inspec 0.9.10 → 0.9.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (159) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +22 -2
  3. data/Gemfile +1 -0
  4. data/README.md +2 -1
  5. data/bin/inspec +4 -1
  6. data/docs/dsl_resource.rst +2 -2
  7. data/docs/profiles.rst +5 -3
  8. data/examples/profile/README.md +1 -1
  9. data/inspec.gemspec +1 -1
  10. data/lib/inspec/version.rb +1 -1
  11. data/lib/resources/etc_group.rb +1 -1
  12. data/lib/resources/file.rb +5 -1
  13. data/lib/resources/package.rb +63 -9
  14. data/lib/resources/port.rb +47 -7
  15. data/lib/resources/service.rb +53 -15
  16. data/lib/resources/user.rb +42 -21
  17. data/lib/utils/parser.rb +85 -0
  18. data/test/helper.rb +8 -0
  19. data/test/integration/.kitchen.chef.yml +29 -0
  20. data/test/integration/.kitchen.ec2.yml +10 -4
  21. data/test/integration/.kitchen.shell.yml +19 -0
  22. data/test/integration/.kitchen/default-chef-solaris-1011.yml +6 -0
  23. data/test/integration/.kitchen/default-chef-windows-server-2008r2-standard.yml +7 -0
  24. data/test/integration/.kitchen/default-chef-windows-server-2012r2-standard.yml +7 -0
  25. data/test/integration/.kitchen/default-chris-rock-omnios-r151014.yml +6 -0
  26. data/test/integration/.kitchen/default-debian-81.yml +6 -0
  27. data/test/integration/.kitchen/default-omniti-omnios-r151014.yml +1 -0
  28. data/test/integration/.kitchen/default-windows-2008.yml +5 -0
  29. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-1011/.vagrant/machines/default/virtualbox/action_set_name +1 -0
  30. data/test/integration/.kitchen/kitchen-vagrant/{kitchen-integration-default-fedora-22 → kitchen-integration-default-chef-solaris-1011}/.vagrant/machines/default/virtualbox/creator_uid +0 -0
  31. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-1011/.vagrant/machines/default/virtualbox/id +1 -0
  32. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-1011/.vagrant/machines/default/virtualbox/index_uuid +1 -0
  33. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-1011/.vagrant/machines/default/virtualbox/private_key +27 -0
  34. data/test/integration/.kitchen/kitchen-vagrant/{kitchen-integration-default-fedora-22 → kitchen-integration-default-chef-solaris-1011}/.vagrant/machines/default/virtualbox/synced_folders +0 -0
  35. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-solaris-1011/Vagrantfile +8 -0
  36. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2008r2-standard/.vagrant/machines/default/virtualbox/action_set_name +1 -0
  37. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2008r2-standard/.vagrant/machines/default/virtualbox/creator_uid +1 -0
  38. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2008r2-standard/.vagrant/machines/default/virtualbox/id +1 -0
  39. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2008r2-standard/.vagrant/machines/default/virtualbox/index_uuid +1 -0
  40. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2008r2-standard/.vagrant/machines/default/virtualbox/synced_folders +1 -0
  41. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2008r2-standard/Vagrantfile +7 -0
  42. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2012r2-standard/.vagrant/machines/default/virtualbox/action_set_name +1 -0
  43. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2012r2-standard/.vagrant/machines/default/virtualbox/creator_uid +1 -0
  44. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2012r2-standard/.vagrant/machines/default/virtualbox/id +1 -0
  45. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2012r2-standard/.vagrant/machines/default/virtualbox/index_uuid +1 -0
  46. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2012r2-standard/.vagrant/machines/default/virtualbox/synced_folders +1 -0
  47. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chef-windows-server-2012r2-standard/Vagrantfile +8 -0
  48. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/.vagrant/machines/default/virtualbox/action_set_name +1 -0
  49. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/.vagrant/machines/default/virtualbox/creator_uid +1 -0
  50. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/.vagrant/machines/default/virtualbox/id +1 -0
  51. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/.vagrant/machines/default/virtualbox/index_uuid +1 -0
  52. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/.vagrant/machines/default/virtualbox/private_key +27 -0
  53. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/.vagrant/machines/default/virtualbox/synced_folders +1 -0
  54. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-chris-rock-omnios-r151014/Vagrantfile +8 -0
  55. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/.vagrant/machines/default/virtualbox/action_set_name +1 -0
