inspec 3.7.1 → 3.7.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +7 -2
- data/lib/inspec/config.rb +12 -0
- data/lib/inspec/shell.rb +2 -15
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-habitat/Berksfile +5 -0
- data/lib/plugins/inspec-habitat/README.md +150 -0
- data/lib/plugins/inspec-habitat/kitchen.yml +28 -0
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +9 -9
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +164 -280
- data/lib/plugins/inspec-habitat/templates/habitat/config/inspec_exec_config.json.erb +25 -0
- data/lib/plugins/inspec-habitat/templates/habitat/default.toml.erb +9 -0
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +32 -0
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +85 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +2 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/files/hab_setup.exp +28 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +9 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +61 -0
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +38 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +40 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +7 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +188 -132
- data/lib/plugins/inspec-init/templates/profiles/azure/README.md +56 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +15 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/inspec.yml +14 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/libraries/.gitkeep +0 -0
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +12 -0
- data/lib/resources/aide_conf.rb +2 -2
- data/lib/resources/apache.rb +2 -2
- data/lib/resources/apache_conf.rb +2 -2
- data/lib/resources/apt.rb +2 -2
- data/lib/resources/audit_policy.rb +2 -2
- data/lib/resources/auditd.rb +2 -2
- data/lib/resources/auditd_conf.rb +2 -2
- data/lib/resources/aws/aws_billing_report.rb +3 -2
- data/lib/resources/aws/aws_billing_reports.rb +11 -10
- data/lib/resources/aws/aws_cloudtrail_trail.rb +2 -2
- data/lib/resources/aws/aws_cloudtrail_trails.rb +2 -2
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +9 -9
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +18 -18
- data/lib/resources/aws/aws_config_delivery_channel.rb +2 -2
- data/lib/resources/aws/aws_config_recorder.rb +2 -2
- data/lib/resources/aws/aws_ebs_volume.rb +2 -2
- data/lib/resources/aws/aws_ebs_volumes.rb +2 -2
- data/lib/resources/aws/aws_ec2_instance.rb +2 -2
- data/lib/resources/aws/aws_ec2_instances.rb +2 -2
- data/lib/resources/aws/aws_ecs_cluster.rb +2 -2
- data/lib/resources/aws/aws_eks_cluster.rb +2 -2
- data/lib/resources/aws/aws_elb.rb +2 -2
- data/lib/resources/aws/aws_elbs.rb +2 -2
- data/lib/resources/aws/aws_flow_log.rb +2 -2
- data/lib/resources/aws/aws_iam_access_key.rb +2 -2
- data/lib/resources/aws/aws_iam_access_keys.rb +2 -2
- data/lib/resources/aws/aws_iam_group.rb +2 -2
- data/lib/resources/aws/aws_iam_groups.rb +2 -2
- data/lib/resources/aws/aws_iam_password_policy.rb +2 -2
- data/lib/resources/aws/aws_iam_policies.rb +2 -2
