inspec 3.7.1 → 3.7.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +7 -2
- data/lib/inspec/config.rb +12 -0
- data/lib/inspec/shell.rb +2 -15
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-habitat/Berksfile +5 -0
- data/lib/plugins/inspec-habitat/README.md +150 -0
- data/lib/plugins/inspec-habitat/kitchen.yml +28 -0
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +9 -9
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +164 -280
- data/lib/plugins/inspec-habitat/templates/habitat/config/inspec_exec_config.json.erb +25 -0
- data/lib/plugins/inspec-habitat/templates/habitat/default.toml.erb +9 -0
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +32 -0
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +85 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +2 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/files/hab_setup.exp +28 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +9 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +61 -0
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +38 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +40 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +7 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +188 -132
- data/lib/plugins/inspec-init/templates/profiles/azure/README.md +56 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +15 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/inspec.yml +14 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/libraries/.gitkeep +0 -0
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +12 -0
- data/lib/resources/aide_conf.rb +2 -2
- data/lib/resources/apache.rb +2 -2
- data/lib/resources/apache_conf.rb +2 -2
- data/lib/resources/apt.rb +2 -2
- data/lib/resources/audit_policy.rb +2 -2
- data/lib/resources/auditd.rb +2 -2
- data/lib/resources/auditd_conf.rb +2 -2
- data/lib/resources/aws/aws_billing_report.rb +3 -2
- data/lib/resources/aws/aws_billing_reports.rb +11 -10
- data/lib/resources/aws/aws_cloudtrail_trail.rb +2 -2
- data/lib/resources/aws/aws_cloudtrail_trails.rb +2 -2
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +9 -9
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +18 -18
- data/lib/resources/aws/aws_config_delivery_channel.rb +2 -2
- data/lib/resources/aws/aws_config_recorder.rb +2 -2
- data/lib/resources/aws/aws_ebs_volume.rb +2 -2
- data/lib/resources/aws/aws_ebs_volumes.rb +2 -2
- data/lib/resources/aws/aws_ec2_instance.rb +2 -2
- data/lib/resources/aws/aws_ec2_instances.rb +2 -2
- data/lib/resources/aws/aws_ecs_cluster.rb +2 -2
- data/lib/resources/aws/aws_eks_cluster.rb +2 -2
- data/lib/resources/aws/aws_elb.rb +2 -2
- data/lib/resources/aws/aws_elbs.rb +2 -2
- data/lib/resources/aws/aws_flow_log.rb +2 -2
- data/lib/resources/aws/aws_iam_access_key.rb +2 -2
- data/lib/resources/aws/aws_iam_access_keys.rb +2 -2
- data/lib/resources/aws/aws_iam_group.rb +2 -2
- data/lib/resources/aws/aws_iam_groups.rb +2 -2
- data/lib/resources/aws/aws_iam_password_policy.rb +2 -2
- data/lib/resources/aws/aws_iam_policies.rb +2 -2
- data/lib/resources/aws/aws_iam_policy.rb +2 -2
- data/lib/resources/aws/aws_iam_role.rb +2 -2
- data/lib/resources/aws/aws_iam_root_user.rb +2 -2
