inspec 1.51.0 → 1.51.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e4952aa70e173665e538c1e9a462da104c533ad1
-  data.tar.gz: a2b79c2109ade3f8f96afbb95104a71ea9d8b16c
+  metadata.gz: dbfea5e413e1c0ebcf2184242fabc92fd61c3954
+  data.tar.gz: ccfc7ed525ece869edf03f23176e0d5e2de940b2
 SHA512:
-  metadata.gz: e5444459f580693c6cce709ffb6cb99e47d817e1ddd35064a1636a299899165da235197640edb3cc2766d5b93d8fae7194996e731303c63df69f057527e02555
-  data.tar.gz: c866512ba5541fcb0b4dc2fb44c47f3ea22233b9d80590894e646e654f649160fbe0042dabb48941a7b500a709ee1c0d5f73c1725806083ce85713593d0b9939
+  metadata.gz: e29c023aae58ddcb1cc2aa589fdc272919da0eb9e8ea0dc12359e42ee728d2279ff5b4b09a34bea43512068f3881135e2777c2748ef487070c2931dfe857fd44
+  data.tar.gz: 68fec89c3c0f6d70fb466f94786589823e76ebfa448ff51b910da6af71dc0ee2bf39e199c717b0b586cc977c75a52a488085207da1ddb12f0db0ad18b591cb80

data/CHANGELOG.md

@@ -1,31 +1,46 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 1.51.0 -->
-## [v1.51.0](https://github.com/chef/inspec/tree/v1.51.0) (2018-01-25)
+<!-- latest_release 1.51.6 -->
+## [v1.51.6](https://github.com/chef/inspec/tree/v1.51.6) (2018-02-08)
 
-#### New Resources
-- filesystem resource: inspect linux filesystems [#2441](https://github.com/chef/inspec/pull/2441) ([tarcinil](https://github.com/tarcinil))
+#### New Features
+- Add new &quot;reporter&quot; system (replacement for &quot;formatters&quot;), support multiple reporters per run [#2464](https://github.com/chef/inspec/pull/2464) ([jquick](https://github.com/jquick))
 <!-- latest_release -->
 
-<!-- release_rollup since=1.50.1 -->
-### Changes since 1.50.1 release
+<!-- release_rollup since=1.51.0 -->
+### Changes since 1.51.0 release
+
+#### New Features
+- Add new &quot;reporter&quot; system (replacement for &quot;formatters&quot;), support multiple reporters per run [#2464](https://github.com/chef/inspec/pull/2464) ([jquick](https://github.com/jquick)) <!-- 1.51.6 -->
+
+#### Merged Pull Requests
+- Fix travis-ci bundler issue [#2533](https://github.com/chef/inspec/pull/2533) ([jquick](https://github.com/jquick)) <!-- 1.51.5 -->
+-  Improve links to Learn Chef Rally [#2476](https://github.com/chef/inspec/pull/2476) ([tpetchel](https://github.com/tpetchel)) <!-- 1.51.4 -->
+- apache resource: document and deprecate [#2494](https://github.com/chef/inspec/pull/2494) ([adamleff](https://github.com/adamleff)) <!-- 1.51.3 -->
+- add Inspec::Describe for abstract describe state [#2010](https://github.com/chef/inspec/pull/2010) ([arlimus](https://github.com/arlimus)) <!-- 1.51.2 -->
 
 #### Enhancements
-- Update security_policy resource to return Names, not SIDs [#2462](https://github.com/chef/inspec/pull/2462) ([ViolentOr](https://github.com/ViolentOr)) <!-- 1.50.5 -->
+- packages resource: Add `architectures` support [#2469](https://github.com/chef/inspec/pull/2469) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.51.1 -->
+<!-- release_rollup -->
+
+<!-- latest_stable_release -->
+## [v1.51.0](https://github.com/chef/inspec/tree/v1.51.0) (2018-01-25)
 
 #### New Resources
-- filesystem resource: inspect linux filesystems [#2441](https://github.com/chef/inspec/pull/2441) ([tarcinil](https://github.com/tarcinil)) <!-- 1.51.0 -->
-- new docker_service resource to inspect Docker Swarm services [#2456](https://github.com/chef/inspec/pull/2456) ([mattlqx](https://github.com/mattlqx)) <!-- 1.50.4 -->
+- new docker_service resource to inspect Docker Swarm services [#2456](https://github.com/chef/inspec/pull/2456) ([mattlqx](https://github.com/mattlqx))
+- filesystem resource: inspect linux filesystems [#2441](https://github.com/chef/inspec/pull/2441) ([tarcinil](https://github.com/tarcinil))
 