- data/lib/resources/aws/aws_iam_policy.rb +2 -2
- data/lib/resources/aws/aws_iam_role.rb +2 -2
- data/lib/resources/aws/aws_iam_root_user.rb +2 -2
- data/lib/resources/aws/aws_iam_user.rb +2 -2
- data/lib/resources/aws/aws_iam_users.rb +2 -2
- data/lib/resources/aws/aws_kms_key.rb +2 -2
- data/lib/resources/aws/aws_kms_keys.rb +2 -2
- data/lib/resources/aws/aws_rds_instance.rb +2 -2
- data/lib/resources/aws/aws_route_table.rb +2 -2
- data/lib/resources/aws/aws_route_tables.rb +2 -2
- data/lib/resources/aws/aws_s3_bucket.rb +2 -2
- data/lib/resources/aws/aws_s3_bucket_object.rb +2 -2
- data/lib/resources/aws/aws_s3_buckets.rb +2 -2
- data/lib/resources/aws/aws_security_group.rb +5 -5
- data/lib/resources/aws/aws_security_groups.rb +2 -2
- data/lib/resources/aws/aws_sns_subscription.rb +2 -2
- data/lib/resources/aws/aws_sns_topic.rb +2 -2
- data/lib/resources/aws/aws_sns_topics.rb +2 -2
- data/lib/resources/aws/aws_sqs_queue.rb +2 -2
- data/lib/resources/aws/aws_subnet.rb +2 -2
- data/lib/resources/aws/aws_subnets.rb +2 -2
- data/lib/resources/aws/aws_vpc.rb +2 -2
- data/lib/resources/aws/aws_vpcs.rb +2 -2
- data/lib/resources/bash.rb +2 -2
- data/lib/resources/bond.rb +2 -2
- data/lib/resources/bridge.rb +2 -2
- data/lib/resources/chocolatey_package.rb +2 -2
- data/lib/resources/command.rb +2 -2
- data/lib/resources/cpan.rb +2 -2
- data/lib/resources/cran.rb +2 -2
- data/lib/resources/crontab.rb +2 -2
- data/lib/resources/csv.rb +2 -2
- data/lib/resources/dh_params.rb +2 -2
- data/lib/resources/directory.rb +2 -2
- data/lib/resources/docker.rb +2 -2
- data/lib/resources/docker_container.rb +2 -2
- data/lib/resources/docker_image.rb +2 -2
- data/lib/resources/docker_plugin.rb +2 -2
- data/lib/resources/docker_service.rb +2 -2
- data/lib/resources/elasticsearch.rb +2 -2
- data/lib/resources/etc_fstab.rb +2 -2
- data/lib/resources/etc_group.rb +2 -2
- data/lib/resources/etc_hosts.rb +2 -2
- data/lib/resources/etc_hosts_allow_deny.rb +4 -4
- data/lib/resources/file.rb +2 -2
- data/lib/resources/filesystem.rb +2 -2
- data/lib/resources/firewalld.rb +2 -2
- data/lib/resources/gem.rb +2 -2
- data/lib/resources/groups.rb +4 -4
- data/lib/resources/grub_conf.rb +2 -2
- data/lib/resources/host.rb +2 -2
- data/lib/resources/http.rb +25 -5
- data/lib/resources/iis_app.rb +2 -2
- data/lib/resources/iis_app_pool.rb +6 -3
- data/lib/resources/iis_site.rb +4 -4
- data/lib/resources/inetd_conf.rb +2 -2
- data/lib/resources/ini.rb +2 -2
- data/lib/resources/interface.rb +2 -2
- data/lib/resources/iptables.rb +2 -2
- data/lib/resources/json.rb +2 -3
- data/lib/resources/kernel_module.rb +17 -18
- data/lib/resources/kernel_parameter.rb +2 -2
- data/lib/resources/key_rsa.rb +2 -2
- data/lib/resources/ksh.rb +2 -2
- data/lib/resources/limits_conf.rb +2 -2
- data/lib/resources/login_def.rb +2 -2
- data/lib/resources/mount.rb +2 -2
- data/lib/resources/mssql_session.rb +2 -2
- data/lib/resources/mysql_conf.rb +2 -2
- data/lib/resources/mysql_session.rb +2 -2
- data/lib/resources/nginx.rb +2 -2
- data/lib/resources/nginx_conf.rb +2 -2