- data/lib/resources/aws/aws_iam_user.rb +2 -2
- data/lib/resources/aws/aws_iam_users.rb +2 -2
- data/lib/resources/aws/aws_kms_key.rb +2 -2
- data/lib/resources/aws/aws_kms_keys.rb +2 -2
- data/lib/resources/aws/aws_rds_instance.rb +2 -2
- data/lib/resources/aws/aws_route_table.rb +2 -2
- data/lib/resources/aws/aws_route_tables.rb +2 -2
- data/lib/resources/aws/aws_s3_bucket.rb +2 -2
- data/lib/resources/aws/aws_s3_bucket_object.rb +2 -2
- data/lib/resources/aws/aws_s3_buckets.rb +2 -2
- data/lib/resources/aws/aws_security_group.rb +5 -5
- data/lib/resources/aws/aws_security_groups.rb +2 -2
- data/lib/resources/aws/aws_sns_subscription.rb +2 -2
- data/lib/resources/aws/aws_sns_topic.rb +2 -2
- data/lib/resources/aws/aws_sns_topics.rb +2 -2
- data/lib/resources/aws/aws_sqs_queue.rb +2 -2
- data/lib/resources/aws/aws_subnet.rb +2 -2
- data/lib/resources/aws/aws_subnets.rb +2 -2
- data/lib/resources/aws/aws_vpc.rb +2 -2
- data/lib/resources/aws/aws_vpcs.rb +2 -2
- data/lib/resources/bash.rb +2 -2
- data/lib/resources/bond.rb +2 -2
- data/lib/resources/bridge.rb +2 -2
- data/lib/resources/chocolatey_package.rb +2 -2
- data/lib/resources/command.rb +2 -2
- data/lib/resources/cpan.rb +2 -2
- data/lib/resources/cran.rb +2 -2
- data/lib/resources/crontab.rb +2 -2
- data/lib/resources/csv.rb +2 -2
- data/lib/resources/dh_params.rb +2 -2
- data/lib/resources/directory.rb +2 -2
- data/lib/resources/docker.rb +2 -2
- data/lib/resources/docker_container.rb +2 -2
- data/lib/resources/docker_image.rb +2 -2
- data/lib/resources/docker_plugin.rb +2 -2
- data/lib/resources/docker_service.rb +2 -2
- data/lib/resources/elasticsearch.rb +2 -2
- data/lib/resources/etc_fstab.rb +2 -2
- data/lib/resources/etc_group.rb +2 -2
- data/lib/resources/etc_hosts.rb +2 -2
- data/lib/resources/etc_hosts_allow_deny.rb +4 -4
- data/lib/resources/file.rb +2 -2
- data/lib/resources/filesystem.rb +2 -2
- data/lib/resources/firewalld.rb +2 -2
- data/lib/resources/gem.rb +2 -2
- data/lib/resources/groups.rb +4 -4
- data/lib/resources/grub_conf.rb +2 -2
- data/lib/resources/host.rb +2 -2
- data/lib/resources/http.rb +25 -5
- data/lib/resources/iis_app.rb +2 -2
- data/lib/resources/iis_app_pool.rb +6 -3
- data/lib/resources/iis_site.rb +4 -4
- data/lib/resources/inetd_conf.rb +2 -2
- data/lib/resources/ini.rb +2 -2
- data/lib/resources/interface.rb +2 -2
- data/lib/resources/iptables.rb +2 -2
- data/lib/resources/json.rb +2 -3
- data/lib/resources/kernel_module.rb +17 -18
- data/lib/resources/kernel_parameter.rb +2 -2
- data/lib/resources/key_rsa.rb +2 -2
- data/lib/resources/ksh.rb +2 -2
- data/lib/resources/limits_conf.rb +2 -2
- data/lib/resources/login_def.rb +2 -2
- data/lib/resources/mount.rb +2 -2
- data/lib/resources/mssql_session.rb +2 -2
- data/lib/resources/mysql_conf.rb +2 -2
- data/lib/resources/mysql_session.rb +2 -2
- data/lib/resources/nginx.rb +2 -2
- data/lib/resources/nginx_conf.rb +2 -2
- data/lib/resources/npm.rb +2 -2
- data/lib/resources/ntp_conf.rb +2 -2
- data/lib/resources/oneget.rb +2 -2
- data/lib/resources/oracledb_session.rb +2 -2
- data/lib/resources/os.rb +2 -2
- data/lib/resources/os_env.rb +2 -2
- data/lib/resources/package.rb +2 -2
- data/lib/resources/packages.rb +2 -2