  56. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/.vagrant/machines/default/virtualbox/creator_uid +1 -0
  57. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/.vagrant/machines/default/virtualbox/id +1 -0
  58. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/.vagrant/machines/default/virtualbox/index_uuid +1 -0
  59. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/.vagrant/machines/default/virtualbox/private_key +27 -0
  60. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-debian-81/.vagrant/machines/default/virtualbox/synced_folders +1 -0
  61. data/test/integration/.kitchen/kitchen-vagrant/{kitchen-integration-default-fedora-22 → kitchen-integration-default-debian-81}/Vagrantfile +3 -3
  62. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-omniti-omnios-r151014/.vagrant/machines/default/virtualbox/action_set_name +1 -0
  63. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-omniti-omnios-r151014/.vagrant/machines/default/virtualbox/creator_uid +1 -0
  64. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-omniti-omnios-r151014/.vagrant/machines/default/virtualbox/id +1 -0
  65. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-omniti-omnios-r151014/.vagrant/machines/default/virtualbox/index_uuid +1 -0
  66. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-omniti-omnios-r151014/.vagrant/machines/default/virtualbox/private_key +27 -0
  67. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-omniti-omnios-r151014/Vagrantfile +8 -0
  68. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1204/.vagrant/machines/default/virtualbox/action_set_name +1 -1
  69. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1204/.vagrant/machines/default/virtualbox/id +1 -1
  70. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1204/.vagrant/machines/default/virtualbox/index_uuid +1 -1
  71. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1204/.vagrant/machines/default/virtualbox/private_key +25 -25
  72. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1404/.vagrant/machines/default/virtualbox/action_set_name +1 -1
  73. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1404/.vagrant/machines/default/virtualbox/id +1 -1
  74. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1404/.vagrant/machines/default/virtualbox/index_uuid +1 -1
  75. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-ubuntu-1404/.vagrant/machines/default/virtualbox/private_key +25 -25
  76. data/test/integration/.kitchen/logs/default-aws-linux.log +3 -0
  77. data/test/integration/.kitchen/logs/default-centos-511-i386.log +0 -2
  78. data/test/integration/.kitchen/logs/default-centos-511.log +0 -2
  79. data/test/integration/.kitchen/logs/default-centos-67-i386.log +0 -2
  80. data/test/integration/.kitchen/logs/default-centos-67.log +0 -2
  81. data/test/integration/.kitchen/logs/default-centos-7.log +3 -0
  82. data/test/integration/.kitchen/logs/default-centos-71.log +0 -2
  83. data/test/integration/.kitchen/logs/default-chef-solaris-1011.log +0 -0
  84. data/test/integration/.kitchen/logs/default-chef-windows-server-2008r2-standard.log +0 -0
  85. data/test/integration/.kitchen/logs/default-chef-windows-server-2012r2-standard.log +0 -0
  86. data/test/integration/.kitchen/logs/default-chris-rock-omnios-r151014.log +23 -0
  87. data/test/integration/.kitchen/logs/default-debian-6010-i386.log +0 -2
  88. data/test/integration/.kitchen/logs/default-debian-6010.log +0 -2
  89. data/test/integration/.kitchen/logs/default-debian-78-i386.log +0 -2
  90. data/test/integration/.kitchen/logs/default-debian-78.log +0 -2
  91. data/test/integration/.kitchen/logs/default-debian-8.log +3 -0
  92. data/test/integration/.kitchen/logs/default-debian-81-i386.log +0 -2
  93. data/test/integration/.kitchen/logs/default-debian-81.log +240 -2
  94. data/test/integration/.kitchen/logs/default-dusank-oi-server.log +0 -0
  95. data/test/integration/.kitchen/logs/default-fedora-21-i386.log +0 -2
  96. data/test/integration/.kitchen/logs/default-fedora-21.log +0 -2
  97. data/test/integration/.kitchen/logs/default-fedora-22.log +3 -0
  98. data/test/integration/.kitchen/logs/default-freebsd-102.log +0 -2
  99. data/test/integration/.kitchen/logs/default-freebsd-93.log +0 -2
  100. data/test/integration/.kitchen/logs/default-livinginthepast-smartos-base64.log +0 -0
  101. data/test/integration/.kitchen/logs/default-mint-172-cinnamon.log +0 -2
  102. data/test/integration/.kitchen/logs/default-omniti-omnios-r151014.log +0 -0
  103. data/test/integration/.kitchen/logs/default-opensuse-132-i386.log +0 -2
  104. data/test/integration/.kitchen/logs/default-opensuse-132-x86-64.log +0 -2
  105. data/test/integration/.kitchen/logs/default-redhat-65.log +3 -0
  106. data/test/integration/.kitchen/logs/default-redhat-71.log +3 -0