- data/lib/resources/npm.rb +2 -2
- data/lib/resources/ntp_conf.rb +2 -2
- data/lib/resources/oneget.rb +2 -2
- data/lib/resources/oracledb_session.rb +2 -2
- data/lib/resources/os.rb +2 -2
- data/lib/resources/os_env.rb +2 -2
- data/lib/resources/package.rb +2 -2
- data/lib/resources/packages.rb +2 -2
- data/lib/resources/parse_config.rb +4 -4
- data/lib/resources/passwd.rb +2 -2
- data/lib/resources/pip.rb +2 -2
- data/lib/resources/platform.rb +2 -2
- data/lib/resources/port.rb +2 -2
- data/lib/resources/postgres_conf.rb +2 -2
- data/lib/resources/postgres_hba_conf.rb +2 -2
- data/lib/resources/postgres_ident_conf.rb +2 -2
- data/lib/resources/postgres_session.rb +2 -2
- data/lib/resources/powershell.rb +2 -2
- data/lib/resources/processes.rb +2 -2
- data/lib/resources/rabbitmq_conf.rb +2 -2
- data/lib/resources/registry_key.rb +2 -2
- data/lib/resources/security_identifier.rb +2 -2
- data/lib/resources/security_policy.rb +2 -2
- data/lib/resources/service.rb +14 -14
- data/lib/resources/shadow.rb +2 -2
- data/lib/resources/ssh_conf.rb +4 -4
- data/lib/resources/ssl.rb +2 -2
- data/lib/resources/sys_info.rb +2 -2
- data/lib/resources/toml.rb +2 -2
- data/lib/resources/users.rb +4 -4
- data/lib/resources/vbscript.rb +2 -2
- data/lib/resources/virtualization.rb +2 -2
- data/lib/resources/windows_feature.rb +2 -2
- data/lib/resources/windows_hotfix.rb +2 -2
- data/lib/resources/windows_task.rb +2 -2
- data/lib/resources/wmi.rb +2 -2
- data/lib/resources/x509_certificate.rb +2 -2
- data/lib/resources/xinetd.rb +2 -2
- data/lib/resources/xml.rb +2 -2
- data/lib/resources/yaml.rb +2 -2
- data/lib/resources/yum.rb +2 -2
- data/lib/resources/zfs_dataset.rb +2 -2
- data/lib/resources/zfs_pool.rb +2 -2
- metadata +26 -4
@@ -1,11 +1,11 @@
|
|
1
1
|
class AwsSnsTopics < Inspec.resource(1)
|
2
2
|
name 'aws_sns_topics'
|
3
3
|
desc 'Verifies settings for SNS Topics in bulk'
|
4
|
-
example
|
4
|
+
example <<~EXAMPLE
|
5
5
|
describe aws_sns_topics do
|
6
6
|
its('topic_arns') { should include '' }
|
7
7
|
end
|
8
|
-
|
8
|
+
EXAMPLE
|
9
9
|
supports platform: 'aws'
|
10
10
|
|
11
11
|
include AwsPluralResourceMixin
|
@@ -3,12 +3,12 @@ require 'uri'
|
|
3
3
|
class AwsSqsQueue < Inspec.resource(1)
|
4
4
|
name 'aws_sqs_queue'
|
5
5
|
desc 'Verifies settings for an SQS Queue'
|
6
|
-
example
|
6
|
+
example <<~EXAMPLE
|
7
7
|
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/519527725796/QueueName') do
|
8
8
|
it { should exist }
|
9
9
|
its('visiblity_timeout') { should be 300}
|
10
10
|
end
|
11
|
-
|
11
|
+
EXAMPLE
|
12
12
|
supports platform: 'aws'
|
13
13
|
|
14
14
|
include AwsSingularResourceMixin
|
@@ -1,12 +1,12 @@
|
|
1
1
|
class AwsSubnet < Inspec.resource(1)
|
2
2
|
name 'aws_subnet'
|
3
3
|
desc 'This resource is used to test the attributes of a VPC subnet'
|
4
|
-
example
|
4
|
+
example <<~EXAMPLE
|
5
5
|
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
6
6
|
it { should exist }
|
7
7
|
its('cidr_block') { should eq '10.0.1.0/24' }
|
8
8
|
end
|
9
|
-
|
9
|
+