- data/lib/resources/parse_config.rb +4 -4
- data/lib/resources/passwd.rb +2 -2
- data/lib/resources/pip.rb +2 -2
- data/lib/resources/platform.rb +2 -2
- data/lib/resources/port.rb +2 -2
- data/lib/resources/postgres_conf.rb +2 -2
- data/lib/resources/postgres_hba_conf.rb +2 -2
- data/lib/resources/postgres_ident_conf.rb +2 -2
- data/lib/resources/postgres_session.rb +2 -2
- data/lib/resources/powershell.rb +2 -2
- data/lib/resources/processes.rb +2 -2
- data/lib/resources/rabbitmq_conf.rb +2 -2
- data/lib/resources/registry_key.rb +2 -2
- data/lib/resources/security_identifier.rb +2 -2
- data/lib/resources/security_policy.rb +2 -2
- data/lib/resources/service.rb +14 -14
- data/lib/resources/shadow.rb +2 -2
- data/lib/resources/ssh_conf.rb +4 -4
- data/lib/resources/ssl.rb +2 -2
- data/lib/resources/sys_info.rb +2 -2
- data/lib/resources/toml.rb +2 -2
- data/lib/resources/users.rb +4 -4
- data/lib/resources/vbscript.rb +2 -2
- data/lib/resources/virtualization.rb +2 -2
- data/lib/resources/windows_feature.rb +2 -2
- data/lib/resources/windows_hotfix.rb +2 -2
- data/lib/resources/windows_task.rb +2 -2
- data/lib/resources/wmi.rb +2 -2
- data/lib/resources/x509_certificate.rb +2 -2
- data/lib/resources/xinetd.rb +2 -2
- data/lib/resources/xml.rb +2 -2
- data/lib/resources/yaml.rb +2 -2
- data/lib/resources/yum.rb +2 -2
- data/lib/resources/zfs_dataset.rb +2 -2
- data/lib/resources/zfs_pool.rb +2 -2
- metadata +26 -4
@@ -26,7 +26,7 @@ module Inspec::Resources
|
|
26
26
|
supports platform: 'unix'
|
27
27
|
supports platform: 'windows'
|
28
28
|
desc 'Use the postgres_session InSpec audit resource to test SQL commands run against a PostgreSQL database.'
|
29
|
-
example
|
29
|
+
example <<~EXAMPLE
|
30
30
|
sql = postgres_session('username', 'password', 'host')
|
31
31
|
query('sql_query', ['database_name'])` contains the query and (optional) database to execute
|
32
32
|
|
@@ -38,7 +38,7 @@ module Inspec::Resources
|
|
38
38
|
describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
|
39
39
|
its('output') { should eq '' }
|
40
40
|
end
|
41
|
-
|
41
|
+
EXAMPLE
|
42
42
|
|
43
43
|
def initialize(user, pass, host = nil)
|
44
44
|
@user = user || 'postgres'
|
data/lib/resources/powershell.rb
CHANGED
@@ -7,7 +7,7 @@ module Inspec::Resources
|
|
7
7
|
supports platform: 'windows'
|
8
8
|
supports platform: 'unix'
|
9
9
|
desc 'Use the powershell InSpec audit resource to test a Windows PowerShell script on the Microsoft Windows platform.'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
script = <<-EOH
|
12
12
|
# your powershell script
|
13
13
|
EOH
|
@@ -15,7 +15,7 @@ module Inspec::Resources
|
|
15
15
|
describe powershell(script) do
|
16
16
|
its('matcher') { should eq 'output' }
|
17
17
|
end
|
18
|
-
|
18
|
+
EXAMPLE
|
19
19
|
|
20
20
|
def initialize(script)
|
21
21
|
# PowerShell is the default shell on Windows, use the `command` resource
|
data/lib/resources/processes.rb
CHANGED
@@ -10,7 +10,7 @@ module Inspec::Resources
|
|
10
10
|
supports platform: 'unix'
|
11
11
|
supports platform: 'windows'
|
12
12
|
desc 'Use the processes InSpec audit resource to test properties for programs that are running on the system.'
