inspec 1.37.6 → 1.38.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2deb0a13ed78e24b3fdc0b02b85e08934ed94498
-  data.tar.gz: cc043ff4dbcc869b811e5a1cddfc982c3d167e96
+  metadata.gz: a11293dc2aaa9e66285a63b04a476b03ebe6a703
+  data.tar.gz: 5498bd736298eab2b16776a92ebb1921b848e4fd
 SHA512:
-  metadata.gz: 2b24779c8fed6870015055c52b2aa2a0eac19b2adeb0324a322125c6fb77bee0f9a432d75825cf8c3f1e6672af8ca90392c96590a9e4351724b5fce446849442
-  data.tar.gz: 316851c81278ba142874d01b3ab76ed2b8bc4005c5edd5f3c5a41d0756f010fabcfc612dd52ba2d1060aa6a5cd8af53f0d8773d9c0c3270bf3d01ff35bd320a6
+  metadata.gz: 001f1e34e039a7eb24f433ecb54fb2afab16f1b6ac4ed86658b9a71db66c958b4b24532feecb072d988d37e3be6a3b37821ab46cbd8457fcd6c1fae47ca0cd96
+  data.tar.gz: 35f44d8abafac513133c35844bc1f907263e6023acf5003a48000248d620095a755b2ccf4236e373c67c7273713460b2f930d0895e2db7e37e5a8096413eabae

data/CHANGELOG.md

@@ -1,32 +1,57 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 1.37.6 -->
-## [v1.37.6](https://github.com/chef/inspec/tree/v1.37.6) (2017-09-14)
+<!-- latest_release 1.38.8 -->
+## [v1.38.5](https://github.com/chef/inspec/tree/v1.38.5) (2017-09-23)
 
 #### Merged Pull Requests
-- Bump Ruby to 2.3.5 [#2149](https://github.com/chef/inspec/pull/2149) ([adamleff](https://github.com/adamleff))
+- Bump train to 0.27 [#2180](https://github.com/chef/inspec/pull/2180) ([adamleff](https://github.com/adamleff))
 <!-- latest_release -->
 
-<!-- release_rollup since=1.36.1 -->
-### Changes since 1.36.1 release
+<!-- release_rollup since=1.37.6 -->
+### Changes since 1.37.6 release
 
-#### Merged Pull Requests
-- Bump Ruby to 2.3.5 [#2149](https://github.com/chef/inspec/pull/2149) ([adamleff](https://github.com/adamleff)) <!-- 1.37.6 -->
+#### Bug Fixes
+- Modify Upstart enabled check to use config file [#2163](https://github.com/chef/inspec/pull/2163) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.38.2 -->
+- Support `false` for attribute value [#2168](https://github.com/chef/inspec/pull/2168) ([adamleff](https://github.com/adamleff)) <!-- 1.38.1 -->
+- quote username and hostname in mssql_session.rb [#2151](https://github.com/chef/inspec/pull/2151) ([bratdim](https://github.com/bratdim)) <!-- 1.37.11 -->
+- Update method in which Pry hooks are removed [#2170](https://github.com/chef/inspec/pull/2170) ([adamleff](https://github.com/adamleff)) <!-- 1.37.13 -->
+
+#### New Resources
+- auditd resource: test active auditd configuration against the audit daemon [#2133](https://github.com/chef/inspec/pull/2133) ([jburns12](https://github.com/jburns12)) <!-- 1.37.9 -->
 
 #### Enhancements
-- Show versions for inspec compliance profiles [#2143](https://github.com/chef/inspec/pull/2143) ([alexpop](https://github.com/alexpop)) <!-- 1.37.5 -->
-- Support profile versions for automate profiles storage [#2128](https://github.com/chef/inspec/pull/2128) ([alexpop](https://github.com/alexpop)) <!-- 1.37.4 -->
+- forgiving default attributes [#2177](https://github.com/chef/inspec/pull/2177) ([arlimus](https://github.com/arlimus)) <!-- 1.38.4 -->
+- Support array syntax for registry_key resource [#2160](https://github.com/chef/inspec/pull/2160) ([adamleff](https://github.com/adamleff)) <!-- 1.37.12 -->
+- Add wildcard/multiple server support to nginx_conf resource [#2141](https://github.com/chef/inspec/pull/2141) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.37.8 -->
 
