsIamGroups < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_groups'
|
|
3
3
|
desc 'Verifies settings for AWS IAM groups in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_groups do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -3,7 +3,7 @@ class AwsIamPasswordPolicy < Inspec.resource(1)
|
|
|
3
3
|
name 'aws_iam_password_policy'
|
|
4
4
|
desc 'Verifies iam password policy'
|
|
5
5
|
|
|
6
|
-
example
|
|
6
|
+
example <<~EXAMPLE
|
|
7
7
|
describe aws_iam_password_policy do
|
|
8
8
|
its('requires_lowercase_characters?') { should be true }
|
|
9
9
|
end
|
|
@@ -11,7 +11,7 @@ class AwsIamPasswordPolicy < Inspec.resource(1)
|
|
|
11
11
|
describe aws_iam_password_policy do
|
|
12
12
|
its('requires_uppercase_characters?') { should be true }
|
|
13
13
|
end
|
|
14
|
-
|
|
14
|
+
EXAMPLE
|
|
15
15
|
supports platform: 'aws'
|
|
16
16
|
|
|
17
17
|
# TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsIamPolicies < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_policies'
|
|
3
3
|
desc 'Verifies settings for AWS IAM Policies in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_policies do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -5,11 +5,11 @@ require 'uri'
|
|
|
5
5
|
class AwsIamPolicy < Inspec.resource(1)
|
|
6
6
|
name 'aws_iam_policy'
|
|
7
7
|
desc 'Verifies settings for individual AWS IAM Policy'
|
|
8
|
-
example
|
|
8
|
+
example <<~EXAMPLE
|
|
9
9
|
describe aws_iam_policy('AWSSupportAccess') do
|
|
10
10
|
it { should be_attached }
|
|
11
11
|
end
|
|
12
|
-
|
|
12
|
+
EXAMPLE
|
|
13
13
|
supports platform: 'aws'
|
|
14
14
|
|
|
15
15
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsIamRole < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_role'
|
|
3
3
|
desc 'Verifies settings for an IAM Role'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_role('my-role') do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsIamRootUser < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_root_user'
|
|
3
3
|
desc 'Verifies settings for AWS root account'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_root_user do
|
|
6
6
|
it { should have_access_key }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
# TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin
|
|
@@ -5,14 +5,14 @@
|
|
|
5
5
|
class AwsIamUser < Inspec.resource(1)
|
|
6
6
|
name 'aws_iam_user'
|
|
7
7
|
desc 'Verifies settings for AWS IAM user'
|
|
8
|
-
example
|
|
8
|
+
example <<~EXAMPLE
|
|
9
9
|
describe aws_iam_user(username: 'test_user') do
|
|
10
10
|
it { should have_mfa_enabled }
|
|
11
11
|
it { should_not have_console_password }
|
|
12
12
|
it { should_not have_inline_user_policies }
|
|
13
13
|
it { should_not have_attached_user_policies }
|
|
14
14
|
end
|
|
15
|
-
|
|
15
|
+
EXAMPLE
|
|
16
16
|
supports platform: 'aws'
|
|
17
17
|
|
|
18
18
|
include AwsSingularResourceMixin
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
class AwsIamUsers < Inspec.resource(1)
|
|
6
6
|
name 'aws_iam_users'
|
|
7
7
|
desc 'Verifies settings for AWS IAM users'
|
|
8
|
-
example
|
|
8
|
+
example <<~EXAMPLE
|
|
9
9
|
describe aws_iam_users.where(has_mfa_enabled?: false) do
|
|
10
10
|
it { should_not exist }
|
|
11
11
|
end
|
|
@@ -18,7 +18,7 @@ class AwsIamUsers < Inspec.resource(1)
|
|
|
18
18
|
describe aws_iam_users.where(has_attached_policies?: true) do
|
|
19
19
|
it { should_not exist }
|
|
20
20
|
end
|
|
21
|
-
|
|
21
|
+
EXAMPLE
|
|
22
22
|
supports platform: 'aws'
|
|
23
23
|
|
|
24
24
|
include AwsPluralResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsKmsKey < Inspec.resource(1)
|
|
2
2
|
name 'aws_kms_key'
|
|
3
3
|
desc 'Verifies settings for an individual AWS KMS Key'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsKmsKeys < Inspec.resource(1)
|
|
2
2
|
name 'aws_kms_keys'
|
|
3
3
|
desc 'Verifies settings for AWS KMS Keys in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_kms_keys do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
class AwsRdsInstance < Inspec.resource(1)
|
|
3
3
|
name 'aws_rds_instance'
|
|
4
4
|
desc 'Verifies settings for an rds instance'
|
|
5
|
-
example
|
|
5
|
+
example <<~EXAMPLE
|
|
6
6
|
describe aws_rds_instance(db_instance_identifier: 'test-instance-id') do
|
|
7
7
|
it { should exist }
|
|
8
8
|
end
|
|
9
|
-
|
|
9
|
+
EXAMPLE
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
12
12