|
13
|
-
example
|
13
|
+
example <<~EXAMPLE
|
14
14
|
describe processes('mysqld') do
|
15
15
|
its('entries.length') { should eq 1 }
|
16
16
|
its('users') { should eq ['mysql'] }
|
@@ -25,7 +25,7 @@ module Inspec::Resources
|
|
25
25
|
describe processes do
|
26
26
|
its('entries.length') { should be <= 100 }
|
27
27
|
end
|
28
|
-
|
28
|
+
EXAMPLE
|
29
29
|
|
30
30
|
def initialize(grep = /.*/)
|
31
31
|
@grep = grep
|
@@ -10,11 +10,11 @@ module Inspec::Resources
|
|
10
10
|
desc 'Use the rabbitmq_config InSpec resource to test configuration data '\
|
11
11
|
'for the RabbitMQ service located in /etc/rabbitmq/rabbitmq.config on '\
|
12
12
|
'Linux and UNIX platforms.'
|
13
|
-
example
|
13
|
+
example <<~EXAMPLE
|
14
14
|
describe rabbitmq_config.params('rabbit', 'ssl_listeners') do
|
15
15
|
it { should cmp 5671 }
|
16
16
|
end
|
17
|
-
|
17
|
+
EXAMPLE
|
18
18
|
|
19
19
|
include FileReader
|
20
20
|
|
@@ -50,11 +50,11 @@ module Inspec::Resources
|
|
50
50
|
name 'registry_key'
|
51
51
|
supports platform: 'windows'
|
52
52
|
desc 'Use the registry_key InSpec audit resource to test key values in the Microsoft Windows registry.'
|
53
|
-
example
|
53
|
+
example <<~EXAMPLE
|
54
54
|
describe registry_key('path\to\key') do
|
55
55
|
its('name') { should eq 'value' }
|
56
56
|
end
|
57
|
-
|
57
|
+
EXAMPLE
|
58
58
|
|
59
59
|
def initialize(name, reg_key = nil)
|
60
60
|
# if we have one parameter, we use it as name
|
@@ -6,12 +6,12 @@ module Inspec::Resources
|
|
6
6
|
name 'security_identifier'
|
7
7
|
supports platform: 'windows'
|
8
8
|
desc 'Resource that returns a Security Identifier for a given entity name in Windows.'
|
9
|
-
example
|
9
|
+
example <<~EXAMPLE
|
10
10
|
describe security_identifier(group: 'Everyone') do
|
11
11
|
it { should exist }
|
12
12
|
its('sid') { should eq 'S-1-1-0' }
|
13
13
|
end
|
14
|
-
|
14
|
+
EXAMPLE
|
15
15
|
|
16
16
|
def initialize(opts = {})
|
17
17
|
supported_opt_keys = [:user, :group, :unspecified]
|
@@ -69,7 +69,7 @@ module Inspec::Resources
|
|
69
69
|
name 'security_policy'
|
70
70
|
supports platform: 'windows'
|
71
71
|
desc 'Use the security_policy InSpec audit resource to test security policies on the Microsoft Windows platform.'
|
72
|
-
example
|
72
|
+
example <<~EXAMPLE
|
73
73
|
describe security_policy do
|
74
74
|
its('SeNetworkLogonRight') { should include 'S-1-5-11' }
|
75
75
|
end
|
@@ -77,7 +77,7 @@ module Inspec::Resources
|
|
77
77
|
describe security_policy(translate_sid: true) do
|
78
78
|
its('SeNetworkLogonRight') { should include 'NT AUTHORITY\\Authenticated Users' }
|
79
79
|
end
|
80
|
-
|
80
|
+
EXAMPLE
|
81
81
|
|
82
82
|
def initialize(opts = {})
|
83
83
|
@translate_sid = opts[:translate_sid] || false
|
data/lib/resources/service.rb
CHANGED
@@ -71,7 +71,7 @@ module Inspec::Resources
|
|
71
71
|
supports platform: 'unix'
|
72
72
|
supports platform: 'windows'
|
73
73
|
desc 'Use the service InSpec audit resource to test if the named service is installed, running and/or enabled.'