EXAMPLE
|
10
10
|
supports platform: 'aws'
|
11
11
|
|
12
12
|
include AwsSingularResourceMixin
|
@@ -1,14 +1,14 @@
|
|
1
1
|
class AwsSubnets < Inspec.resource(1)
|
2
2
|
name 'aws_subnets'
|
3
3
|
desc 'Verifies settings for VPC Subnets in bulk'
|
4
|
-
example
|
4
|
+
example <<~EXAMPLE
|
5
5
|
# you should be able to test the cidr_block of a subnet
|
6
6
|
describe aws_subnets.where(vpc_id: 'vpc-123456789') do
|
7
7
|
its('subnet_ids') { should eq ['subnet-12345678', 'subnet-87654321'] }
|
8
8
|
its('cidr_blocks') { should eq ['172.31.96.0/20'] }
|
9
9
|
its('states') { should_not include 'pending' }
|
10
10
|
end
|
11
|
-
|
11
|
+
EXAMPLE
|
12
12
|
supports platform: 'aws'
|
13
13
|
|
14
14
|
include AwsPluralResourceMixin
|
@@ -1,12 +1,12 @@
|
|
1
1
|
class AwsVpc < Inspec.resource(1)
|
2
2
|
name 'aws_vpc'
|
3
3
|
desc 'Verifies settings for AWS VPC'
|
4
|
-
example
|
4
|
+
example <<~EXAMPLE
|
5
5
|
describe aws_vpc do
|
6
6
|
it { should be_default }
|
7
7
|
its('cidr_block') { should cmp '10.0.0.0/16' }
|
8
8
|
end
|
9
|
-
|
9
|
+
EXAMPLE
|
10
10
|
supports platform: 'aws'
|
11
11
|
|
12
12
|
include AwsSingularResourceMixin
|
@@ -1,11 +1,11 @@
|
|
1
1
|
class AwsVpcs < Inspec.resource(1)
|
2
2
|
name 'aws_vpcs'
|
3
3
|
desc 'Verifies settings for AWS VPCs in bulk'
|
4
|
-
example
|
4
|
+
example <<~EXAMPLE
|
5
5
|
describe aws_vpcs do
|
6
6
|
it { should exist }
|
7
7
|
end
|
8
|
-
|
8
|
+
EXAMPLE
|
9
9
|
supports platform: 'aws'
|
10
10
|
|
11
11
|
include AwsPluralResourceMixin
|
data/lib/resources/bash.rb
CHANGED
@@ -8,7 +8,7 @@ module Inspec::Resources
|
|
8
8
|
name 'bash'
|
9
9
|
supports platform: 'unix'
|
10
10
|
desc 'Run a command or script in BASH.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe bash('ls -al /') do
|
13
13
|
its('stdout') { should match /bin/ }
|
14
14
|
its('stderr') { should eq '' }
|
@@ -20,7 +20,7 @@ module Inspec::Resources
|
|
20
20
|
|
21
21
|
# Specify arguments (defaults to -c)
|
22
22
|
bash('...', args: '-x -c')
|
23
|
-
|
23
|
+
EXAMPLE
|
24
24
|
|
25
25
|
def initialize(command, options = {})
|
26
26
|
@raw_command = command
|
data/lib/resources/bond.rb
CHANGED
@@ -8,11 +8,11 @@ module Inspec::Resources
|
|
8
8
|
name 'bond'
|
9
9
|
supports platform: 'unix'
|
10
10
|
desc 'Use the bond InSpec audit resource to test a logical, bonded network interface (i.e. "two or more network interfaces aggregated into a single, logical network interface"). On Linux platforms, any value in the /proc/net/bonding directory may be tested.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe bond('bond0') do
|
13
13
|
it { should exist }
|
14
14
|
end
|
15
|
-
|
15
|
+
EXAMPLE
|
16
16
|
|
17
17
|
include FileReader
|
18
18
|
|
data/lib/resources/bridge.rb
CHANGED
@@ -11,12 +11,12 @@ module Inspec::Resources
|
|
11
11
|
name 'bridge'
|
12
12
|
supports platform: 'unix'
|
13
13
|
desc 'Use the bridge InSpec audit resource to test basic network bridge properties, such as name, if an interface is defined, and the associations for any defined interface.'