  107. data/test/integration/.kitchen/logs/default-suse-11sp3.log +3 -0
  108. data/test/integration/.kitchen/logs/default-suse-12.log +3 -0
  109. data/test/integration/.kitchen/logs/default-ubuntu-1004-i386.log +0 -2
  110. data/test/integration/.kitchen/logs/default-ubuntu-1004.log +0 -2
  111. data/test/integration/.kitchen/logs/default-ubuntu-1204-i386.log +0 -2
  112. data/test/integration/.kitchen/logs/default-ubuntu-1204.log +3 -0
  113. data/test/integration/.kitchen/logs/default-ubuntu-1404-i386.log +0 -2
  114. data/test/integration/.kitchen/logs/default-ubuntu-1404.log +3 -0
  115. data/test/integration/.kitchen/logs/default-ubuntu-1510.log +3 -0
  116. data/test/integration/.kitchen/logs/default-windows-2012r2.log +2 -41
  117. data/test/integration/.kitchen/logs/default-winrm.log +0 -0
  118. data/test/integration/.kitchen/logs/kitchen.log +14 -0
  119. data/test/integration/bootstrap.sh +3 -0
  120. data/test/integration/cookbooks/os_prepare/recipes/file.rb +2 -0
  121. data/test/integration/cookbooks/os_prepare/recipes/json_yaml_csv_ini.rb +2 -0
  122. data/test/integration/cookbooks/os_prepare/recipes/mount.rb +24 -20
  123. data/test/integration/cookbooks/os_prepare/templates/default/sv-default-svlog-run.erb +1 -2
  124. data/test/integration/test/integration/default/_debug_spec.rb +1 -1
  125. data/test/integration/test/integration/default/compare_matcher_spec.rb +15 -13
  126. data/test/integration/test/integration/default/etc_group_spec.rb +9 -8
  127. data/test/integration/test/integration/default/file_spec.rb +14 -4
  128. data/test/integration/test/integration/default/group_spec.rb +17 -7
  129. data/test/integration/test/integration/default/mount_spec.rb +9 -7
  130. data/test/integration/test/integration/default/package_spec.rb +16 -0
  131. data/test/integration/test/integration/default/port_spec.rb +8 -2
  132. data/test/integration/test/integration/default/service_spec.rb +4 -1
  133. data/test/integration/test/integration/default/user_spec.rb +37 -14
  134. data/test/unit/mock/cmd/pkg-info-system-file-system-zfs +8 -0
  135. data/test/unit/mock/cmd/pkginfo-l-SUNWzfsr +7 -0
  136. data/test/unit/mock/cmd/s11-netstat-an-finet-finet6 +32 -0
  137. data/test/unit/resources/file_test.rb +1 -0
  138. data/test/unit/resources/package_test.rb +18 -0
  139. data/test/unit/resources/port_test.rb +10 -0
  140. data/test/unit/utils/passwd_parser_test.rb +2 -0
  141. data/test/unit/utils/solaris_netstat_parser.rb +124 -0
  142. metadata +127 -42
  143. data/lib/extras/compliance/README.md +0 -15
  144. data/lib/extras/compliance/compliance.rb +0 -245
  145. data/test/integration/.kitchen/default-aws-linux.yml +0 -4
  146. data/test/integration/.kitchen/default-centos-7.yml +0 -4
  147. data/test/integration/.kitchen/default-debian-8.yml +0 -4
  148. data/test/integration/.kitchen/default-fedora-22.yml +0 -4
  149. data/test/integration/.kitchen/default-redhat-65.yml +0 -4
  150. data/test/integration/.kitchen/default-redhat-71.yml +0 -4
  151. data/test/integration/.kitchen/default-suse-11sp3.yml +0 -4
  152. data/test/integration/.kitchen/default-suse-12.yml +0 -4
  153. data/test/integration/.kitchen/default-ubuntu-1204.yml +0 -3
  154. data/test/integration/.kitchen/default-ubuntu-1404.yml +0 -4
  155. data/test/integration/.kitchen/default-windows-2012r2.yml +0 -2
  156. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-fedora-22/.vagrant/machines/default/virtualbox/action_set_name +0 -1
  157. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-fedora-22/.vagrant/machines/default/virtualbox/id +0 -1
  158. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-fedora-22/.vagrant/machines/default/virtualbox/index_uuid +0 -1
  159. data/test/integration/.kitchen/kitchen-vagrant/kitchen-integration-default-fedora-22/.vagrant/machines/default/virtualbox/private_key +0 -27
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b17924e97ef5192aed108798a10ef8b52d7c0538
4
- data.tar.gz: 8c5ceda400de6c4eccd79d357219787f001e5b7d
3
+ metadata.gz: e40124a353cedb38fd6e7001427ff08a9c59b37d
4
+ data.tar.gz: c33891f1b7231567094c9dc6d591ec6dd25d503a
5
5
  SHA512:
6
- metadata.gz: c76421ff13a91f6dded0fbf9ab4fda7f2d9a49b4eef102857d8c9e37b49c22d2536d2dc5810edf10f4e554d256e98ed6255ba01bbe244571a3902c3575d73b04
7
- data.tar.gz: 55b9fbd3e7219024401e032a2a8fe3e63b407ae5e6eadb19e7b8d7684d265678dcbce1d4c7a51f72a536fa371dad72da4de2b6c2a9c5b686606abcd8d1392297
6
+ metadata.gz: 8d939386ab50b105518ff5ea8e7cfa9a8f7b8694a7db1c826afeb4ab647557449a28feb7d0538d6d7a119a9e5ee5a887cc4ff36956e10390a9fbeeea5eb0b071
7
+ data.tar.gz: 376392d507ea741960e619ebaaf704d775ca58f107702ffbe3f7f4742643bbeba6593245fd9fe4af7bebc462e4eced66713a2976341c2bd59a7a4ebc33878fe6
@@ -1,7 +1,26 @@
1
1
  # Change Log
2
2
 
