inspec 1.36.1 → 1.37.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1e657ef01d81b9cfa453584a6b27a56219faab15
-  data.tar.gz: ec4faacc317379e4dbd095fc45c1a58f76eb7cd5
+  metadata.gz: 2deb0a13ed78e24b3fdc0b02b85e08934ed94498
+  data.tar.gz: cc043ff4dbcc869b811e5a1cddfc982c3d167e96
 SHA512:
-  metadata.gz: 1e21aed7d8cce4934e220299434dfc0af90e9bbda871f6026c4db94e61e7d94509bf048cd2961d2127149b34d6ba928e435d9cedb07fd677a73132479a7b9a7e
-  data.tar.gz: cda173a2a0071274fc294dbff1cd69d0ffae1b7bd2b4baa16eac8758609ba31c7ccc5f534f6746da38b523ed51ead932af9444f120a30673a9167f6d41cb33b6
+  metadata.gz: 2b24779c8fed6870015055c52b2aa2a0eac19b2adeb0324a322125c6fb77bee0f9a432d75825cf8c3f1e6672af8ca90392c96590a9e4351724b5fce446849442
+  data.tar.gz: 316851c81278ba142874d01b3ab76ed2b8bc4005c5edd5f3c5a41d0756f010fabcfc612dd52ba2d1060aa6a5cd8af53f0d8773d9c0c3270bf3d01ff35bd320a6

data/CHANGELOG.md

@@ -1,25 +1,43 @@
 # Change Log
+<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
+<!-- latest_release 1.37.6 -->
+## [v1.37.6](https://github.com/chef/inspec/tree/v1.37.6) (2017-09-14)
 
-<!-- latest_release 1.35.5 -->
-## [v1.35.5](https://github.com/chef/inspec/tree/v1.35.5) (2017-09-06)
-
-#### Enhancements
-- add nginx_conf accessors for http, servers, and locations [#2119](https://github.com/chef/inspec/pull/2119) ([arlimus](https://github.com/arlimus))
+#### Merged Pull Requests
+- Bump Ruby to 2.3.5 [#2149](https://github.com/chef/inspec/pull/2149) ([adamleff](https://github.com/adamleff))
 <!-- latest_release -->
 
-<!-- release_rollup since=1.35.1 -->
-### Changes since 1.35.1 release
+<!-- release_rollup since=1.36.1 -->
+### Changes since 1.36.1 release
 
-#### Bug Fixes
-- Fix alternate path profile chaining [#2121](https://github.com/chef/inspec/pull/2121) ([trevor-vaughan](https://github.com/trevor-vaughan)) <!-- 1.35.4 -->
-- Modify linux regular expression to handle process names with spaces [#2117](https://github.com/chef/inspec/pull/2117) ([ChadScott](https://github.com/ChadScott)) <!-- 1.35.3 -->
+#### Merged Pull Requests
+- Bump Ruby to 2.3.5 [#2149](https://github.com/chef/inspec/pull/2149) ([adamleff](https://github.com/adamleff)) <!-- 1.37.6 -->
 
