sensu-plugins-inspec 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +12 -0
- data/LICENSE +22 -0
- data/README.md +104 -0
- data/bin/check-inspec.rb +118 -0
- data/lib/sensu-plugins-inspec.rb +3 -0
- data/lib/sensu-plugins-inspec/version.rb +11 -0
- metadata +206 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 72e471a2043334f0347c3030d52e0155c5873cf89528fb326e57c28c071bef06
|
4
|
+
data.tar.gz: 5f786896a414c75958da02c7cb743d7734496b3c8020c8182d713d263c0ac250
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 86fb63e67946dff247d229d6459a15f6271ba9b602eb343d707aadfbbe2e7a6855536f7199a53416dad2dd4480172a9085834f2d8d7e00e1d792bdf72ec1d262
|
7
|
+
data.tar.gz: 9bef4c2dab0f8d1163781acf548d4f82ed7e8891809224bac335a0c7dd38c2e0b5d7d38c12177668a2e8a7e6d9baeafb3936e830e744c21152655164e85453c6
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
#Change Log
|
2
|
+
This project adheres to [Semantic Versioning](http://semver.org/).
|
3
|
+
|
4
|
+
This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins/community/blob/master/HOW_WE_CHANGELO
|
5
|
+
G.md)
|
6
|
+
|
7
|
+
## [Unreleased]
|
8
|
+
|
9
|
+
## [0.1.0] - 2020-06-20
|
10
|
+
* Initial release
|
11
|
+
|
12
|
+
[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-inspec/compare/0.1.0...HEAD
|
data/LICENSE
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2019 Sensu Inc
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,104 @@
|
|
1
|
+
## Sensu-Plugins-inspec
|
2
|
+
[![Sensu Bonsai Asset](https://img.shields.io/badge/Bonsai-Download%20Me-brightgreen.svg?colorB=89C967&logo=sensu)](https://bonsai.sensu.io/assets/sensu-plugins/sensu-plugins-disk-checks)
|
3
|
+
[ ![Build Status](https://travis-ci.org/sensu-plugins/sensu-plugins-inspec.svg?branch=master)](https://travis-ci.org/sensu-plugins/sensu-plugins-inspec)
|
4
|
+
[ ![Gem Version](https://badge.fury.io/rb/sensu-plugins-inspec.svg)](http://badge.fury.io/rb/sensu-plugins-inspec)
|
5
|
+
|
6
|
+
## Sensu Inspec Check Plugin
|
7
|
+
- [Overview](#overview)
|
8
|
+
- [Usage examples](#usage-examples)
|
9
|
+
- [Configuration](#configuration)
|
10
|
+
- [Sensu Go](#sensu-go)
|
11
|
+
- [Asset definition](#asset-definition)
|
12
|
+
- [Check definition](#check-definition)
|
13
|
+
- [Sensu Core](#sensu-core)
|
14
|
+
- [Check definition](#check-definition)
|
15
|
+
- [Functionality](#functionality)
|
16
|
+
- [Additional information](#additional-information)
|
17
|
+
- [Installation from source and contributing](#installation-from-source-and-contributing)
|
18
|
+
|
19
|
+
|
20
|
+
|
21
|
+
### Overview
|
22
|
+
|
23
|
+
This check executes [InSpec][1] profiles and generates a Sensu event for each non-passing control.
|
24
|
+
|
25
|
+
#### Files
|
26
|
+
* bin/check-inspec.rb
|
27
|
+
|
28
|
+
### Usage
|
29
|
+
|
30
|
+
#### Help
|
31
|
+
|
32
|
+
**check-inspec.rb**
|
33
|
+
|
34
|
+
```
|
35
|
+
Usage: check-inspec.rb (options)
|
36
|
+
-l, --handler HANDLER
|
37
|
+
-d, --tests-dir /tmp/dir
|
38
|
+
|
39
|
+
```
|
40
|
+
|
41
|
+
|
42
|
+
#### Examples
|
43
|
+
Run a local profile and set Sensu event handler to example_handler:
|
44
|
+
|
45
|
+
`check-inspec.rb -d /tmp/my_inspec_profile -l example_handler`
|
46
|
+
|
47
|
+
Run a remote profile and set Sensu event handler to example_handler:
|
48
|
+
|
49
|
+
`check-inspec.rb -d https://my-inspec-profile.s3.amazonaws.com/example-profile.tar.gz -l example_handler`
|
50
|
+
|
51
|
+
### Configuration
|
52
|
+
#### Sensu Go
|
53
|
+
##### Asset Registration
|
54
|
+
Assets are the best way to make use of this plugin. If you're not using an asset, please consider doing so! If you're using sensuctl 5.13 or later, you can use the following command to add the asset:
|
55
|
+
|
56
|
+
`sensuctl asset add sensu-plugins/sensu-plugins-inspec`
|
57
|
+
|
58
|
+
If you're using an earlier version of sensuctl, you can download the asset definition from [this project's Bonsai Asset Index page](https://bonsai.sensu.io/assets/sensu-plugins/sensu-plugins-disk-checks).