3
- ## [0.9.10](https://github.com/chef/inspec/tree/0.9.10) (2016-01-25)
4
- [Full Changelog](https://github.com/chef/inspec/compare/v0.9.9...0.9.10)
3
+ ## [0.9.11](https://github.com/chef/inspec/tree/0.9.11) (2016-01-29)
4
+ [Full Changelog](https://github.com/chef/inspec/compare/v0.9.10...0.9.11)
5
+
6
+ **Implemented enhancements:**
7
+
8
+ - ec2 integration test [\#399](https://github.com/chef/inspec/pull/399) ([chris-rock](https://github.com/chris-rock))
9
+ - add winrm transport to Gemfile for test-kitchen [\#396](https://github.com/chef/inspec/pull/396) ([chris-rock](https://github.com/chris-rock))
10
+ - Solaris Support [\#395](https://github.com/chef/inspec/pull/395) ([chris-rock](https://github.com/chris-rock))
11
+
12
+ **Fixed bugs:**
13
+
14
+ - Logging in profile processing [\#349](https://github.com/chef/inspec/issues/349)
15
+ - runit\_service: fix resource, improve integration tests [\#401](https://github.com/chef/inspec/pull/401) ([srenatus](https://github.com/srenatus))
16
+ - basic logging setup for `inspec exec` [\#392](https://github.com/chef/inspec/pull/392) ([srenatus](https://github.com/srenatus))
17
+
18
+ **Merged pull requests:**
19
+
20
+ - Readme fixes [\#390](https://github.com/chef/inspec/pull/390) ([jzohrab](https://github.com/jzohrab))
21
+
22
+ ## [v0.9.10](https://github.com/chef/inspec/tree/v0.9.10) (2016-01-25)
23
+ [Full Changelog](https://github.com/chef/inspec/compare/v0.9.9...v0.9.10)
5
24
 