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe bridge 'br0' do
|
16
16
|
it { should exist }
|
17
17
|
it { should have_interface 'eth0' }
|
18
18
|
end
|
19
|
-
|
19
|
+
EXAMPLE
|
20
20
|
|
21
21
|
def initialize(bridge_name)
|
22
22
|
@bridge_name = bridge_name
|
@@ -7,12 +7,12 @@ module Inspec::Resources
|
|
7
7
|
name 'chocolatey_package'
|
8
8
|
supports platform: 'windows'
|
9
9
|
desc 'Use the chocolatey_package InSpec audit resource to test if the named package and/or package version is installed on the system.'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe chocolatey_package('git') do
|
12
12
|
it { should be_installed }
|
13
13
|
its('version') { should eq '2.15.1' }
|
14
14
|
end
|
15
|
-
|
15
|
+
EXAMPLE
|
16
16
|
|
17
17
|
attr_reader :package_name
|
18
18
|
|
data/lib/resources/command.rb
CHANGED
@@ -7,7 +7,7 @@ module Inspec::Resources
|
|
7
7
|
supports platform: 'unix'
|
8
8
|
supports platform: 'windows'
|
9
9
|
desc 'Use the command InSpec audit resource to test an arbitrary command that is run on the system.'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe command('ls -al /') do
|
12
12
|
its('stdout') { should match /bin/ }
|
13
13
|
its('stderr') { should eq '' }
|
@@ -18,7 +18,7 @@ module Inspec::Resources
|
|
18
18
|
describe command('ls') do
|
19
19
|
it { should exist }
|
20
20
|
end
|
21
|
-
|
21
|
+
EXAMPLE
|
22
22
|
|
23
23
|
attr_reader :command
|
24
24
|
|
data/lib/resources/cpan.rb
CHANGED
@@ -11,11 +11,11 @@ module Inspec::Resources
|
|
11
11
|
name 'cpan'
|
12
12
|
supports platform: 'unix'
|
13
13
|
desc 'Use the `cpan` InSpec audit resource to test Perl modules that are installed by system packages or the CPAN installer.'
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe cpan('DBD::Pg') do
|
16
16
|
it { should be_installed }
|
17
17
|
end
|
18
|
-
|
18
|
+
EXAMPLE
|
19
19
|
|
20
20
|
def initialize(package_name, perl_lib_path = nil)
|
21
21
|
@package_name = package_name
|
data/lib/resources/cran.rb
CHANGED
@@ -11,11 +11,11 @@ module Inspec::Resources
|
|
11
11
|
name 'cran'
|
12
12
|
supports platform: 'unix'
|
13
13
|
desc 'Use the `cran` InSpec audit resource to test R modules that are installed from CRAN package repository.'