|
59
|
+
|
60
|
+
##### Check definition example
|
61
|
+
```yaml
|
62
|
+
---
|
63
|
+
type: CheckConfig
|
64
|
+
spec:
|
65
|
+
command: "check-inspec.rb -d /tmp/my_inspec_profile -l example_handler"
|
66
|
+
handlers: []
|
67
|
+
high_flap_threshold: 0
|
68
|
+
interval: 10
|
69
|
+
low_flap_threshold: 0
|
70
|
+
publish: true
|
71
|
+
runtime_assets:
|
72
|
+
- sensu-plugins/sensu-plugins-disk-checks
|
73
|
+
- sensu/sensu-ruby-runtime
|
74
|
+
subscriptions:
|
75
|
+
- linux
|
76
|
+
```
|
77
|
+
|
78
|
+
#### Sensu Core
|
79
|
+
##### Check definition
|
80
|
+
```json
|
81
|
+
{
|
82
|
+
"checks": {
|
83
|
+
"check-inspec": {
|
84
|
+
"command": "check-inspec.rb -d /tmp/my_inspec_profile -l example_handler",
|
85
|
+
"subscribers": ["linux"],
|
86
|
+
"interval": 10,
|
87
|
+
"refresh": 10
|
88
|
+
}
|
89
|
+
}
|
90
|
+
}
|
91
|
+
|
92
|
+
```
|
93
|
+
|
94
|
+
### Functionality
|
95
|
+
**check-inspec**
|
96
|
+
|
97
|
+
Run inspec controls and generate a new Sensu event for each failed inspect test.
|
98
|
+
This check will return critical if any inspec tests fail.
|
99
|
+
|
100
|
+
The `-l` option sets the handler to use in the generated Sensu events. Defaults to the `default` handler.
|
101
|
+
The `-d` option sets the directory containing tests to run.