6
25
  **Implemented enhancements:**
7
26
 
@@ -29,6 +48,7 @@
29
48
 
30
49
  **Merged pull requests:**
31
50
 
51
+ - 0.9.10 [\#391](https://github.com/chef/inspec/pull/391) ([chris-rock](https://github.com/chris-rock))
32
52
  - Enable appveyor for unit tests on Windows [\#361](https://github.com/chef/inspec/pull/361) ([chris-rock](https://github.com/chris-rock))
33
53
 
34
54
  ## [v0.9.9](https://github.com/chef/inspec/tree/v0.9.9) (2016-01-16)
data/Gemfile CHANGED
@@ -16,6 +16,7 @@ group :integration do
16
16
  gem 'test-kitchen'
17
17
  gem 'kitchen-vagrant'
18
18
  gem 'kitchen-inspec'
19
+ gem 'winrm-transport', '~> 1.0'
19
20
  gem 'kitchen-ec2'
20
21
  end
21
22
 
data/README.md CHANGED
@@ -230,7 +230,8 @@ bundle exec kitchen test
230
230
  ```bash
231
231
  export AWS_ACCESS_KEY_ID=enteryouryourkey
232
232
  export AWS_SECRET_ACCESS_KEY=enteryoursecreykey
233
- export AWS_SSH_KEY_ID=enteryoursshkeyid
233
+ export AWS_KEYPAIR_NAME=enteryoursshkeyid
234
+ export EC2_SSH_KEY_PATH=~/.ssh/id_aws.pem
234
235
  cd test/integration
235
236
  KITCHEN_LOCAL_YAML=.kitchen.ec2.yml bundle exec kitchen test
236
237
  ```
data/bin/inspec CHANGED
@@ -107,7 +107,10 @@ class InspecCLI < Thor # rubocop:disable Metrics/ClassLength
107
107
  def exec(*tests)
108
108
  diagnose
109
109
 
110
- runner = Inspec::Runner.new(opts)
110
+ o = opts.dup
111
+ o[:logger] = Logger.new(opts['format'] == 'json' ? nil : STDOUT)
112
+
113
+ runner = Inspec::Runner.new(o)
111
114
  runner.add_tests(tests)
112
115
  exit runner.run
113
116
  rescue RuntimeError => e
@@ -60,7 +60,7 @@ The following example shows a full resource using attributes and methods to prov
60
60
  '
61
61
 
62
62
  # Load the configuration file on initialization
63
- def initialiaze(path = nil)
63
+ def initialize(path = nil)
64
64
  @path = path || '/etc/gordon.conf'
65
65
  @params = SimpleConfig.new( read_content )
66
66
  end
@@ -87,4 +87,4 @@ The following example shows a full resource using attributes and methods to prov
87
87
 
88
88
  For a full example, see our `example resource`_.
89
89
 
90
- .. _example resource: ../examples/profile
90
+ .. _example resource: ../examples/profile/libraries/gordon_config.rb
@@ -91,9 +91,11 @@ This list can contain simple names, names and versions, or detailed flags for th
91
91
  InSpec profile verification
92
92
  -----------------------------------------------------
93
93
 
94
- InSpec ships with a verification command that verifies the implementation of a profile
94
+ InSpec ships with a verification command that verifies the implementation of a profile:
95
95
 
96
- $ inspec check examples/profile
96
+ .. code-block:: bash
97
+
98
+ $ inspec check examples/profile
97
99
 
98
100
 
99
101
  InSpec profile archive
@@ -144,7 +146,7 @@ The `include_controls` keyword allows you to import all rules from an existing p
144
146
 
145
147
  **Inherit from a profile, but skip some rules**
146
148
 
147
- Sometimes, not all requirements can be fullfiled for a legacy application. To manage the derivation, you can skip certain controls with `skip_control`.
149
+ Sometimes, not all requirements can be fulfilled for a legacy application. To manage the derivation, you can skip certain controls with `skip_control`.
148
150
 
149
151
  .. code-block:: bash
150
152
 
@@ -1,6 +1,6 @@
1
1
  # Example InSpec Profile
2
2
 
3
- This example shows the implementation of a InSpec profile.
3
+ This example shows the implementation of an InSpec [profile](../../docs/profiles.rst).
4
4
 
5
5
  ## Verify a profile
6
6
 
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
24
24
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
25
25
  spec.require_paths = ['lib']
26
26
 
27
- spec.add_dependency 'r-train', '~> 0.9', '>= 0.9.3'
27
+ spec.add_dependency 'r-train', '~> 0.9', '>= 0.9.6'
28
28
  spec.add_dependency 'thor', '~> 0.19'
29
29
  spec.add_dependency 'json', '~> 1.8'
30
30
  spec.add_dependency 'rainbow', '~> 2'
@@ -3,5 +3,5 @@
3
3
  # author: Christoph Hartmann
4
4
 
5
5
  module Inspec
6
- VERSION = '0.9.10'.freeze
6
+ VERSION = '0.9.11'.freeze
7
7
  end
@@ -45,7 +45,7 @@ class EtcGroup < Inspec.resource(1)
45
45
 
46
46
  # skip resource if it is not supported on current OS
47
47
  return skip_resource 'The `etc_group` resource is not supported on your OS.' \
48
- unless %w{ubuntu debian redhat fedora centos arch darwin freebsd wrlinux aix}.include?(inspec.os[:family])
48
+ unless inspec.os.unix?
49
49
  end
50
50
 