-#### Bug Fixes
-- package resource: assume a default Homebrew path [#2140](https://github.com/chef/inspec/pull/2140) ([adamleff](https://github.com/adamleff)) <!-- 1.37.3 -->
-- Ignore linked container names when parsing docker containers [#2134](https://github.com/chef/inspec/pull/2134) ([adamleff](https://github.com/adamleff)) <!-- 1.37.2 -->
+#### Merged Pull Requests
+- Bump train to 0.27 [#2180](https://github.com/chef/inspec/pull/2180) ([adamleff](https://github.com/adamleff)) <!-- 1.38.8 -->
+- Properly return postgres query errors on failure [#2179](https://github.com/chef/inspec/pull/2179) ([adamleff](https://github.com/adamleff)) <!-- 1.38.7 -->
+- Add wildcard support to `Utils::FindFiles` [#2159](https://github.com/chef/inspec/pull/2159) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.38.6 -->
+- Modify `DirProvider` to allow special characters [#2174](https://github.com/chef/inspec/pull/2174) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.38.5 -->
+- Update changelog for v1.38.2 release [#2173](https://github.com/chef/inspec/pull/2173) ([adamleff](https://github.com/adamleff)) <!-- 1.37.13 -->
+- Add deprecation warning to auditd_rules resource [#2156](https://github.com/chef/inspec/pull/2156) ([adamleff](https://github.com/adamleff)) <!-- 1.37.10 -->
+<!-- release_rollup -->
+
+<!-- latest_stable_release -->
+## [v1.37.6](https://github.com/chef/inspec/tree/v1.37.6) (2017-09-14)
 
 #### New Resources
-- nginx resource: audit the nginx binary and how it was compiled [#1958](https://github.com/chef/inspec/pull/1958) ([rx294](https://github.com/rx294)) <!-- 1.37.1 -->
-- etc_fstab resource: test contents of the /etc/fstab file [#2064](https://github.com/chef/inspec/pull/2064) ([dromazmj](https://github.com/dromazmj)) <!-- 1.37.0 -->
-<!-- release_rollup -->
+- etc_fstab resource: test contents of the /etc/fstab file [#2064](https://github.com/chef/inspec/pull/2064) ([dromazmj](https://github.com/dromazmj))
+- nginx resource: audit the nginx binary and how it was compiled [#1958](https://github.com/chef/inspec/pull/1958) ([rx294](https://github.com/rx294))
 
+#### Enhancements
+- Support profile versions for automate profiles storage [#2128](https://github.com/chef/inspec/pull/2128) ([alexpop](https://github.com/alexpop))
+- Show versions for inspec compliance profiles [#2143](https://github.com/chef/inspec/pull/2143) ([alexpop](https://github.com/alexpop))
+
+#### Bug Fixes
+- Ignore linked container names when parsing docker containers [#2134](https://github.com/chef/inspec/pull/2134) ([adamleff](https://github.com/adamleff))
+- package resource: assume a default Homebrew path [#2140](https://github.com/chef/inspec/pull/2140) ([adamleff](https://github.com/adamleff))
+
+#### Merged Pull Requests
+- Bump Ruby to 2.3.5 for Omnibus build [#2149](https://github.com/chef/inspec/pull/2149) ([adamleff](https://github.com/adamleff))
 <!-- latest_stable_release -->
+
 ## [v1.36.1](https://github.com/chef/inspec/tree/v1.36.1) (2017-09-07)
 
 #### Enhancements
@@ -36,7 +61,6 @@
 #### Bug Fixes
 - Modify linux regular expression to handle process names with spaces [#2117](https://github.com/chef/inspec/pull/2117) ([ChadScott](https://github.com/ChadScott))
 - Fix alternate path profile chaining [#2121](https://github.com/chef/inspec/pull/2121) ([trevor-vaughan](https://github.com/trevor-vaughan))
-<!-- latest_stable_release -->
 