 #### Enhancements
-- add nginx_conf accessors for http, servers, and locations [#2119](https://github.com/chef/inspec/pull/2119) ([arlimus](https://github.com/arlimus)) <!-- 1.35.5 -->
-- File Resource: add be_setgid, be_setuid, be_sticky matchers [#2104](https://github.com/chef/inspec/pull/2104) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 1.35.2 -->
+- Show versions for inspec compliance profiles [#2143](https://github.com/chef/inspec/pull/2143) ([alexpop](https://github.com/alexpop)) <!-- 1.37.5 -->
+- Support profile versions for automate profiles storage [#2128](https://github.com/chef/inspec/pull/2128) ([alexpop](https://github.com/alexpop)) <!-- 1.37.4 -->
+
+#### Bug Fixes
+- package resource: assume a default Homebrew path [#2140](https://github.com/chef/inspec/pull/2140) ([adamleff](https://github.com/adamleff)) <!-- 1.37.3 -->
+- Ignore linked container names when parsing docker containers [#2134](https://github.com/chef/inspec/pull/2134) ([adamleff](https://github.com/adamleff)) <!-- 1.37.2 -->
+
+#### New Resources
+- nginx resource: audit the nginx binary and how it was compiled [#1958](https://github.com/chef/inspec/pull/1958) ([rx294](https://github.com/rx294)) <!-- 1.37.1 -->
+- etc_fstab resource: test contents of the /etc/fstab file [#2064](https://github.com/chef/inspec/pull/2064) ([dromazmj](https://github.com/dromazmj)) <!-- 1.37.0 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->
+## [v1.36.1](https://github.com/chef/inspec/tree/v1.36.1) (2017-09-07)
+
+#### Enhancements
+- File Resource: add be_setgid, be_setuid, be_sticky matchers [#2104](https://github.com/chef/inspec/pull/2104) ([clintoncwolfe](https://github.com/clintoncwolfe))
+- add nginx_conf accessors for http, servers, and locations [#2119](https://github.com/chef/inspec/pull/2119) ([arlimus](https://github.com/arlimus))
+
+#### Bug Fixes
+- Modify linux regular expression to handle process names with spaces [#2117](https://github.com/chef/inspec/pull/2117) ([ChadScott](https://github.com/ChadScott))
+- Fix alternate path profile chaining [#2121](https://github.com/chef/inspec/pull/2121) ([trevor-vaughan](https://github.com/trevor-vaughan))
+<!-- latest_stable_release -->
+
 ## [v1.35.1](https://github.com/chef/inspec/tree/v1.35.1) (2017-08-31)
 
 #### New Resources
@@ -38,7 +56,6 @@
 
 #### Merged Pull Requests
 - Add sensitive flag to resources to restrict logging output [#2017](https://github.com/chef/inspec/pull/2017) ([arothian](https://github.com/arothian))
-<!-- latest_stable_release -->
 
 ## [v1.34.1](https://github.com/chef/inspec/tree/v1.34.1) (2017-08-24)
 

data/docs/resources/etc_fstab.md.erb

@@ -0,0 +1,117 @@
+---
+title: About the etc_fstab Resource
+---
+
+# etc_fstab
+
+Use the `etc_fstab` InSpec audit resource to test information about all partitions and storage devices on a system.
+## Syntax
+
+An etc_fstab rule specifies a device name, its mount point, its mount type, the options its mounted with,
+its dump options, and the order the files system should be checked.
+
+## Syntax
+
+Use the where clause to match a property to one or more rules in the fstab file.
+
+    describe etc_fstab.where { device_name == 'value' } do
+      its('mount_point') { should cmp 'hostname' }
+      its('file_system_type') { should cmp 'list' }
+      its('mount_options') { should cmp 'list' }
+      its('dump_options') { should cmp 'list' }
+      its('file_system_options') { should cmp 'list' }
+    end
+
+Use the optional constructor parameter to give an alternative path to fstab file
+
+    describe etc_fstab(hosts_path).where { device_name == 'value' } do
+      its('mount_point') { should cmp 'hostname' }
+      its('file_system_type') { should cmp 'list' }
+      its('mount_options') { should cmp 'list' }
+      its('dump_options') { should cmp 'list' }
+      its('file_system_options') { should cmp 'list ' }
+    end
+
+where
+
+* `device_name` is the name associated with the device.
+* `mount_point` is the directory at which the filesystem is configured to be mounted.
+* `file_system_type` is the type of file system of the device or partition.
+* `mount_options` is the options for the device or partition.
+* `dump_options` is a number used by dump to decide if a file system should be backed up.
+* `file_system_options` is a number that specifies the order the file system should be checked.
+
+## Property Examples and Return Types
+
+### device_name
+
+`device_name` returns a string array of device names mounted on the system.
+
+    describe etc_fstab.where { mount_point == '/mnt/sr0' } do
+      its('device_name') { should cmp '/dev/sr0' }
+    end
+
+### mount_point
+
+`mount_point` returns a string array of directorys at which filesystems are configured to be mounted.
+
+    describe etc_fstab.where { device_name == '/dev/sr0' } do
+      its('mount_point') { should cmp '/mnt/sr0' }
+    end
+
+### file_system_type
+
+`file_system_type` returns a String array of each partitions file system type.
+
+    describe etc_fstab.where { device_name == '/dev/sr0' } do
+      its('file_system_type') { should cmp 'iso9660' }
+    end
+
+### mount_options
+
+`mount_options` returns a two dimensional array of each partitions mount options.
+
+    describe etc_fstab.where { mount_point == '/' } do
+      its('mount_options') { should eq [['defaults', 'x-systemd.device-timeout=0']] }
+    end
+
+### dump_options
+
+`dump_options` returns a integer array of each partitions dump option.
+
+    describe etc_fstab.where { device_name == '/dev/sr0' } do
+      its('dump_options') { should cmp 0 }
+    end
+
+### file_system_options
+
+`file_system_options` returns a integer array of each partitions file system option.
+
+    describe etc_fstab.where { device_name == '/dev/sr0' } do
+      its('file_system_options') { should cmp 0 }
+    end
+
+## Examples
+
+The following examples show how to use this InSpec resource.
+
+### Check all partitions that have type of 'nfs'.
+
+    nfs_systems = etc_fstab.nfs_file_systems
+    nfs_systems.each do |partition|
+      describe partition do
+        its('mount_options') { should include 'nosuid' }
+      end
+    end
+
+### Check the partition mounted at /home contains 'nosuid' in its mount_options.
+
+    describe etc_fstab do
+      its('home_mount_options') { should include 'nosuid' }
+    end
+
+### Check if a partition is mounted at a point.
+
+    describe etc_fstab.where { mount_point == '/home' } do
+      it { should be_configured }
+    end