51
51
  def groups(filter = nil)
@@ -110,7 +110,7 @@ module Inspec::Resources
110
110
  def check_file_permission_by_user(user, flag)
111
111
  if linux?
112
112
  perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}"
113
- elsif family == 'freebsd'
113
+ elsif family == 'freebsd' || solaris?
114
114
  perm_cmd = "sudo -u #{user} test -#{flag} #{path}"
115
115
  elsif family == 'aix'
116
116
  perm_cmd = "su #{user} -c test -#{flag} #{path}"
@@ -140,6 +140,10 @@ module Inspec::Resources
140
140
  inspec.os.linux?
141
141
  end
142
142
 
143
+ def solaris?
144
+ inspec.os.solaris?
145
+ end
146
+
143
147
  def family
144
148
  inspec.os[:family]
145
149
  end
@@ -18,26 +18,28 @@ class Package < Inspec.resource(1)
18
18
  end
19
19
  "
20
20
 
21
- def initialize(package_name = nil)
21
+ def initialize(package_name = nil) # rubocop:disable Metrics/AbcSize
22
22
  @package_name = package_name
23
23
  @name = @package_name
24
24
  @cache = nil
25
-
26
25
  # select package manager
27
26
  @pkgman = nil
28
- case inspec.os[:family]
29
- when 'ubuntu', 'debian'
27
+
28
+ os = inspec.os
29
+ if os.debian?
30
30
  @pkgman = Deb.new(inspec)
31
- when 'redhat', 'fedora', 'centos', 'opensuse', 'wrlinux'
31
+ elsif os.redhat? || os.suse?
32
32
  @pkgman = Rpm.new(inspec)
33
- when 'arch'
33
+ elsif ['arch'].include?(os[:family])
34
34
  @pkgman = Pacman.new(inspec)
35
- when 'darwin'
35
+ elsif ['darwin'].include?(os[:family])
36
36
  @pkgman = Brew.new(inspec)
37
- when 'windows'
37
+ elsif inspec.os.windows?
38
38
  @pkgman = WindowsPkg.new(inspec)
39
- when 'aix'
39
+ elsif ['aix'].include?(os[:family])
40
40
  @pkgman = BffPkg.new(inspec)
41
+ elsif os.solaris?
42
+ @pkgman = SolarisPkg.new(inspec)
41
43
  else
42
44
  return skip_resource 'The `package` resource is not supported on your OS yet.'
43
45
  end
@@ -204,3 +206,55 @@ class BffPkg < PkgManagement
204
206
  }
205
207
  end
206
208
  end
209
+
210
+ # Solaris
211
+ class SolarisPkg < PkgManagement
212
+ def info(package_name)
213
+ if inspec.os[:release].to_i <= 10
214
+ solaris10_info(package_name)
215
+ else
216
+ solaris11_info(package_name)
217
+ end
218
+ end
219
+
220
+ # solaris 10
221
+ def solaris10_info(package_name)
222
+ cmd = inspec.command("pkginfo -l #{package_name}")
223
+ return nil if cmd.exit_status.to_i != 0
224
+
225
+ params = SimpleConfig.new(
226
+ cmd.stdout.chomp,
227
+ assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
228
+ multiple_values: false,
229
+ ).params
230
+
231
+ # parse 11.10.0,REV=2006.05.18.01.46
232
+ v = params['VERSION'].split(',')
233
+ {
234
+ name: params['PKGINST'],
235
+ installed: true,
236
+ version: v[0] + '-' + v[1].split('=')[1],
237
+ type: 'pkg',
238
+ }
239
+ end
240
+
241
+ # solaris 11
242
+ def solaris11_info(package_name)
243
+ cmd = inspec.command("pkg info #{package_name}")
244
+ return nil if cmd.exit_status.to_i != 0
245
+
246
+ params = SimpleConfig.new(
247
+ cmd.stdout.chomp,
248
+ assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
249
+ multiple_values: false,
250
+ ).params
251
+
252
+ {
253
+ name: params['Name'],
254
+ installed: true,
255
+ # 0.5.11-0.175.3.1.0.5.0
256
+ version: "#{params['Version']}-#{params['Branch']}",
257
+ type: 'pkg',
258
+ }
259
+ end
260
+ end
@@ -2,6 +2,8 @@
2
2
  # author: Christoph Hartmann
3
3
  # author: Dominik Richter
4
4
 