 ## [v1.35.1](https://github.com/chef/inspec/tree/v1.35.1) (2017-08-31)
 

data/docs/resources/auditd.md.erb

@@ -0,0 +1,93 @@
+---
+title: About the auditd Resource
+---
+
+# auditd
+
+Use the `auditd` InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command. This resource supports versions of `audit` >= 2.3.
+
+## Syntax
+
+An `auditd` resource block declares one (or more) rules to be tested, and then what that rule should do:
+
+    describe auditd do
+      its('lines') { should include %r(-w /etc/ssh/sshd_config) }
+    end
+
+or test that multiple individual rules are defined:
+
+    describe auditd do
+      its('lines') { should include %r(-a always,exit -F arch=.* -S init_module,delete_module -F key=modules) }
+      its('lines') { should include %r(-a always,exit -F arch=.* -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=-1 -F key=.+) }
+    end
+
+where each test must declare one (or more) rules to be tested.
+
+
+## Matchers
+
+This InSpec audit resource has the following matchers:
+
+### be
+
+<%= partial "/shared/matcher_be" %>
+
+### cmp
+
+<%= partial "/shared/matcher_cmp" %>
+
+### eq
+
+<%= partial "/shared/matcher_eq" %>
+
+### include
+
+<%= partial "/shared/matcher_include" %>
+
+### match
+
+<%= partial "/shared/matcher_match" %>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if a rule contains a matching element that is identified by a regular expression
+
+For `audit` >= 2.3:
+
+    describe auditd do
+      its('lines') { should include %r(-a always,exit -F arch=.* -S chown.* -F auid>=1000 -F auid!=-1 -F key=perm_mod) }
+    end
+
+### Query the audit daemon status
+
+    describe auditd.status('backlog') do
+      it { should cmp 0 }
+    end
+
+### Query properties of rules targeting specific syscalls or files - uniq is used to handle multiple rules for the same syscall with redundant field values
+
+    describe auditd.syscall('open') do
+      its('action.uniq') { should eq ['always'] }
+      its('list.uniq') { should eq ['exit'] }
+    end
+
+    describe auditd.file('/etc/sudoers') do
+      its('permissions') { should include ['x'] }
+    end
+
+The where accessor can be used to filter on fields. For example:
+
+    describe auditd.syscall('chown').where { arch == "b32" } do
+      its('action') { should eq ['always'] }
+      its('list') { should eq ['exit'] }
+      its('exit') { should include ['-EACCES'] }
+      its('exit') { should include ['-EPERM'] }
+    end
+
+The key filter may be useful in evaluating rules with particular key values:
+
+  describe auditd.where { key == "privileged" } do
+    its('permissions') { should include ['x'] }
+  end

data/docs/resources/file.md.erb

@@ -61,6 +61,10 @@ an owner:
 
     it { should be_executable.by('owner') }
 
+any user other than the owner or members of the file's group:
+
+    it { should be_executable.by('others') }
+
 a user:
 
     it { should be_executable.by_user('user') }
@@ -121,6 +125,10 @@ an owner:
 
     it { should be_readable.by('owner') }
 
+any user other than the owner or members of the file's group:
+
+    it { should be_readable.by('others') }
+
 a user:
 
     it { should be_readable.by_user('user') }
@@ -175,6 +183,10 @@ an owner:
 
     it { should be_writable.by('owner') }
 
+any user other than the owner or members of the file's group:
+
+    it { should be_writable.by('others') }
+
 a user:
 
     it { should be_writable.by_user('user') }

data/inspec.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.1'
 