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe cran('DBI') do
|
16
16
|
it { should be_installed }
|
17
17
|
end
|
18
|
-
|
18
|
+
EXAMPLE
|
19
19
|
|
20
20
|
def initialize(package_name)
|
21
21
|
@package_name = package_name
|
data/lib/resources/crontab.rb
CHANGED
@@ -8,7 +8,7 @@ module Inspec::Resources
|
|
8
8
|
name 'crontab'
|
9
9
|
supports platform: 'unix'
|
10
10
|
desc 'Use the crontab InSpec audit resource to test the contents of the crontab for a given user which contains information about scheduled tasks owned by that user.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe crontab(user: 'root') do
|
13
13
|
its('commands') { should include '/path/to/some/script' }
|
14
14
|
end
|
@@ -29,7 +29,7 @@ module Inspec::Resources
|
|
29
29
|
describe crontab(path: '/etc/cron.d/some_crontab') do
|
30
30
|
its('commands') { should include '/path/to/some/script' }
|
31
31
|
end
|
32
|
-
|
32
|
+
EXAMPLE
|
33
33
|
|
34
34
|
attr_reader :params
|
35
35
|
|
data/lib/resources/csv.rb
CHANGED
@@ -7,11 +7,11 @@ module Inspec::Resources
|
|
7
7
|
class CsvConfig < JsonConfig
|
8
8
|
name 'csv'
|
9
9
|
desc 'Use the csv InSpec audit resource to test configuration data in a CSV file.'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe csv('example.csv') do
|
12
12
|
its('name') { should eq(['John', 'Alice']) }
|
13
13
|
end
|
14
|
-
|
14
|
+
EXAMPLE
|
15
15
|
|
16
16
|
# override the parse method from JsonConfig
|
17
17
|
# Assuming a header row of name,col1,col2, it will output an array of hashes like so:
|
data/lib/resources/dh_params.rb
CHANGED
@@ -11,7 +11,7 @@ class DhParams < Inspec.resource(1)
|
|
11
11
|
parameters.
|
12
12
|
'
|
13
13
|
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe dh_params('/path/to/file.dh_pem') do
|
16
16
|
it { should be_dh_params }
|
17
17
|
it { should be_valid }
|
@@ -21,7 +21,7 @@ class DhParams < Inspec.resource(1)
|
|
21
21
|
its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
|
22
22
|
its('text') { should eq 'PKCS#3 DH Parameters: (2048 bit)...' }
|
23
23
|
end
|
24
|
-
|
24
|
+
EXAMPLE
|
25
25
|
|
26
26
|
include FileReader
|
27
27
|
|
data/lib/resources/directory.rb
CHANGED
@@ -8,11 +8,11 @@ module Inspec::Resources
|
|
8
8
|
supports platform: 'unix'
|
9
9
|
supports platform: 'windows'
|
10
10
|
desc 'Use the directory InSpec audit resource to test if the file type is a directory. This is equivalent to using the file InSpec audit resource and the be_directory matcher, but provides a simpler and more direct way to test directories. All of the matchers available to file may be used with directory.'
|
11
|
-
example
|
11
|
+
example <<~EXAMPLE
|
12
12
|
describe directory('path') do
|
13
13
|
it { should be_directory }
|
14
14
|
end
|
15
|
-
|
15
|
+
EXAMPLE
|
16
16
|
|
17
17
|
def exist?
|
18
18
|
file.exist? && file.directory?
|
data/lib/resources/docker.rb
CHANGED
@@ -94,7 +94,7 @@ module Inspec::Resources
|
|
94
94
|
A resource to retrieve information about docker
|
95
95
|
"
|
96
96
|
|
97
|
-
example
|
97
|
+
example <<~EXAMPLE
|
98
98
|
describe docker.containers do
|
99
99
|
its('images') { should_not include 'u12:latest' }
|
100
100
|
end
|
@@ -127,7 +127,7 @@ module Inspec::Resources
|
|
127
127
|
its(%w(HostConfig Privileged)) { should_not cmp true }
|
128
128
|
end
|
129
129
|
end
|
130
|
-
|
130
|
+
EXAMPLE