5
+ require 'utils/parser'
6
+
5
7
  # Usage:
6
8
  # describe port(80) do
7
9
  # it { should be_listening }
@@ -30,19 +32,20 @@ class Port < Inspec.resource(1)
30
32
  @port = port
31
33
  @port_manager = nil
32
34
  @cache = nil
33
-
34
- case inspec.os[:family]
35
- when 'ubuntu', 'debian', 'redhat', 'fedora', 'centos', 'arch', 'wrlinux'
35
+ os = inspec.os
36
+ if os.linux?
36
37
  @port_manager = LinuxPorts.new(inspec)
37
- when 'darwin', 'aix'
38
+ elsif %w{darwin aix}.include?(os[:family])
38
39
  # AIX: see http://www.ibm.com/developerworks/aix/library/au-lsof.html#resources
39
40
  # and https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp
40
41
  # Darwin: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/lsof.8.html
41
42
  @port_manager = LsofPorts.new(inspec)
42
- when 'windows'
43
+ elsif os.windows?
43
44
  @port_manager = WindowsPorts.new(inspec)
44
- when 'freebsd'
45
+ elsif ['freebsd'].include?(os[:family])
45
46
  @port_manager = FreeBsdPorts.new(inspec)
47
+ elsif os.solaris?
48
+ @port_manager = SolarisPorts.new(inspec)
46
49
  else
47
50
  return skip_resource 'The `port` resource is not supported on your OS yet.'
48
51
  end
@@ -332,7 +335,7 @@ class FreeBsdPorts < PortsInfo
332
335
 
333
336
  def parse_net_address(net_addr, protocol)
334
337
  case protocol
335
- when 'tcp4', 'udp4'
338
+ when 'tcp4', 'udp4', 'tcp', 'udp'
336
339
  # replace * with 0.0.0.0
337
340
  net_addr = net_addr.gsub(/^\*:/, '0.0.0.0:') if net_addr =~ /^*:(\d+)$/
338
341
  ip_addr = URI('addr://'+net_addr)
@@ -387,3 +390,40 @@ class FreeBsdPorts < PortsInfo
387
390
  }
388
391
  end
389
392
  end
393
+
394
+ class SolarisPorts < FreeBsdPorts
395
+ include SolarisNetstatParser
396
+
397
+ def info
398
+ # extract all port info
399
+ cmd = inspec.command('netstat -an -f inet -f inet6')
400
+ return nil if cmd.exit_status.to_i != 0
401
+
402
+ # parse the content
403
+ netstat_ports = parse_netstat(cmd.stdout)
404
+
405
+ # filter all ports, where we listen
406
+ listen = netstat_ports.select { |val|
407
+ !val['state'].nil? && 'listen'.casecmp(val['state']) == 0
408
+ }
409
+
410
+ # map the data
411
+ ports = listen.map { |val|
412
+ protocol = val['protocol']
413
+ local_addr = val['local-address']
414
+
415
+ # solaris uses 127.0.0.1.57455 instead 127.0.0.1:57455, lets convert the
416
+ # the last . to :
417
+ local_addr[local_addr.rindex('.')] = ':'
418
+ host, port = parse_net_address(local_addr, protocol)
419
+ {
420
+ port: port,
421
+ address: host,
422
+ protocol: protocol,
423
+ process: nil, # we do not have pid on solaris
424
+ pid: nil, # we do not have pid on solaris
425
+ }
426
+ }
427
+ ports
428
+ end
429
+ end
@@ -44,9 +44,9 @@ class Service < Inspec.resource(1)
44
44
  end
45
45
 
46
46
  def select_service_mgmt # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
47
- family = inspec.os[:family]
47
+ os = inspec.os
48
+ family = os[:family]
48
49
 