data/docs/resources/mysql_conf.md.erb

@@ -14,9 +14,20 @@ A `mysql_conf` resource block declares one (or more) settings in the `my.cnf` fi
       its('setting') { should eq 'value' }
     end
 
+    # Test a parameter set within the [mysqld] section
+    describe mysql_conf do
+      its('mysqld.port') { should cmp 3306 }
+    end
+
+    # Test a parameter set within the [mariadb] section using array notation
+    describe mysql_conf do
+      its(['mariadb', 'max-connections']) { should_not be_nil }
+    end
+
 where
 
 * `'setting'` specifies a setting in the `my.cnf` file, such as `max_connections`
+  * when checking a setting within sections, such as `[mysqld]`, the section name must be included
 * `('path')` is the non-default path to the `my.cnf` file
 * `should eq 'value'` is the value that is expected
 

data/docs/resources/nginx.md.erb

@@ -0,0 +1,72 @@
+---
+title: The Nginx Resource
+---
+
+# nginx
+
+Use the `nginx` InSpec audit resource to test the fields and validity of nginx.
+
+Nginx resource extracts and exposes data reported by the command 'nginx -V'
+
+## Syntax
+
+An `nginx` InSpec audit resource block extracts configuration settings that should be tested:
+
+    describe nginx do
+      its('attribute') { should eq 'value' }
+    end
+
+    describe nginx('path to nginx') do
+      its('attribute') { should eq 'value' }
+    end
+
+where
+
+* `'attribute'` is a configuration parsed from result of the command 'nginx -V'
+* `'value'` is the value that is expected of the attribute
+
+## Supported Properties
+
+* 'compiler_info',  'error_log_path',  'http_client_body_temp_path',  'http_fastcgi_temp_path',  'http_log_path',  'http_proxy_temp_path',  'http_scgi_temp_path',  'http_uwsgi_temp_path',  'lock_path',  'modules', 'modules_path',  'openssl_version',  'prefix',  'sbin_path',  'service',  'support_info',  'version'
+
+## Property Examples and Return Types
+
+### version(String)
+
+`version` returns a string of the version of the running nginx instance
+
+    describe nginx do
+      its('version') { should eq '1.12.0' }
+    end
+
+### modules(String)
+
+`modules` returns a array modules in the running nginx instance
+
+    describe nginx do
+      its('modules') { should include 'my_module' }
+    end
+
+### openssl_version(Hash)
+
+`openssl_version ` returns a hash with 'version' and 'date' as keys
+
+    describe nginx do
+      its('openssl_version.date') { should eq '11 Feb 2013' }
+    end
+
+### compiler_info(Hash)
+
+`compiler_info ` returns a hash with 'compiler' , version' and 'date' as keys
+
+    describe nginx do
+      its('compiler_info.compiler') { should eq 'gcc' }
+    end
+
+### support_info(String)
+
+`support_info ` returns a string containing supported protocols
+
+    describe nginx do
+      its('support_info') { should match /TLS/ }
+    end