|
131
131
|
|
132
132
|
def containers
|
133
133
|
DockerContainerFilter.new(parse_containers)
|
@@ -11,7 +11,7 @@ module Inspec::Resources
|
|
11
11
|
name 'docker_container'
|
12
12
|
supports platform: 'unix'
|
13
13
|
desc ''
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe docker_container('an-echo-server') do
|
16
16
|
it { should exist }
|
17
17
|
it { should be_running }
|
@@ -28,7 +28,7 @@ module Inspec::Resources
|
|
28
28
|
it { should exist }
|
29
29
|
it { should be_running }
|
30
30
|
end
|
31
|
-
|
31
|
+
EXAMPLE
|
32
32
|
|
33
33
|
def initialize(opts = {})
|
34
34
|
# if a string is provided, we expect it is the name
|
@@ -11,7 +11,7 @@ module Inspec::Resources
|
|
11
11
|
name 'docker_image'
|
12
12
|
supports platform: 'unix'
|
13
13
|
desc ''
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe docker_image('alpine:latest') do
|
16
16
|
it { should exist }
|
17
17
|
its('id') { should_not eq '' }
|
@@ -27,7 +27,7 @@ module Inspec::Resources
|
|
27
27
|
describe docker_image(id: '4a415e366388') do
|
28
28
|
it { should exist }
|
29
29
|
end
|
30
|
-
|
30
|
+
EXAMPLE
|
31
31
|
|
32
32
|
def initialize(opts = {})
|
33
33
|
# do sanitizion of input values
|
@@ -5,7 +5,7 @@ module Inspec::Resources
|
|
5
5
|
name 'docker_plugin'
|
6
6
|
supports platform: 'unix'
|
7
7
|
desc 'Retrieves info about docker plugins'
|
8
|
-
example
|
8
|
+
example <<~EXAMPLE
|
9
9
|
describe docker_plugin('rexray/ebs') do
|
10
10
|
it { should exist }
|
11
11
|
its('id') { should_not eq '0ac30b93ad40' }
|
@@ -20,7 +20,7 @@ module Inspec::Resources
|
|
20
20
|
describe docker_plugin(id: '4a415e366388') do
|
21
21
|
it { should exist }
|
22
22
|
end
|
23
|
-
|
23
|
+
EXAMPLE
|
24
24
|
|
25
25
|
def initialize(opts = {})
|
26
26
|
# do sanitizion of input values
|
@@ -11,7 +11,7 @@ module Inspec::Resources
|
|
11
11
|
name 'docker_service'
|
12
12
|
supports platform: 'unix'
|
13
13
|
desc 'Swarm-mode service'
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe docker_service('service1') do
|
16
16
|
it { should exist }
|
17
17
|
its('id') { should_not eq '' }
|
@@ -27,7 +27,7 @@ module Inspec::Resources
|
|
27
27
|
describe docker_service(image: 'alpine:latest') do
|
28
28
|
it { should exist }
|
29
29
|
end
|
30
|
-
|
30
|
+
EXAMPLE
|
31
31
|
|
32
32
|
def initialize(opts = {})
|
33
33
|
# do sanitizion of input values
|
@@ -11,7 +11,7 @@ module Inspec::Resources
|
|
11
11
|
desc "Use the Elasticsearch InSpec audit resource to test the status of nodes in
|
12
12
|
an Elasticsearch cluster."
|
13
13
|
|
14
|
-
example
|
14
|
+
example <<~EXAMPLE
|
15
15
|
describe elasticsearch('http://eshost.mycompany.biz:9200/', username: 'elastic', password: 'changeme', ssl_verify: false) do
|
16
16
|
its('node_count') { should >= 3 }
|
17
17
|
end
|
@@ -21,7 +21,7 @@ module Inspec::Resources
|
|
21
21
|
its('os') { should_not include 'MacOS' }
|
22
22
|
its('version') { should cmp > 1.2.0 }
|
23
23
|
end
|
24
|
-
|
24
|
+
EXAMPLE
|
25
25
|
|
26
26
|
filter = FilterTable.create
|
27
27
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
data/lib/resources/etc_fstab.rb
CHANGED
@@ -9,7 +9,7 @@ module Inspec::Resources
|
|
9
9
|
name 'etc_fstab'
|
10
10
|
supports platform: 'unix'
|
11
11
|
desc 'Use the etc_fstab InSpec audit resource to check the configuration of the etc/fstab file.'