-#### Merged Pull Requests
-- Sort library files before loading them so load order is predictable [#2475](https://github.com/chef/inspec/pull/2475) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 1.50.3 -->
+#### Enhancements
+- Update security_policy resource to return Names, not SIDs [#2462](https://github.com/chef/inspec/pull/2462) ([ViolentOr](https://github.com/ViolentOr))
 
 #### Bug Fixes
-- service resource: attempt a SysV fallback if SystemD unit file is not found [#2473](https://github.com/chef/inspec/pull/2473) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.50.6 -->
-- grub_conf resource: fix menuentry detection [#2408](https://github.com/chef/inspec/pull/2408) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.50.2 -->
-<!-- release_rollup -->
+- grub_conf resource: fix menuentry detection [#2408](https://github.com/chef/inspec/pull/2408) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+- service resource: attempt a SysV fallback if SystemD unit file is not found [#2473](https://github.com/chef/inspec/pull/2473) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
 
+#### Merged Pull Requests
+- Sort library files before loading them so load order is predictable [#2475](https://github.com/chef/inspec/pull/2475) ([clintoncwolfe](https://github.com/clintoncwolfe))
 <!-- latest_stable_release -->
+
 ## [v1.50.1](https://github.com/chef/inspec/tree/v1.50.1) (2018-01-17)
 
 #### Enhancements
@@ -43,7 +58,6 @@
 - Bump Omnibus Ruby (and Travis Rubies) to 2.4.3 [#2452](https://github.com/chef/inspec/pull/2452) ([adamleff](https://github.com/adamleff))
 - Bump minor version [#2465](https://github.com/chef/inspec/pull/2465) ([adamleff](https://github.com/adamleff))
 - Bump version manually to trigger Habitat build [#2466](https://github.com/chef/inspec/pull/2466) ([adamleff](https://github.com/adamleff))
-<!-- latest_stable_release -->
 
 ## [v1.49.2](https://github.com/chef/inspec/tree/v1.49.2) (2018-01-04)
 

data/README.md

@@ -381,7 +381,7 @@ In addition, these test require Docker to be available on your machine or a remo
 List the various test instances available:
 
 ```bash
-bundle exec kitchen list`
+bundle exec kitchen list
 ```
 
 The platforms and test suites are configured in the `.kitchen.yml` file. Once you know which instance you wish to test, test that instance:

data/docs/glossary.md

@@ -0,0 +1,99 @@
+# InSpec Glossary
+
+## Basic Syntax
+```
+describe foo('/path/to/foo.txt') do
+    its('blah') { should cmp '123' }
+    it { should exist }
+    it { should be_reasonable }
+    it { should_not be_ridiculous }
+end
+```
+## Basic Elements:
+
+### describe **foo**, where
+
+  * `foo` is the _resource_
+
+### describe foo **('/path/to/foo.txt')**, where
+
+  * `'/path/to/foo.txt'` is the _resource parameter_
+
+## Tests:
+
+### **its('blah') { should cmp '123' }** is an _individual test_, where
+
+  * `blah` is a _property_
+  * { should cmp '123' } is a _condition statement_
+  * `should`  is the _condition_
+  * `cmp`  is the _matcher_
+  * `'123'`  is the _expected result_
+
+### **{ should exist }** is a _condition statement_, where
+
+  * `should`  is the _condition_
+  * `exist`  is the _matcher_
+
+### **{ should be\_reasonable }** is a _condition statement_, where
+    
+  * `should`  is the _condition_
+  * `be_reasonable`  is the _matcher_
+
+### **{ should\_not be\_ridiculous }** is a _negative condition statement_, where
+
+  * `should_not`  is the _negative condition_
+  * `be_ridiculous`  is the _matcher_
+
+## Advanced Syntax
+
+```
+describe foos('/path/to/foo.txt', ssl_verify: true).where { names == 'blah' } do
+    its('jared') { should cmp >= 123 }
+    its('jared.sort.first.monkey') { should be `loud` }
+    its(['jared', 'monkey.with.dots']) { should be `loud` }
+end
+```
+
+## Advanced Elements:
+
+### describe **foos**, where
+
+  * `foos` is a _plural resource_
+
+### describe foos **('/path/to/foo.txt', ssl_verify: true)**, where
+
+  * `'/path/to/foo.txt'` and `ssl_verify: true` are the _resource parameters_. Resources take one or more parameters.
+
+## Filters:
+
+### describe foos ('/path/to/foo.txt', ssl_verify: true)**.where { names == 'blah' }** 
+
+  * `.where  { names == 'blah' }` is an example of a **filter**. 
+  * `{ names == 'blah' }` is an example of a _filter clause_ 
+  * Some resources support one or more filters.
+  * Filters are used on plural resources. 
+  * Some resources, such as `etc_hosts` are explicitly plural, while others, such as `passwd` are implicitly plural. 
+
+### **{ names == 'my-name' && spots == true }** are filter criteria
+
+  * `names` compares output to `blah`
+  * `has spots` evaluates to `true` or `false`
+
+## Properties:
+
+### **its('jared') { should cmp >= 123 }**
+
+  * `jared` is the _property_
+  
+### **{ should cmp >= 123 }** is a conditional statement that uses a matcher with an operator and expected value.
+
+  * `cmp`  is the _matcher_
+  * `>=` is the operator (some matchers accept operators)
+  * `123` is the expected value
+
+## Properties with advanced usage:
+
+### Some properties may have advanced usage:
+#### **its `('jared.sort.first.monkey') { should be `loud` }`**
+
+  * `jared.sort.first.monkey` is an example of the `jared` property with an advanced usage