data/lib/bundles/inspec-compliance/README.md

@@ -148,6 +148,17 @@ Finished in 0.02862 seconds (files took 0.62628 seconds to load)
 5 examples, 0 failures, 1 pending
 ```
 
+Exec a specific version(2.0.1) of a profile when logged in with Automate:
+
+```
+$ inspec exec compliance://admin/apache-baseline#2.0.1
+```
+
+Download a specific version(2.0.2) of a profile when logged in with Automate:
+```
+$ inspec compliance download compliance://admin/apache-baseline#2.0.2
+```
+
 ### To Logout from Chef Compliance
 
 ```

data/lib/bundles/inspec-compliance/api.rb

@@ -83,9 +83,13 @@ module Compliance
     # verifies that a profile
     def self.exist?(config, profile)
       _msg, profiles = Compliance::API.profiles(config)
+      owner, id, ver = profile_split(profile)
       if !profiles.empty?
-        index = profiles.index { |p| "#{p['owner_id']}/#{p['name']}" == profile }
-        !index.nil? && index >= 0
+        profiles.any? do |p|
+          p['owner_id'] == owner &&
+            p['name'] == id &&
+            (ver.nil? || p['version'] == ver)
+        end
       else
         false
       end
@@ -179,14 +183,21 @@ module Compliance
     end
 
     def self.target_url(config, profile)
-      if is_automate_server?(config)
-        owner, id = profile.split('/')
-        target = "#{config['server']}/profiles/#{owner}/#{id}/tar"
+      owner, id, ver = profile_split(profile)
+
+      return "#{config['server']}/owners/#{owner}/compliance/#{id}/tar" unless is_automate_server?(config)
+
+      if ver.nil?
+        "#{config['server']}/profiles/#{owner}/#{id}/tar"
       else
-        owner, id = profile.split('/')
-        target = "#{config['server']}/owners/#{owner}/compliance/#{id}/tar"
+        "#{config['server']}/profiles/#{owner}/#{id}/version/#{ver}/tar"
       end
-      target
+    end
+
+    def self.profile_split(profile)
+      owner, id = profile.split('/')
+      id, version = id.split('#')
+      [owner, id, version]
     end
 
     # returns a parsed url for `admin/profile` or `compliance://admin/profile`

data/lib/bundles/inspec-compliance/cli.rb

@@ -104,7 +104,7 @@ module Compliance
         # iterate over profiles
         headline('Available profiles:')
         profiles.each { |profile|
-          li("#{profile['title']} #{mark_text(profile['owner_id'] + '/' + profile['name'])}")
+          li("#{profile['title']} v#{profile['version']} (#{mark_text(profile['owner_id'] + '/' + profile['name'])})")
         }
       else
         puts msg, 'Could not find any profiles'

data/lib/inspec/exceptions.rb

@@ -3,6 +3,8 @@
 
 module Inspec
   module Exceptions
+    class AttributesFileDoesNotExist < ArgumentError; end
+    class AttributesFileNotReadable < ArgumentError; end
     class SecretsBackendNotFound < ArgumentError; end
   end
 end

data/lib/inspec/resource.rb

@@ -89,6 +89,7 @@ require 'resources/directory'
 require 'resources/docker'
 require 'resources/docker_image'
 require 'resources/docker_container'
+require 'resources/etc_fstab'
 require 'resources/etc_group'
 require 'resources/etc_hosts'
 require 'resources/file'
@@ -113,6 +114,7 @@ require 'resources/mssql_session'
 require 'resources/mysql'
 require 'resources/mysql_conf'
 require 'resources/mysql_session'
+require 'resources/nginx'
 require 'resources/nginx_conf'
 require 'resources/npm'
 require 'resources/ntp_conf'

data/lib/inspec/runner.rb

@@ -124,11 +124,13 @@ module Inspec
       return options[:attributes] if secrets_targets.nil?
 