|
74
|
-
example
|
74
|
+
example <<~EXAMPLE
|
75
75
|
describe service('service_name') do
|
76
76
|
it { should be_installed }
|
77
77
|
it { should be_enabled }
|
@@ -87,7 +87,7 @@ module Inspec::Resources
|
|
87
87
|
describe service('service_name').params do
|
88
88
|
its('UnitFileState') { should eq 'enabled' }
|
89
89
|
end
|
90
|
-
|
90
|
+
EXAMPLE
|
91
91
|
|
92
92
|
attr_reader :service_ctl
|
93
93
|
|
@@ -658,7 +658,7 @@ module Inspec::Resources
|
|
658
658
|
name 'systemd_service'
|
659
659
|
supports platform: 'unix'
|
660
660
|
desc 'Use the systemd_service InSpec audit resource to test if the named service (controlled by systemd) is installed, running and/or enabled.'
|
661
|
-
example
|
661
|
+
example <<~EXAMPLE
|
662
662
|
# to override service mgmt auto-detection
|
663
663
|
describe systemd_service('service_name') do
|
664
664
|
it { should be_installed }
|
@@ -670,7 +670,7 @@ module Inspec::Resources
|
|
670
670
|
describe systemd_service('service_name', '/path/to/systemctl') do
|
671
671
|
it { should be_running }
|
672
672
|
end
|
673
|
-
|
673
|
+
EXAMPLE
|
674
674
|
|
675
675
|
def select_service_mgmt
|
676
676
|
Systemd.new(inspec, service_ctl)
|
@@ -681,7 +681,7 @@ module Inspec::Resources
|
|
681
681
|
name 'upstart_service'
|
682
682
|
supports platform: 'unix'
|
683
683
|
desc 'Use the upstart_service InSpec audit resource to test if the named service (controlled by upstart) is installed, running and/or enabled.'
|
684
|
-
example
|
684
|
+
example <<~EXAMPLE
|
685
685
|
# to override service mgmt auto-detection
|
686
686
|
describe upstart_service('service_name') do
|
687
687
|
it { should be_installed }
|
@@ -693,7 +693,7 @@ module Inspec::Resources
|
|
693
693
|
describe upstart_service('service_name', '/path/to/initctl') do
|
694
694
|
it { should be_running }
|
695
695
|
end
|
696
|
-
|
696
|
+
EXAMPLE
|
697
697
|
|
698
698
|
def select_service_mgmt
|
699
699
|
Upstart.new(inspec, service_ctl)
|
@@ -704,7 +704,7 @@ module Inspec::Resources
|
|
704
704
|
name 'sysv_service'
|
705
705
|
supports platform: 'unix'
|
706
706
|
desc 'Use the sysv_service InSpec audit resource to test if the named service (controlled by SysV) is installed, running and/or enabled.'
|
707
|
-
example
|
707
|
+
example <<~EXAMPLE
|
708
708
|
# to override service mgmt auto-detection
|
709
709
|
describe sysv_service('service_name') do
|
710
710
|
it { should be_installed }
|
@@ -716,7 +716,7 @@ module Inspec::Resources
|
|
716
716
|
describe sysv_service('service_name', '/path/to/service') do
|
717
717
|
it { should be_running }
|
718
718
|
end
|
719
|
-
|
719
|
+
EXAMPLE
|
720
720
|
|
721
721
|
def select_service_mgmt
|
722
722
|
SysV.new(inspec, service_ctl)
|
@@ -727,7 +727,7 @@ module Inspec::Resources
|
|
727
727
|
name 'bsd_service'
|
728
728
|
supports platform: 'unix'
|
729
729
|
desc 'Use the bsd_service InSpec audit resource to test if the named service (controlled by BSD init) is installed, running and/or enabled.'
|
730
|
-
example
|
730
|
+
example <<~EXAMPLE
|
731
731
|
# to override service mgmt auto-detection
|
732
732
|
describe bsd_service('service_name') do
|
733
733
|
it { should be_installed }
|
@@ -739,7 +739,7 @@ module Inspec::Resources
|
|
739
739
|
describe bsd_service('service_name', '/path/to/service') do
|
740
740
|
it { should be_running }
|
741
741
|
end
|
742
|
-
|
742
|
+
EXAMPLE
|
743
743
|
|
744
744
|
def select_service_mgmt
|
745
745
|
BSDInit.new(inspec, service_ctl)
|
@@ -750,7 +750,7 @@ module Inspec::Resources
|
|
750
750
|
name 'launchd_service'
|
751
751
|
supports platform: 'unix'
|
752
752
|
desc 'Use the launchd_service InSpec audit resource to test if the named service (controlled by launchd) is installed, running and/or enabled.'