data/docs/resources/aide_conf.md.erb

@@ -1,5 +1,5 @@
 ---
-title: About the aide_conf Resource
+title: The aide_conf Resource
 ---
 
 # aide_conf
@@ -34,9 +34,13 @@ Use the where clause to match a selection_line to one rule or a particular set o
 
 <br>
 
-## Examples
+## Supported Properties
 
-The following examples show how to use this InSpec audit resource. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+* `conf_path`, `content`, `rules`, `all_have_rule`
+
+## Property Examples
+
+The following examples show how to use this InSpec audit resource. 
 
 ### Test if all selection lines contain the xattr rule
 
@@ -56,16 +60,19 @@ The following examples show how to use this InSpec audit resource. For a full li
       its('rules') { should include ['r', 'sha512'] }
     end
 
+### The usage of all\_have\_rule will return whether or not all selection lines in audit.conf contain a particular rule:
+
+    describe aide_conf.all_have_rule('sha512') do
+      it { should eq true }
+    end
+    
 <br>
 
 ## Matchers
 
-This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). 
+This InSpec audit resource uses the matchers `eq` and `include`. 
 
-### all_have_rule
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 
-The usage of all_have_rule will return whether or not all selection lines in audit.conf contain a particular rule:
 
-    describe aide_conf.all_have_rule('sha512') do
-      it { should eq true }
-    end

data/docs/resources/apache.md.erb

@@ -0,0 +1,66 @@
+---
+title: About the apache Resource
+---
+
+# apache
+
+Use the `apache` InSpec audit resource to test the state of the Apache server on Linux/Unix systems.
+
+<p class="warning">This resource is deprecated and should not be used. It will be removed in InSpec 3.0.</p>
+
+<br>
+
+## Syntax
+
+An `apache` InSpec audit resource block declares settings that should be tested:
+
+    describe apache do
+      its('setting_name') { should cmp 'value' }
+    end
+
+where
+
+* `'setting_name'` is description of the Apache configuration file
+* `{ should cmp 'value' }` is the value that is expected
+
+<br>
+
+## Supported Properties
+
+* 'service', 'conf_dir', 'conf_path', 'user'
+
+<br>
+
+## Property Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test the service name.
+
+    describe apache do
+      its ('service') { should cmp 'apache2' }
+    end
+
+### Test the configuration location
+
+    describe apache do
+      its ('conf_dir') { should cmp '/etc/apache2' }
+    end
+
+### Test the path of the configuration file
+
+    describe apache do
+      its ('conf_path') { should cmp '/etc/apache2/apache2.conf' }
+    end
+
+### Test the apache user
+
+    describe apache do
+      its ('user') { should cmp 'www-data' }
+    end
+
+<br>
+
+## Matchers
+
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/apache_conf.md.erb

@@ -31,13 +31,19 @@ The following examples show how to use this InSpec audit resource.
 ### Test for blocking .htaccess files on CentOS
 
     describe apache_conf do
-      its('AllowOverride') { should eq 'None' }
+      its('AllowOverride') { should cmp 'None' }
     end
 