       secrets_targets.each do |target|
+        validate_attributes_file_readability!(target)
+
         secrets = Inspec::SecretsBackend.resolve(target)
         if secrets.nil?
           raise Inspec::Exceptions::SecretsBackendNotFound,
-                "Unable to find a parser for attributes file #{target}. " \
-                'Check to make sure the file exists and has the appropriate extension.'
+                "Cannot find parser for attributes file '#{target}'. " \
+                'Check to make sure file has the appropriate extension.'
         end
 
         next if secrets.attributes.nil?
@@ -270,5 +272,21 @@ module Inspec
 
       examples.each { |e| @test_collector.add_test(e, rule) }
     end
+
+    def validate_attributes_file_readability!(target)
+      unless File.exist?(target)
+        raise Inspec::Exceptions::AttributesFileDoesNotExist,
+              "Cannot find attributes file '#{target}'. " \
+              'Check to make sure file exists.'
+      end
+
+      unless File.readable?(target)
+        raise Inspec::Exceptions::AttributesFileNotReadable,
+              "Cannot read attributes file '#{target}'. " \
+              'Check to make sure file is readable.'
+      end
+
+      true
+    end
   end
 end

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.36.1'.freeze
+  VERSION = '1.37.6'.freeze
 end

data/lib/resources/docker.rb

@@ -63,7 +63,7 @@ module Inspec::Resources
   # For compatability with Serverspec we also offer the following resouses:
   # - docker_container
   # - docker_image
-  class Docker < Inspec.resource(1)
+  class Docker < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
     name 'docker'
 
     desc "
@@ -167,6 +167,13 @@ module Inspec::Resources
 
         # ensure all keys are there
         j = ensure_container_keys(j)
+
+        # strip off any linked container names
+        # Depending on how it was linked, the actual container name may come before
+        # or after the link information, so we'll just look for the first name that
+        # does not include a slash since that is not a valid character in a container name
+        j['names'] = j['names'].split(',').find { |c| !c.include?('/') }
+
         ps.push(j)
       }
       ps

data/lib/resources/etc_fstab.rb

@@ -0,0 +1,107 @@
+# encoding: utf-8
+# copyright:
+# author: Matthew Dromazos
+
+require 'utils/parser'
+
+class EtcFstab < Inspec.resource(1)
+  name 'etc_fstab'
+  desc 'Use the etc_fstab InSpec audit resource to check the configuration of the etc/fstab file.'
+  example "
+    removable_media = etc_fstab.removable_media_file_systems
+    removable_media.each do |media|
+      describe media do
+        its ('mount_options') { should include 'nosuid' }
+      end
+    end
+
+    nfs_systems = etc_fstab.nfs_file_systems
+    nfs_systems.each do |file_system|
+      describe file_system do
+        its ('mount_options') { should include 'nosuid' }
+        its ('mount_options') { should include 'noexec' }
+        its ('mount_options') { should include '\'sec=krb5:krb5i:krb5p\'' }
+      end
+    end
+
+    describe etc_fstab do
+      its ('home_mount_options') { should include 'nosuid' }
+    end
+  "
+
+  attr_reader :params
+
+  include CommentParser
+
+  def initialize(fstab_path = nil)
+    return skip_resource 'The `etc_fstab` resource is not supported on your OS.' unless inspec.os.linux?
+    @conf_path      = fstab_path || '/etc/fstab'
+    @files_contents = {}
+    @content        = nil
+    @params         = nil
+    read_content
+  end
+
+  filter = FilterTable.create
+  filter.add_accessor(:where)
+        .add_accessor(:entries)
+        .add(:device_name,           field: 'device_name')
+        .add(:mount_point,           field: 'mount_point')
+        .add(:file_system_type,      field: 'file_system_type')
+        .add(:mount_options,         field: 'mount_options')
+        .add(:dump_options,          field: 'dump_options')
+        .add(:file_system_options,   field: 'file_system_options')
+        .add(:configured?) { |x| x.entries.any? }
+
+  filter.connect(self, :params)
+
+  def nfs_file_systems
+    where { file_system_type.match(/nfs/) }
+  end
+
+  def home_mount_options
+    return nil unless where { mount_point == '/home' }.configured?
+    where { mount_point == '/home' }.entries[0].mount_options
+  end
+
+  private
+
+  def read_content
+    @content = ''
+    @params  = {}
+    @content = read_file(@conf_path)
+    @params  = parse_conf(@content)
+  end
+
+  def parse_conf(content)
+    content.map do |line|
+      data, = parse_comment_line(line, comment_char: '#', standalone_comments: false)
+      parse_line(data) unless data == ''
+    end.compact
+  end
+
+  def parse_line(line)
+    attributes = line.split
+    {
+      'device_name'         => attributes[0],
+      'mount_point'         => attributes[1],
+      'file_system_type'    => attributes[2],
+      'mount_options'       => attributes[3].split(','),
+      'dump_options'        => attributes[4].to_i,
+      'file_system_options' => attributes[5].to_i,
+    }
+  end
+
+  def read_file(conf_path = @conf_path)
+    file = inspec.file(conf_path)
+    if !file.file?
+      return skip_resource "Can't find \"#{@conf_path}\""
+    end
+
+    raw_conf = file.content
+    if raw_conf.empty? && !file.empty?
+      return skip_resource("File is empty or unable to read file at path:\"#{@conf_path}\"")
+    end
+    raw_conf.lines
+  end
+end