-  spec.add_dependency 'train', '~> 0.26'
+  spec.add_dependency 'train', '~> 0.27'
   spec.add_dependency 'thor', '~> 0.19'
   spec.add_dependency 'json', '>= 1.8', '< 3.0'
   spec.add_dependency 'rainbow', '~> 2'

data/lib/inspec/file_provider.rb

@@ -72,7 +72,7 @@ module Inspec
       @files = if File.file?(path)
                  [path]
                else
-                 Dir[File.join(path, '**', '*')]
+                 Dir[File.join(Shellwords.shellescape(path), '**', '*')]
                end
       @path = path
     end

data/lib/inspec/objects/attribute.rb

@@ -3,22 +3,31 @@
 module Inspec
   class Attribute
     attr_accessor :name
-    def initialize(name, options)
+    attr_writer :value
+
+    DEFAULT_ATTRIBUTE = Class.new do
+      def method_missing(*_)
+        self
+      end
+
+      def respond_to_missing?(_, _)
+        true
+      end
+    end
+
+    def initialize(name, options = {})
       @name = name
       @opts = options
       @value = nil
     end
 
     # implicit call is done by inspec to determine the value of an attribute
-    def value(newvalue = nil)
-      unless newvalue.nil?
-        @value = newvalue
-      end
-      @value || default
+    def value
+      @value.nil? ? default : @value
     end
 
     def default
-      @opts[:default]
+      @opts[:default] || DEFAULT_ATTRIBUTE.new
     end
 
     def title

data/lib/inspec/profile_context.rb

@@ -177,7 +177,7 @@ module Inspec
       # we need to return an attribute object, to allow dermination of default values
       attr = Attribute.new(name, options)
       # read value from given gived values
-      attr.value(@conf['attributes'][attr.name]) unless @conf['attributes'].nil?
+      attr.value = @conf['attributes'][attr.name] unless @conf['attributes'].nil?
       @attributes.push(attr)
       attr.value
     end

data/lib/inspec/resource.rb

@@ -77,6 +77,7 @@ require 'resources/apache'
 require 'resources/apache_conf'
 require 'resources/apt'
 require 'resources/audit_policy'
+require 'resources/auditd'
 require 'resources/auditd_conf'
 require 'resources/auditd_rules'
 require 'resources/bash'

data/lib/inspec/shell.rb

@@ -26,8 +26,13 @@ module Inspec
     end
 
     def configure_pry # rubocop:disable Metrics/AbcSize
-      # Remove all hooks and checks
-      Pry.hooks.clear_all
+      # Delete any before_session, before_eval, and after_eval hooks so we can
+      # replace them with our own. Pry 0.10 used to have a single method to clear
+      # all hooks, but this was removed in Pry 0.11.
+      [:before_session, :before_eval, :after_eval].each do |event|
+        Pry.hooks.get_hooks(event).keys.map { |hook| Pry.hooks.delete_hook(event, hook) }
+      end
+
       that = self
 
       # Add the help command

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.37.6'.freeze
+  VERSION = '1.38.8'.freeze
 end