 ### Test ports for SSL
 
     describe apache_conf do
-      its('Listen') { should eq '443'}
+      its('Listen') { should cmp '443' }
+    end
+
+### Test multiple ports are listening
+
+    describe apache_conf do
+      its('Listen') { should =~ [ '80', '443' ] }
     end
 
 <br>
@@ -51,11 +57,11 @@ This InSpec audit resource matches any service that is listed in the Apache conf
 
 or:
 
-    its('Timeout') { should eq 300 }
+    its('Timeout') { should cmp '300' }
 
 For example:
 
     describe apache_conf do
-      its('MaxClients') { should eq 100 }
-      its('Listen') { should eq '443'}
+      its('MaxClients') { should cmp '100' }
+      its('Listen') { should cmp '443' }
     end

data/docs/resources/apt.md.erb

@@ -54,7 +54,7 @@ The following examples show how to use this InSpec audit resource.
 
 ## Matchers
 
-This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). 
 
 
 ### be_enabled

data/docs/resources/audit_policy.md.erb

@@ -4,7 +4,7 @@ title: About the audit_policy Resource
 
 # audit_policy
 
-Use the `audit_policy` Inspec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each auditing category property that is enabled, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
+Use the `audit_policy` Inspec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
 
 <br>
 

data/docs/resources/auditd_conf.md.erb

@@ -24,7 +24,13 @@ where
 
 <br>
 
-## Examples
+## Supported Properties
+
+This matcher will match any property listed in the `auditd.conf` configuration file. Property names and expected values are case-insensitive:
+
+* `admin_space_left`, `admin_space_left_action`, `action_mail_acct`, `disk_error_action`, `disk_full_action`, `flush`, `freq`, `log_file`, `log_format`, `max_log_file`, `max_log_file_action`, `num_logs`, `space_left`, `space_left_action`
+
+## Property Examples
 
 The following examples show how to use this InSpec audit resource.
 
@@ -51,15 +57,12 @@ The following examples show how to use this InSpec audit resource.
 
 ## Matchers
 
-This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-
-### keyword
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). 
 
-This matcher will matche any keyword that is listed in the `auditd.conf` configuration file. Option names and values are case-insensitive:
+### `cmp`
 
-    its('log_format') { should cmp 'raw' }
+The `cmp` matcher compares values across types. 
 
-or:
+    its('freq') { should cmp 1 }
 
-    its('max_log_file') { should cmp 6 }
+ For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/bash.md.erb

@@ -14,14 +14,14 @@ A `command` resource block declares a command to be run, one (or more) expected
 
     describe bash('command') do
       it { should exist }
-      its('matcher') { should eq 'output' }
+      its('property') { should eq 'expected value' }
     end
 
 where
 
 * `'command'` must specify a command to be run
-* `'matcher'` is one of `exit_status`, `stderr`, or `stdout`
-* `'output'` tests the output of the command run on the system versus the output value stated in the test
+* `'property'` is one of `exit_status`, `stderr`, or `stdout`
+* `'expected value'` tests the output of the command run on the system versus the expected output stated in the test
 
 For example:
 
@@ -33,30 +33,42 @@ For example:
 
 <br>
 
-## Matchers
-
-This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+## Supported Properties
 
-### exist
+* `exit_status`, `stderr`, `stdout`
 
-The `exist` matcher tests if a command may be run on the system:
+<br>
 
-    it { should exist }
+## Property Examples
 
 ### exit_status
 
-The `exit_status` matcher tests the exit status for the command:
+The `exit_status` property tests the exit status for the command:
 
     its('exit_status') { should eq 0 }
 
 ### stderr
 
-The `stderr` matcher tests results of the command as returned in standard error (stderr):
+The `stderr` property tests results of the command as returned in standard error (stderr):
 
     its('stderr') { should eq '' }
 
 ### stdout
 
-The `stdout` matcher tests results of the command as returned in standard output (stdout).
+The `stdout` property tests results of the command as returned in standard output (stdout).
 
     its('stdout') { should match /bin/ }
+
+<br>
+
+## Matchers
+
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exist
+
+If an absolute path is provided, the `exist` matcher tests if the command exists on the filesystem at the specified location. Otherwise, the `exist` matcher tests if the command is found in the PATH.
+
+    it { should exist }
+
+