|
12
|
-
example
|
12
|
+
example <<~EXAMPLE
|
13
13
|
nfs_systems = etc_fstab.nfs_file_systems.entries
|
14
14
|
nfs_systems.each do |file_system|
|
15
15
|
describe file_system do
|
@@ -22,7 +22,7 @@ module Inspec::Resources
|
|
22
22
|
describe etc_fstab do
|
23
23
|
its ('home_mount_options') { should include 'nosuid' }
|
24
24
|
end
|
25
|
-
|
25
|
+
EXAMPLE
|
26
26
|
|
27
27
|
attr_reader :params
|
28
28
|
|
data/lib/resources/etc_group.rb
CHANGED
@@ -30,13 +30,13 @@ module Inspec::Resources
|
|
30
30
|
name 'etc_group'
|
31
31
|
supports platform: 'unix'
|
32
32
|
desc 'Use the etc_group InSpec audit resource to test groups that are defined on Linux and UNIX platforms. The /etc/group file stores details about each group---group name, password, group identifier, along with a comma-separate list of users that belong to the group.'
|
33
|
-
example
|
33
|
+
example <<~EXAMPLE
|
34
34
|
describe etc_group do
|
35
35
|
its('gids') { should_not contain_duplicates }
|
36
36
|
its('groups') { should include 'my_user' }
|
37
37
|
its('users') { should include 'my_user' }
|
38
38
|
end
|
39
|
-
|
39
|
+
EXAMPLE
|
40
40
|
|
41
41
|
include FileReader
|
42
42
|
|
data/lib/resources/etc_hosts.rb
CHANGED
@@ -10,13 +10,13 @@ class EtcHosts < Inspec.resource(1)
|
|
10
10
|
supports platform: 'windows'
|
11
11
|
desc 'Use the etc_hosts InSpec audit resource to find an
|
12
12
|
ip_address and its associated hosts'
|
13
|
-
example
|
13
|
+
example <<~EXAMPLE
|
14
14
|
describe etc_hosts.where { ip_address == '127.0.0.1' } do
|
15
15
|
its('ip_address') { should cmp '127.0.0.1' }
|
16
16
|
its('primary_name') { should cmp 'localhost' }
|
17
17
|
its('all_host_names') { should eq [['localhost', 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4']] }
|
18
18
|
end
|
19
|
-
|
19
|
+
EXAMPLE
|
20
20
|
|
21
21
|
attr_reader :params
|
22
22
|
|
@@ -9,12 +9,12 @@ module Inspec::Resources
|
|
9
9
|
supports platform: 'unix'
|
10
10
|
desc 'Use the etc_hosts_allow InSpec audit resource to test the connections
|
11
11
|
the client will allow. Controlled by the /etc/hosts.allow file.'
|
12
|
-
example
|
12
|
+
example <<~EXAMPLE
|
13
13
|
describe etc_hosts_allow.where { daemon == 'ALL' } do
|
14
14
|
its('client_list') { should include ['127.0.0.1', '[::1]'] }
|
15
15
|
its('options') { should eq [[]] }
|
16
16
|
end
|
17
|
-
|
17
|
+
EXAMPLE
|
18
18
|
|
19
19
|
attr_reader :params
|
20
20
|
|
@@ -91,12 +91,12 @@ module Inspec::Resources
|
|
91
91
|
supports platform: 'unix'
|
92
92
|
desc 'Use the etc_hosts_deny InSpec audit resource to test the connections
|
93
93
|
the client will deny. Controlled by the /etc/hosts.deny file.'
|
94
|
-
example
|
94
|
+
example <<~EXAMPLE
|
95
95
|
describe etc_hosts_deny.where { daemon_list == 'ALL' } do
|
96
96
|
its('client_list') { should eq [['127.0.0.1', '[::1]']] }
|
97
97
|
its('options') { should eq [] }
|
98
98
|
end
|
99
|
-
|
99
|
+
EXAMPLE
|
100
100
|
|
101
101
|
def initialize(path = nil)
|
102
102
|
return skip_resource '`etc_hosts_deny` is not supported on your OS' unless inspec.os.linux?
|