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsRouteTable < Inspec.resource(1)
|
|
2
2
|
name 'aws_route_table'
|
|
3
3
|
desc 'Verifies settings for an AWS Route Table'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_route_table do
|
|
6
6
|
its('route_table_id') { should cmp 'rtb-05462d2278326a79c' }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsRouteTables < Inspec.resource(1)
|
|
2
2
|
name 'aws_route_tables'
|
|
3
3
|
desc 'Verifies settings for AWS Route Tables in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_route_tables do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
class AwsS3Bucket < Inspec.resource(1)
|
|
3
3
|
name 'aws_s3_bucket'
|
|
4
4
|
desc 'Verifies settings for a s3 bucket'
|
|
5
|
-
example
|
|
5
|
+
example <<~EXAMPLE
|
|
6
6
|
describe aws_s3_bucket(bucket_name: 'test_bucket') do
|
|
7
7
|
it { should exist }
|
|
8
8
|
end
|
|
9
|
-
|
|
9
|
+
EXAMPLE
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
12
12
|
include AwsSingularResourceMixin
|
|
@@ -2,12 +2,12 @@
|
|
|
2
2
|
class AwsS3BucketObject < Inspec.resource(1)
|
|
3
3
|
name 'aws_s3_bucket_object'
|
|
4
4
|
desc 'Verifies settings for a s3 bucket object'
|
|
5
|
-
example
|
|
5
|
+
example <<~EXAMPLE
|
|
6
6
|
describe aws_s3_bucket_object(bucket_name: 'bucket_name', key: 'file_name') do
|
|
7
7
|
it { should exist }
|
|
8
8
|
it { should_not be_public }
|
|
9
9
|
end
|
|
10
|
-
|
|
10
|
+
EXAMPLE
|
|
11
11
|
supports platform: 'aws'
|
|
12
12
|
|
|
13
13
|
include AwsSingularResourceMixin
|
|
@@ -3,11 +3,11 @@
|
|
|
3
3
|
class AwsS3Buckets < Inspec.resource(1)
|
|
4
4
|
name 'aws_s3_buckets'
|
|
5
5
|
desc 'Verifies settings for AWS S3 Buckets in bulk'
|
|
6
|
-
example
|
|
6
|
+
example <<~EXAMPLE
|
|
7
7
|
describe aws_s3_bucket do
|
|
8
8
|
its('bucket_names') { should eq ['my_bucket'] }
|
|
9
9
|
end
|
|
10
|
-
|
|
10
|
+
EXAMPLE
|
|
11
11
|
supports platform: 'aws'
|
|
12
12
|
|
|
13
13
|
include AwsPluralResourceMixin
|
|
@@ -4,11 +4,11 @@ require 'ipaddr'
|
|
|
4
4
|
class AwsSecurityGroup < Inspec.resource(1)
|
|
5
5
|
name 'aws_security_group'
|
|
6
6
|
desc 'Verifies settings for an individual AWS Security Group.'
|
|
7
|
-
example
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
7
|
+
example <<~EXAMPLE
|
|
8
|
+
describe aws_security_group('sg-12345678') do
|
|
9
|
+
it { should exist }
|
|
10
|
+
end
|
|
11
|
+
EXAMPLE
|
|
12
12
|
supports platform: 'aws'
|
|
13
13
|
|
|
14
14
|
include AwsSingularResourceMixin
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class AwsSecurityGroups < Inspec.resource(1)
|
|
2
2
|
name 'aws_security_groups'
|
|
3
3
|
desc 'Verifies settings for AWS Security Groups in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
# Verify that you have security groups defined
|
|
6
6
|
describe aws_security_groups do
|
|
7
7
|
it { should exist }
|
|
@@ -11,7 +11,7 @@ class AwsSecurityGroups < Inspec.resource(1)
|
|
|
11
11
|
describe aws_security_groups do
|
|
12
12
|
its('entries.count') { should be > 1 }
|
|
13
13
|
end
|
|
14
|
-
|
|
14
|
+
EXAMPLE
|
|
15
15
|
supports platform: 'aws'
|
|
16
16
|
|
|
17
17
|
include AwsPluralResourceMixin
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class AwsSnsSubscription < Inspec.resource(1)
|
|
2
2
|
name 'aws_sns_subscription'
|
|
3
3
|
desc 'Verifies settings for an SNS Subscription'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_sns_subscription('arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6') do
|
|
6
6
|
it { should_not have_raw_message_delivery }
|
|
7
7
|
it { should be_confirmation_authenticated }
|
|
@@ -10,7 +10,7 @@ class AwsSnsSubscription < Inspec.resource(1)
|
|
|
10
10
|
its('endpoint') { should cmp 'arn:aws:sqs:us-east-1::test-queue-01' }
|
|
11
11
|
its('protocol') { should cmp 'sqs' }
|
|
12
12
|
end
|
|
13
|
-
|
|
13
|
+
EXAMPLE
|
|
14
14
|
|
|
15
15
|
supports platform: 'aws'
|
|
16
16
|
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
class AwsSnsTopic < Inspec.resource(1)
|
|
2
2
|
name 'aws_sns_topic'
|
|
3
3
|
desc 'Verifies settings for an SNS Topic'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_sns_topic('arn:aws:sns:us-east-1:123456789012:some-topic') do
|
|
6
6
|
it { should exist }
|
|
7
7
|
its('confirmed_subscription_count') { should_not be_zero }
|
|
8
8
|
end
|
|
9
|
-
|
|
9
|
+
EXAMPLE
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
12
12
|
include AwsSingularResourceMixin
|