data/lib/resources/auditd.rb

@@ -0,0 +1,231 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# author: Jen Burns
+
+require 'forwardable'
+require 'utils/filter_array'
+require 'utils/filter'
+require 'utils/parser'
+
+module Inspec::Resources
+  # rubocop:disable Metrics/ClassLength
+  class AuditDaemon < Inspec.resource(1)
+    extend Forwardable
+    attr_accessor :lines
+    attr_reader :params
+
+    name 'auditd'
+    desc 'Use the auditd InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command.'
+    example "
+      describe auditd.syscall('chown').where {arch == 'b32'} do
+        its('action') { should eq ['always'] }
+        its('list') { should eq ['exit'] }
+      end
+
+      describe auditd.where {key == 'privileged'} do
+        its('permissions') { should include ['x'] }
+      end
+
+      describe auditd do
+        its('lines') { should include %r(-w /etc/ssh/sshd_config) }
+      end
+    "
+
+    def initialize
+      @content = inspec.command('/sbin/auditctl -l').stdout.chomp
+      @params = []
+
+      if @content =~ /^LIST_RULES:/
+        return skip_resource 'The version of audit is outdated. The `auditd` resource supports versions of audit >= 2.3.'
+      end
+      parse_content
+    end
+
+    filter = FilterTable.create
+    filter.add_accessor(:where)
+          .add_accessor(:entries)
+          .add(:file,         field: 'file')
+          .add(:list,         field: 'list')
+          .add(:action,       field: 'action')
+          .add(:fields,       field: 'fields')
+          .add(:fields_nokey, field: 'fields_nokey')
+          .add(:syscall,      field: 'syscall')
+          .add(:key,          field: 'key')
+          .add(:arch,         field: 'arch')
+          .add(:path,         field: 'path')
+          .add(:permissions,  field: 'permissions')
+          .add(:exit,         field: 'exit')
+
+    filter.connect(self, :params)
+
+    def status(name = nil)
+      @status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp
+      @status_params ||= Hash[@status_content.scan(/^([^ ]+) (.*)$/)]
+
+      return @status_params[name] if name
+      @status_params
+    end
+
+    def parse_content
+      @lines = @content.lines.map(&:chomp)
+
+      lines.each do |line|
+        if is_file_syscall_syntax?(line)
+          file_syscall_syntax_rules_for(line)
+        end
+
+        if is_syscall?(line)
+          syscall_rules_for(line)
+
+        elsif is_file?(line)
+          file_rules_for(line)
+        end
+      end
+    end
+
+    def file_syscall_syntax_rules_for(line)
+      file = file_syscall_syntax_for(line)
+      action, list = action_list_for(line)
+      fields = rule_fields_for(line)
+      key_field, fields_nokey = remove_key_from(fields)
+      key = key_in(key_field.join(''))
+      perms = perms_in(fields)
+
+      @params.push(
+        {
+          'file' => file,
+          'list' => list,
+          'action' => action,
+          'fields' => fields,
+          'permissions' => perms,
+          'key' => key,
+          'fields_nokey' => fields_nokey,
+        },)
+    end
+
+    def syscall_rules_for(line)
+      syscalls = syscalls_for(line)
+      action, list = action_list_for(line)
+      fields = rule_fields_for(line)
+      key_field, fields_nokey = remove_key_from(fields)
+      key = key_in(key_field.join(''))
+      arch = arch_in(fields)
+      path = path_in(fields)
+      perms = perms_in(fields)
+      exit_field = exit_in(fields)
+
+      syscalls.each do |s|
+        @params.push(
+          {
+            'syscall' => s,
+            'list' => list,
+            'action' => action,
+            'fields' => fields,
+            'key' => key,
+            'arch' => arch,
+            'path' => path,
+            'permissions' => perms,
+            'exit' => exit_field,
+            'fields_nokey' => fields_nokey,
+          },)
+      end
+    end
+
+    def file_rules_for(line)
+      file = file_for(line)
+      perms = permissions_for(line)
+      key = key_for(line)
+
+      @params.push(
+        {
+          'file' => file,
+          'key' => key,
+          'permissions' => perms,
+        },)
+    end
+
+    def to_s
+      'Auditd Rules'
+    end
+
+    private
+
+    def is_syscall?(line)
+      line.match(/-S /)
+    end
+
+    def is_file?(line)
+      line.match(/-w /)
+    end
+
+    def is_file_syscall_syntax?(line)
+      line.match(/-F path=/)
+    end
+
+    def syscalls_for(line)
+      line.scan(/-S ([^ ]+)\s?/).flatten.first.split(',')
+    end
+
+    def action_list_for(line)
+      line.scan(/-a ([^,]+),([^ ]+)\s?/).flatten
+    end
+
+    def key_for(line)
+      line.match(/-k ([^ ]+)\s?/)[1] if line.include?('-k ')
+    end
+
+    def file_for(line)
+      line.match(/-w ([^ ]+)\s?/)[1]
+    end
+
+    def file_syscall_syntax_for(line)
+      line.match(/-F path=(\S+)\s?/)[1]
+    end
+
+    def permissions_for(line)
+      line.match(/-p ([^ ]+)/)[1].scan(/\w/)
+    end
+
+    def rule_fields_for(line)
+      line.gsub(/-[aS] [^ ]+ /, '').split('-F ').map { |l| l.split(' ') }.flatten
+    end
+
+    def arch_in(fields)
+      fields.each do |field|
+        return field.match(/arch=(\S+)\s?/)[1] if field.start_with?('arch=')
+      end
+      nil
+    end
+
+    def perms_in(fields)
+      fields.each do |field|
+        return field.match(/perm=(\S+)\s?/)[1].scan(/\w/) if field.start_with?('perm=')
+      end
+      nil
+    end
+
+    def path_in(fields)
+      fields.each do |field|
+        return field.match(/path=(\S+)\s?/)[1] if field.start_with?('path=')
+      end
+      nil
+    end
+
+    def exit_in(fields)
+      fields.each do |field|
+        return field.match(/exit=(\S+)\s?/)[1] if field.start_with?('exit=')
+      end
+      nil
+    end
+
+    def key_in(field)
+      _, v = field.split('=')
+      v
+    end
+
+    def remove_key_from(fields)
+      fields.partition { |x| x.start_with? 'key' }
+    end
+  end
+end