49
- case family
50
50
  # Ubuntu
51
51
  # @see: https://wiki.ubuntu.com/SystemdForUpstartUsers
52
52
  # Ubuntu 15.04 : Systemd
@@ -55,39 +55,41 @@ class Service < Inspec.resource(1)
55
55
  # Ubuntu < 15.04 : Upstart
56
56
  # Upstart runs with PID 1 as /sbin/init.
57
57
  # Systemd runs with PID 1 as /lib/systemd/systemd.
58
- when 'ubuntu'
58
+ if %w{ubuntu}.include?(family)
59
59
  version = inspec.os[:release].to_f
60
60
  if version < 15.04
61
61
  Upstart.new(inspec, service_ctl)
62
62
  else
63
63
  Systemd.new(inspec, service_ctl)
64
64
  end
65
- when 'debian'
65
+ elsif %w{debian}.include?(family)
66
66
  version = inspec.os[:release].to_i
67
67
  if version > 7
68
68
  Systemd.new(inspec, service_ctl)
69
69
  else
70
70
  SysV.new(inspec, service_ctl || '/usr/sbin/service')
71
71
  end
72
- when 'redhat', 'fedora', 'centos'
72
+ elsif %w{redhat fedora centos}.include?(family)
73
73
  version = inspec.os[:release].to_i
74
74
  if (%w{ redhat centos }.include?(family) && version >= 7) || (family == 'fedora' && version >= 15)
75
75
  Systemd.new(inspec, service_ctl)
76
76
  else
77
77
  SysV.new(inspec, service_ctl || '/sbin/service')
78
78
  end
79
- when 'wrlinux'
79
+ elsif %w{wrlinux}.include?(family)
80
80
  SysV.new(inspec, service_ctl)
81
- when 'darwin'
81
+ elsif %w{darwin}.include?(family)
82
82
  LaunchCtl.new(inspec, service_ctl)
83
- when 'windows'
83
+ elsif os.windows?
84
84
  WindowsSrv.new(inspec)
85
- when 'freebsd'
85
+ elsif %w{freebsd}.include?(family)
86
86
  BSDInit.new(inspec, service_ctl)
87
- when 'arch', 'opensuse'
87
+ elsif %w{arch opensuse}.include?(family)
88
88
  Systemd.new(inspec, service_ctl)
89
- when 'aix'
89
+ elsif %w{aix}.include?(family)
90
90
  SrcMstr.new(inspec)
91
+ elsif os.solaris?
92
+ Svcs.new(inspec)
91
93
  end
92
94
  end
93
95
 
@@ -185,6 +187,8 @@ class SrcMstr < ServiceManager
185
187
  }
186
188
  end
187
189
 
190
+ private
191
+
188
192
  def status?
189
193
  status_cmd = inspec.command("lssrc -s #{@name}")
190
194
  return nil if status_cmd.exit_status.to_i != 0
@@ -195,8 +199,6 @@ class SrcMstr < ServiceManager
195
199
  enabled_rc_tcpip? || enabled_inittab?
196
200
  end
197
201
 
198
- private
199
-
200
202
  # #rubocop:disable Style/TrailingComma
201
203
  def enabled_rc_tcpip?
202
204
  inspec.command(
@@ -349,14 +351,15 @@ class Runit < ServiceManager
349
351
  super
350
352
  end
351
353
 
354
+ # rubocop:disable Style/DoubleNegation
352
355
  def info(service_name)
353
356
  # get the status of runit service
354
357
  cmd = inspec.command("#{service_ctl} status #{service_name}")
355
358
  # return nil unless cmd.exit_status == 0 # NOTE(sr) why do we do this?
356
359
 
357
360
  installed = cmd.exit_status == 0
358
- running = installed && (cmd.stdout =~ /^run:/)
359
- enabled = installed && (running || (cmd.stdout =~ /normally up/) || (cmd.stdout =~ /want up/))
361
+ running = installed && !!(cmd.stdout =~ /^run:/)
362
+ enabled = installed && (running || !!(cmd.stdout =~ /normally up/) || !!(cmd.stdout =~ /want up/))
360
363
 
361
364
  {
362
365
  name: service_name,
@@ -480,6 +483,41 @@ class WindowsSrv < ServiceManager
480
483
  end
481
484
  end
482
485
 
486
+ # Solaris services
487
+ class Svcs < ServiceManager
488
+ def initialize(service_name, service_ctl = nil)
489
+ @service_ctl ||= 'svcs'
490
+ super
491
+ end
492
+
493
+ def info(service_name)
494
+ # get the status of runit service
495
+ cmd = inspec.command("#{service_ctl} -l #{service_name}")
496
+ return nil if cmd.exit_status != 0
497
+
498
+ params = SimpleConfig.new(
499
+ cmd.stdout.chomp,
500
+ assignment_re: /^(\w+)\s*(.*)$/,
501
+ multiple_values: false,
502
+ ).params
503
+
504
+ installed = cmd.exit_status == 0
505
+ running = installed && (params['state'] == 'online')
506
+ enabled = installed && (params['enabled'] == 'true')
507
+
508
+ {
509
+ name: service_name,
510
+ description: params['name'],
511
+ installed: installed,
512
+ running: running,
513
+ enabled: enabled,
514
+ type: 'svcs',
515
+ }
516
+ end
517
+ end
518
+
519
+ # specific resources for specific service managers
520
+
483
521
  class SystemdService < Service
484
522
  name 'systemd_service'
485
523
  desc 'Use the systemd_service InSpec audit resource to test if the named service (controlled by systemd) is installed, running and/or enabled.'