|
753
|
-
example
|
753
|
+
example <<~EXAMPLE
|
754
754
|
# to override service mgmt auto-detection
|
755
755
|
describe launchd_service('service_name') do
|
756
756
|
it { should be_installed }
|
@@ -762,7 +762,7 @@ module Inspec::Resources
|
|
762
762
|
describe launchd_service('service_name', '/path/to/launchctl') do
|
763
763
|
it { should be_running }
|
764
764
|
end
|
765
|
-
|
765
|
+
EXAMPLE
|
766
766
|
|
767
767
|
def select_service_mgmt
|
768
768
|
LaunchCtl.new(inspec, service_ctl)
|
@@ -773,7 +773,7 @@ module Inspec::Resources
|
|
773
773
|
name 'runit_service'
|
774
774
|
supports platform: 'unix'
|
775
775
|
desc 'Use the runit_service InSpec audit resource to test if the named service (controlled by runit) is installed, running and/or enabled.'
|
776
|
-
example
|
776
|
+
example <<~EXAMPLE
|
777
777
|
# to override service mgmt auto-detection
|
778
778
|
describe runit_service('service_name') do
|
779
779
|
it { should be_installed }
|
@@ -785,7 +785,7 @@ module Inspec::Resources
|
|
785
785
|
describe runit_service('service_name', '/path/to/sv') do
|
786
786
|
it { should be_running }
|
787
787
|
end
|
788
|
-
|
788
|
+
EXAMPLE
|
789
789
|
|
790
790
|
def select_service_mgmt
|
791
791
|
Runit.new(inspec, service_ctl)
|
data/lib/resources/shadow.rb
CHANGED
@@ -21,7 +21,7 @@ module Inspec::Resources
|
|
21
21
|
desc 'Use the shadow InSpec resource to test the contents of /etc/shadow, '\
|
22
22
|
'which contains information for users that may log into '\
|
23
23
|
'the system and/or as users that own running processes.'
|
24
|
-
example
|
24
|
+
example <<~EXAMPLE
|
25
25
|
describe shadow do
|
26
26
|
its('user') { should_not include 'forbidden_user' }
|
27
27
|
end
|
@@ -30,7 +30,7 @@ module Inspec::Resources
|
|
30
30
|
its('password') { should cmp 'x' }
|
31
31
|
its('count') { should eq 1 }
|
32
32
|
end
|
33
|
-
|
33
|
+
EXAMPLE
|
34
34
|
|
35
35
|
include FileReader
|
36
36
|
|
data/lib/resources/ssh_conf.rb
CHANGED
@@ -9,13 +9,13 @@ module Inspec::Resources
|
|
9
9
|
name 'ssh_config'
|
10
10
|
supports platform: 'unix'
|
11
11
|
desc 'Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms.'
|
12
|
-
example
|
12
|
+
example <<~EXAMPLE
|
13
13
|
describe ssh_config do
|
14
14
|
its('cipher') { should contain '3des' }
|
15
15
|
its('port') { should eq '22' }
|
16
16
|
its('hostname') { should include('example.com') }
|
17
17
|
end
|
18
|
-
|
18
|
+
EXAMPLE
|
19
19
|
|
20
20
|
include FileReader
|
21
21
|
|
@@ -80,11 +80,11 @@ module Inspec::Resources
|
|
80
80
|
name 'sshd_config'
|
81
81
|
supports platform: 'unix'
|
82
82
|
desc 'Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges.'