data/lib/resources/auditd_rules.rb

@@ -87,6 +87,8 @@ module Inspec::Resources
         parse_content
         @legacy = nil
       end
+
+      warn '[DEPRECATION] The `auditd_rules` resource is deprecated and will be removed in InSpec 2.0. Use the `auditd` resource instead.'
     end
 
     # non-legacy instances are not asked for `its('LIST_RULES')`

data/lib/resources/mssql_session.rb

@@ -51,11 +51,11 @@ module Inspec::Resources
       escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
       # surpress 'x rows affected' in SQLCMD with 'set nocount on;'
       cmd_string = "sqlcmd -Q \"set nocount on; #{escaped_query}\" -W -w 1024 -s ','"
-      cmd_string += " -U #{@user} -P '#{@password}'" unless @user.nil? || @password.nil?
+      cmd_string += " -U '#{@user}' -P '#{@password}'" unless @user.nil? || @password.nil?
       if @instance.nil?
-        cmd_string += " -S #{@host}"
+        cmd_string += " -S '#{@host}'"
       else
-        cmd_string += " -S #{@host}\\#{@instance}"
+        cmd_string += " -S '#{@host}\\#{@instance}'"
       end
       cmd = inspec.command(cmd_string)
       out = cmd.stdout + "\n" + cmd.stderr

data/lib/resources/nginx_conf.rb

@@ -3,6 +3,7 @@
 # author: Christoph Hartmann
 
 require 'utils/nginx_parser'
+require 'utils/find_files'
 require 'forwardable'
 
 # STABILITY: Experimental
@@ -25,6 +26,8 @@ module Inspec::Resources
 
     extend Forwardable
 
+    include FindFiles
+
     attr_reader :contents
 
     def initialize(conf_path = nil)
@@ -93,13 +96,37 @@ module Inspec::Resources
       if data.key?('include')
         data.delete('include').flatten
             .map { |x| File.expand_path(x, rel_path) }
+            .map { |x| find_files(x) }.flatten
             .map { |path| parse_nginx(path) }
-            .map { |e| data.merge!(e) }
+            .each { |conf| merge_config!(data, conf) }
       end
 
       # Walk through the remaining hash fields to find more references
       Hash[data.map { |k, v| [k, resolve_references(v, rel_path)] }]
     end
+
+    # Deep merge fields from NginxConfig.parse.
+    # A regular merge would overwrite values so a deep merge is needed.
+    # @param data [Hash] data structure from NginxConfig.parse
+    # @param conf [Hash] data structure to be deep merged into data
+    # @return [Hash] data structure with conf and data deep merged
+    def merge_config!(data, conf)
+      # Catch edge-cases
+      return if data.nil? || conf.nil?
+      # Step through all conf items and create combined return value
+      data.merge!(conf) do |_, v1, v2|
+        if v1.is_a?(Array) && v2.is_a?(Array)
+          # If both the data field and the conf field are arrays, then combine them
+          v1 + v2
+        elsif v1.is_a?(Hash) && v2.is_a?(Hash)
+          # If both the data field and the conf field are maps, then deep merge them
+          merge_config!(v1, v2)
+        else
+          # All other cases, just use the new value (regular merge behavior)
+          v2
+        end
+      end
+    end
   end
 