data/lib/resources/mysql_conf.rb

@@ -33,6 +33,16 @@ module Inspec::Resources
       describe mysql_conf('path') do
         its('setting') { should eq 'value' }
       end
+
+      # Test a parameter set within the [mysqld] section
+      describe mysql_conf do
+        its('mysqld.port') { should cmp 3306 }
+      end
+
+      # Test a parameter set within the [mariadb] section using array notation
+      describe mysql_conf do
+        its(['mariadb', 'max-connections']) { should_not be_nil }
+      end
     "
 
     include FindFiles

data/lib/resources/nginx.rb

@@ -0,0 +1,97 @@
+# encoding: utf-8
+# author: Aaron Lippold, lippold@gmail.com
+# author: Rony Xavier, rx294@gmail.com
+
+require 'pathname'
+require 'hashie/mash'
+
+module Inspec::Resources
+  class Nginx < Inspec.resource(1)
+    name 'nginx'
+    desc 'Use the nginx InSpec audit resource to test information about your NGINX instance.'
+    example "
+      describe nginx do
+        its('conf_path') { should cmp '/etc/nginx/nginx.conf' }
+      end
+      describe nginx('/etc/sbin/') do
+        its('version') { should be >= '1.0.0' }
+      end
+      describe nginx do
+        its('modules') { should include 'my_module' }
+      end
+    "
+    attr_reader :params, :bin_dir
+
+    def initialize(nginx_path = '/usr/sbin/nginx')
+      return skip_resource 'The `nginx` resource is not yet available on your OS.' if inspec.os.windows?
+      return skip_resource 'The `nginx` binary not found in the path provided.' unless inspec.command(nginx_path).exist?
+
+      cmd = inspec.command("#{nginx_path} -V 2>&1")
+      if !cmd.exit_status.zero?
+        return skip_resource 'Error using the command nginx -V'
+      end
+      @data = cmd.stdout
+      @params = {}
+      read_content
+    end
+
+    %w{compiler_info error_log_path http_client_body_temp_path http_fastcgi_temp_path http_log_path http_proxy_temp_path http_scgi_temp_path http_uwsgi_temp_path lock_path modules_path openssl_version prefix sbin_path service support_info version}.each do |property|
+      define_method(property.to_sym) do
+        @params[property.to_sym]
+      end
+    end
+
+    def openssl_version
+      result = @data.scan(/built with OpenSSL\s(\S+)\s(\d+\s\S+\s\d{4})/).flatten
+      Hashie::Mash.new({ 'version' => result[0], 'date' => result[1] })
+    end
+
+    def compiler_info
+      result = @data.scan(/built by (\S+)\s(\S+)\s(\S+)/).flatten
+      Hashie::Mash.new({ 'compiler' => result[0], 'version' => result[1], 'date' => result[2] })
+    end
+
+    def support_info
+      support_info = @data.scan(/(.*\S+) support enabled/).flatten
+      support_info.empty? ? nil : support_info.join(' ')
+    end
+
+    def modules
+      @data.scan(/--with-(\S+)_module/).flatten
+    end
+
+    def to_s
+      'Nginx Environment'
+    end
+
+    private
+
+    def read_content
+      parse_config
+      parse_path
+      parse_http_path
+    end
+
+    def parse_config
+      @params[:prefix] = @data.scan(/--prefix=(\S+)\s/).flatten.first
+      @params[:service] = 'nginx'
+      @params[:version] = @data.scan(%r{nginx version: nginx\/(\S+)\s}).flatten.first
+    end
+
+    def parse_path
+      @params[:sbin_path] = @data.scan(/--sbin-path=(\S+)\s/).flatten.first
+      @params[:modules_path] = @data.scan(/--modules-path=(\S+)\s/).flatten.first
+      @params[:error_log_path] = @data.scan(/--error-log-path=(\S+)\s/).flatten.first
+      @params[:http_log_path] = @data.scan(/--http-log-path=(\S+)\s/).flatten.first
+      @params[:lock_path] = @data.scan(/--lock-path=(\S+)\s/).flatten.first
+    end
+
+    def parse_http_path
+      @params[:http_client_body_temp_path] = @data.scan(/--http-client-body-temp-path=(\S+)\s/).flatten.first
+      @params[:http_proxy_temp_path] = @data.scan(/--http-proxy-temp-path=(\S+)\s/).flatten.first
+      @params[:http_fastcgi_temp_path] = @data.scan(/--http-fastcgi-temp-path=(\S+)\s/).flatten.first
+      @params[:http_uwsgi_temp_path] = @data.scan(/--http-uwsgi-temp-path=(\S+)\s/).flatten.first
+      @params[:http_scgi_temp_path] = @data.scan(/--http-scgi-temp-path=(\S+)\s/).flatten.first
+    end
+  end
+end