|
83
|
-
example
|
83
|
+
example <<~EXAMPLE
|
84
84
|
describe sshd_config do
|
85
85
|
its('Protocol') { should eq '2' }
|
86
86
|
end
|
87
|
-
|
87
|
+
EXAMPLE
|
88
88
|
|
89
89
|
def initialize(path = nil)
|
90
90
|
super(path || '/etc/ssh/sshd_config')
|
data/lib/resources/ssl.rb
CHANGED
@@ -16,7 +16,7 @@ class SSL < Inspec.resource(1)
|
|
16
16
|
SSL test resource
|
17
17
|
"
|
18
18
|
|
19
|
-
example
|
19
|
+
example <<~EXAMPLE
|
20
20
|
describe ssl(port: 443) do
|
21
21
|
it { should be_enabled }
|
22
22
|
end
|
@@ -30,7 +30,7 @@ class SSL < Inspec.resource(1)
|
|
30
30
|
describe ssl(port: 443).ciphers(/rc4/i) do
|
31
31
|
it { should_not be_enabled }
|
32
32
|
end
|
33
|
-
|
33
|
+
EXAMPLE
|
34
34
|
|
35
35
|
VERSIONS = [
|
36
36
|
'ssl2',
|
data/lib/resources/sys_info.rb
CHANGED
@@ -7,11 +7,11 @@ module Inspec::Resources
|
|
7
7
|
supports platform: 'windows'
|
8
8
|
|
9
9
|
desc 'Use the user InSpec system resource to test for operating system properties.'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe sys_info do
|
12
12
|
its('hostname') { should eq 'example.com' }
|
13
13
|
end
|
14
|
-
|
14
|
+
EXAMPLE
|
15
15
|
|
16
16
|
# returns the hostname of the local system
|
17
17
|
def hostname
|
data/lib/resources/toml.rb
CHANGED
@@ -7,13 +7,13 @@ module Inspec::Resources
|
|
7
7
|
class TomlConfig < JsonConfig
|
8
8
|
name 'toml'
|
9
9
|
desc 'Use the toml InSpec resource to test configuration data in a TOML file'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe toml('default.toml') do
|
12
12
|
its('key') { should eq('value') }
|
13
13
|
its (['arr', 1]) { should eq 2 }
|
14
14
|
its (['mytable', 'key1']) { should eq 'value1' }
|
15
15
|
end
|
16
|
-
|
16
|
+
EXAMPLE
|
17
17
|
|
18
18
|
def parse(content)
|
19
19
|
Tomlrb.parse(content)
|
data/lib/resources/users.rb
CHANGED
@@ -56,13 +56,13 @@ module Inspec::Resources
|
|
56
56
|
supports platform: 'unix'
|
57
57
|
supports platform: 'windows'
|
58
58
|
desc 'Use the users InSpec audit resource to test local user profiles. Users can be filtered by groups to which they belong, the frequency of required password changes, the directory paths to home and shell.'
|
59
|
-
example
|
59
|
+
example <<~EXAMPLE
|
60
60
|
describe users.where { uid == 0 }.entries do
|
61
61
|
it { should eq ['root'] }
|
62
62
|
its('uids') { should eq [1234] }
|
63
63
|
its('gids') { should eq [1234] }
|
64
64
|
end
|
65
|
-
|
65
|
+
EXAMPLE
|
66
66
|
def initialize
|
67
67
|
# select user provider
|
68
68
|
@user_provider = select_user_manager(inspec.os)
|
@@ -141,13 +141,13 @@ module Inspec::Resources
|
|
141
141
|
supports platform: 'unix'
|
142
142
|
supports platform: 'windows'
|
143
143
|
desc 'Use the user InSpec audit resource to test user profiles, including the groups to which they belong, the frequency of required password changes, the directory paths to home and shell.'