   class NginxConfHttp

data/lib/resources/postgres_session.rb

@@ -52,7 +52,7 @@ module Inspec::Resources
       cmd = inspec.command(psql_cmd)
       out = cmd.stdout + "\n" + cmd.stderr
       if cmd.exit_status != 0 || out =~ /could not connect to .*/ || out.downcase =~ /^error:.*/
-        skip_resource "Can't read run query #{query.inspect} on postgres_session: #{out}"
+        Lines.new(out, "PostgreSQL query with errors: #{query}")
       else
         Lines.new(cmd.stdout.strip, "PostgreSQL query: #{query}")
       end

data/lib/resources/registry_key.rb

@@ -106,10 +106,19 @@ module Inspec::Resources
     end
 
     # returns nil, if not existant or value
-    def method_missing(meth)
+    def method_missing(*keys)
+      # allow the use of array syntax in an `its` block so that users
+      # can use it to query for keys with . characters in them
+      if keys.is_a?(Array)
+        keys.shift if keys[0] == :[]
+        key = keys.first
+      else
+        key = keys
+      end
+
       # get data
       val = registry_key(@options[:path])
-      registry_property_value(val, meth)
+      registry_property_value(val, key)
     end
 
     def to_s

data/lib/resources/service.rb

@@ -349,40 +349,21 @@ module Inspec::Resources
         description: nil,
         installed: true,
         running: running,
-        enabled: info_enabled(status, service_name),
+        enabled: info_enabled(service_name),
         type: 'upstart',
       }
     end
 
     private
 
-    def info_enabled(status, service_name)
+    def info_enabled(service_name)
       # check if a service is enabled
-      # http://upstart.ubuntu.com/cookbook/#determine-if-a-job-is-disabled
-      # $ initctl show-config $job | grep -q "^  start on" && echo enabled || echo disabled
-      # Ubuntu 10.04 show-config is not supported
-      # @see http://manpages.ubuntu.com/manpages/maverick/man8/initctl.8.html
-      support_for_show_config = Gem::Version.new('1.3')
-
-      if version >= support_for_show_config
-        config = inspec.command("#{service_ctl} show-config #{service_name}").stdout
-      else # use config file as fallback
-        config = inspec.file("/etc/init/#{service_name}.conf").content
-      end
+      config = inspec.file("/etc/init/#{service_name}.conf").content
 
       # disregard if the config does not exist
       return nil if config.nil?
-      enabled = !config[/^\s*start on/].nil?
-
-      # implement fallback for Ubuntu 10.04
-      if inspec.os[:name] == 'ubuntu' &&
-         inspec.os[:release].to_f >= 10.04 &&
-         inspec.os[:release].to_f < 12.04 &&
-         status.exit_status == 0
-        enabled = true
-      end
 
-      enabled
+      !config.match(/^\s*start on/).nil?
     end
 
     def version

data/lib/utils/find_files.rb

@@ -24,9 +24,10 @@ module FindFiles
     depth = opts[:depth]
     type = TYPES[opts[:type].to_sym] if opts[:type]
 
-    cmd = "find #{path}"
+    cmd = "sh -c \'find #{path}"
     cmd += " -type #{type}" unless type.nil?
     cmd += " -maxdepth #{depth.to_i}" if depth.to_i > 0
+    cmd += "\'"
 
     result = inspec.command(cmd)
     exit_status = result.exit_status

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.37.6
+  version: 1.38.8
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-09-14 00:00:00.000000000 Z
+date: 2017-09-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.26'
+        version: '0.27'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.26'
+        version: '0.27'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -316,6 +316,7 @@ files:
 - docs/resources/apache_conf.md.erb
 - docs/resources/apt.md.erb
 - docs/resources/audit_policy.md.erb
+- docs/resources/auditd.md.erb
 - docs/resources/auditd_conf.md.erb
 - docs/resources/auditd_rules.md.erb
 - docs/resources/bash.md.erb
@@ -560,6 +561,7 @@ files:
 - lib/resources/apache_conf.rb
 - lib/resources/apt.rb
 - lib/resources/audit_policy.rb
+- lib/resources/auditd.rb
 - lib/resources/auditd_conf.rb
 - lib/resources/auditd_rules.rb
 - lib/resources/bash.rb