data/lib/resources/package.rb

@@ -193,7 +193,8 @@ module Inspec::Resources
   # MacOS / Darwin implementation
   class Brew < PkgManagement
     def info(package_name)
-      cmd = inspec.command("brew info --json=v1 #{package_name}")
+      brew_path = inspec.command('brew').exist? ? 'brew' : '/usr/local/bin/brew'
+      cmd = inspec.command("#{brew_path} info --json=v1 #{package_name}")
       return nil if cmd.exit_status.to_i != 0
       # parse data
       pkg = JSON.parse(cmd.stdout)[0]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.36.1
+  version: 1.37.6
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-09-06 00:00:00.000000000 Z
+date: 2017-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -330,6 +330,7 @@ files:
 - docs/resources/docker.md.erb
 - docs/resources/docker_container.md.erb
 - docs/resources/docker_image.md.erb
+- docs/resources/etc_fstab.md.erb
 - docs/resources/etc_group.md.erb
 - docs/resources/etc_hosts.md.erb
 - docs/resources/file.md.erb
@@ -355,6 +356,7 @@ files:
 - docs/resources/mssql_session.md.erb
 - docs/resources/mysql_conf.md.erb
 - docs/resources/mysql_session.md.erb
+- docs/resources/nginx.md.erb
 - docs/resources/nginx_conf.md.erb
 - docs/resources/npm.md.erb
 - docs/resources/ntp_conf.md.erb
@@ -571,6 +573,7 @@ files:
 - lib/resources/docker.rb
 - lib/resources/docker_container.rb
 - lib/resources/docker_image.rb
+- lib/resources/etc_fstab.rb
 - lib/resources/etc_group.rb
 - lib/resources/etc_hosts.rb
 - lib/resources/file.rb
@@ -596,6 +599,7 @@ files:
 - lib/resources/mysql.rb
 - lib/resources/mysql_conf.rb
 - lib/resources/mysql_session.rb
+- lib/resources/nginx.rb
 - lib/resources/nginx_conf.rb
 - lib/resources/npm.rb
 - lib/resources/ntp_conf.rb
@@ -678,7 +682,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.12
+rubygems_version: 2.6.13
 signing_key: 
 specification_version: 4
 summary: Infrastructure and compliance testing.