|
144
|
-
example
|
144
|
+
example <<~EXAMPLE
|
145
145
|
describe user('root') do
|
146
146
|
it { should exist }
|
147
147
|
its('uid') { should eq 1234 }
|
148
148
|
its('gid') { should eq 1234 }
|
149
149
|
end
|
150
|
-
|
150
|
+
EXAMPLE
|
151
151
|
def initialize(username = nil)
|
152
152
|
@username = username
|
153
153
|
# select user provider
|
data/lib/resources/vbscript.rb
CHANGED
@@ -23,7 +23,7 @@ module Inspec::Resources
|
|
23
23
|
name 'vbscript'
|
24
24
|
supports platform: 'windows'
|
25
25
|
desc ''
|
26
|
-
example
|
26
|
+
example <<~EXAMPLE
|
27
27
|
script = <<-EOH
|
28
28
|
# you vbscript
|
29
29
|
EOH
|
@@ -31,7 +31,7 @@ module Inspec::Resources
|
|
31
31
|
describe vbscript(script) do
|
32
32
|
its('stdout') { should eq 'output' }
|
33
33
|
end
|
34
|
-
|
34
|
+
EXAMPLE
|
35
35
|
|
36
36
|
def initialize(vbscript)
|
37
37
|
@seperator = SecureRandom.uuid
|
@@ -7,7 +7,7 @@ module Inspec::Resources
|
|
7
7
|
name 'virtualization'
|
8
8
|
supports platform: 'linux'
|
9
9
|
desc 'Use the virtualization InSpec audit resource to test the virtualization platform on which the system is running'
|
10
|
-
example
|
10
|
+
example <<~EXAMPLE
|
11
11
|
describe virtualization do
|
12
12
|
its('system') { should eq 'docker' }
|
13
13
|
end
|
@@ -22,7 +22,7 @@ module Inspec::Resources
|
|
22
22
|
end
|
23
23
|
only_if { virtualization.system == 'docker' }
|
24
24
|
end
|
25
|
-
|
25
|
+
EXAMPLE
|
26
26
|
|
27
27
|
def initialize
|
28
28
|
@virtualization_data = Hashie::Mash.new
|
@@ -5,7 +5,7 @@ module Inspec::Resources
|
|
5
5
|
name 'windows_feature'
|
6
6
|
supports platform: 'windows'
|
7
7
|
desc 'Use the windows_feature InSpec audit resource to test features on Microsoft Windows.'
|
8
|
-
example
|
8
|
+
example <<~EXAMPLE
|
9
9
|
# By default this resource will use Get-WindowsFeature.
|
10
10
|
# Failing that, it will use DISM.
|
11
11
|
|
@@ -23,7 +23,7 @@ module Inspec::Resources
|
|
23
23
|
describe windows_feature('IIS-WebServer') do
|
24
24
|
it { should be_installed }
|
25
25
|
end
|
26
|
-
|
26
|
+
EXAMPLE
|
27
27
|
|
28
28
|
def initialize(feature, method = nil)
|
29
29
|
@feature = feature
|
@@ -5,11 +5,11 @@ module Inspec::Resources
|
|
5
5
|
name 'windows_hotfix'
|
6
6
|
supports platform: 'windows'
|
7
7
|
desc 'Use the windows_hotfix InSpec audit resource to test if the hotfix has been installed on the Windows system.'
|
8
|
-
example
|
8
|
+
example <<~EXAMPLE
|
9
9
|
describe windows_hotfix('KB4012212') do
|
10
10
|
it { should be_installed }
|
11
11
|
end
|
12
|
-
|
12
|
+
EXAMPLE
|
13
13
|
|
14
14
|
attr_accessor :content
|
15
15
|
|
@@ -4,7 +4,7 @@ module Inspec::Resources
|
|
4
4
|
name 'windows_task'
|
5
5
|
supports platform: 'windows'
|
6
6
|
desc 'Use the windows_task InSpec audit resource to test task schedules on Microsoft Windows.'
|
7
|
-
example
|
7
|
+
example <<~EXAMPLE
|
8
8
|
describe windows_task('\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime') do
|
9
9
|
it { should be_enabled }
|
10
10
|
end
|
@@ -23,7 +23,7 @@ module Inspec::Resources
|
|
23
23
|
its('task_to_run') { should cmp '%Windir%\\system32\\appidpolicyconverter.exe' }
|
24
24
|
its('run_as_user') { should eq 'LOCAL SERVICE' }
|
25
25
|
end
|
26
|
-
|
26
|
+
EXAMPLE
|
27
27
|
|
28
28
|
def initialize(taskuri)
|
29
29
|
@taskuri = taskuri
|