|
102
|
+
|
103
|
+
|
104
|
+
[1]: https://inspec.io
|
data/bin/check-inspec.rb
ADDED
@@ -0,0 +1,118 @@
|
|
1
|
+
#! /usr/bin/env ruby
|
2
|
+
# frozen_string_literal: false
|
3
|
+
|
4
|
+
#
|
5
|
+
# check-inspec
|
6
|
+
#
|
7
|
+
# DESCRIPTION:
|
8
|
+
# Runs inspec controls against your servers.
|
9
|
+
# Fails with a critical if controls are failing.
|
10
|
+
#
|
11
|
+
# OUTPUT:
|
12
|
+
# plain text
|
13
|
+
#
|
14
|
+
# PLATFORMS:
|
15
|
+
# Linux
|
16
|
+
#
|
17
|
+
# DEPENDENCIES:
|
18
|
+
# gem: sensu-plugin
|
19
|
+
# gem: inspec
|
20
|
+
#
|
21
|
+
# USAGE:
|
22
|
+
# Run entire suite of testd
|
23
|
+
# check-inspec -d /etc/my_tests_dir
|
24
|
+
#
|
25
|
+
# Run only one set of tests
|
26
|
+
# check-inspec -d /etc/my_tests_dir -t spec/test_one
|
27
|
+
#
|
28
|
+
# NOTES:
|
29
|
+
# Does it behave differently on specific platforms, specific use cases, etc
|
30
|
+
#
|
31
|
+
# LICENSE:
|
32
|
+
# Copyright 2019 Sensu, Inc. and contributors. <support@sensu.io>
|
33
|
+
# Released under the same terms as Sensu (the MIT license); see LICENSE
|
34
|
+
# for details.
|
35
|
+
#
|
36
|
+
|
37
|
+
require 'json'
|
38
|
+
require 'socket'
|
39
|
+
require 'inspec'
|
40
|
+
require 'sensu-plugin/check/cli'
|
41
|
+
require 'pry'
|
42
|
+
|
43
|
+
class CheckInspec < Sensu::Plugin::Check::CLI
|
44
|
+
option :tests_dir,
|
45
|
+
short: '-d /tmp/dir',
|
46
|
+
long: '--tests-dir /tmp/dir',
|
47
|
+
required: true
|
48
|
+
|
49
|
+
# option :spec_tests,
|
50
|
+
# short: '-t spec/test',
|
51
|
+
# long: '--spec-tests spec/test',
|
52
|
+
# default: nil
|
53
|
+
|
54
|
+
option :handler,
|
55
|
+
short: '-l HANDLER',
|
56
|
+
long: '--handler HANDLER',
|
57
|
+
default: 'default'
|
58
|
+
|
59
|
+
def sensu_client_socket(msg)
|
60
|
+
u = UDPSocket.new
|
61
|
+
u.send(msg + "\n", 0, '127.0.0.1', 3030)
|
62
|
+
end
|
63
|
+
|
64
|
+
def send_ok(check_name, msg)
|
65
|
+
d = { 'name' => check_name, 'status' => 0, 'output' => 'OK: ' + msg, 'handlers' => [config[:handler]] }
|
66
|
+
sensu_client_socket d.to_json
|
67
|
+
end
|
68
|
+
|
69
|
+
def send_warning(check_name, msg)
|
70
|
+
d = { 'name' => check_name, 'status' => 1, 'output' => 'WARNING: ' + msg, 'handlers' => [config[:handler]] }
|
71
|
+
sensu_client_socket d.to_json
|
72
|
+
end
|
73
|
+
|
74
|
+
def send_critical(check_name, msg)
|
75
|
+
puts "sent critical for #{check_name}"
|
76
|
+
d = { 'name' => check_name, 'status' => 2, 'output' => 'CRITICAL: ' + msg, 'handlers' => [config[:handler]] }
|
77
|
+
sensu_client_socket d.to_json
|
78
|
+
end
|
79
|
+
|
80
|
+
def opts
|
81
|
+
{
|
82
|
+
logger: Logger.new(nil)
|
83
|
+
}
|
84
|
+
end
|
85
|
+
|
86
|
+
def control_check_name(control)
|
87
|
+
file_path = control[:source_location][:ref].gsub('/', '__')
|
88
|
+
"#{file_path}_line#{control[:source_location][:line]}"
|
89
|
+
end
|
90
|
+
|
91
|
+
def run
|
92
|
+
runner = ::Inspec::Runner.new(opts)
|
93
|
+
runner.add_target(config[:tests_dir])
|
94
|
+
exit_code = runner.run
|
95
|
+
runner.report[:profiles].each do |profile|
|
96
|
+
profile[:controls].each do |control|
|
97
|
+
control[:results].each do |result|
|
98
|
+
check_name = control_check_name(control)
|
99
|
+
send_critical(check_name, result[:code_desc]) unless %w[passed].include?(result[:status])
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
# 101 is a success as well (exit with no fails but has skipped controls)
|
104
|
+
exit_with(:ok, 'applicable controls passed') if [0, 101].include?(exit_code)
|
105
|
+
exit_with(:critical, 'exit code no bueno')
|
106
|
+
end
|
107
|
+
|
108
|
+
def exit_with(sym, message)
|
109
|
+
case sym
|
110
|
+
when :ok
|
111
|
+
ok message
|
112
|
+
when :critical
|
113
|
+
critical message
|
114
|
+
else
|
115
|
+
unknown message
|
116
|
+
end
|
117
|
+
end
|
118
|
+
end
|
metadata
ADDED
@@ -0,0 +1,206 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: sensu-plugins-inspec
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Sensu-Plugins and contributors
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2020-07-02 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: inspec
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.47'
|
20
|
+
- - "<"
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: '5.0'
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - ">="
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '1.47'
|
30
|
+
- - "<"
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: '5.0'
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: sensu-plugin
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - "~>"
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '4.0'
|
40
|
+
type: :runtime
|
41
|
+
prerelease: false
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - "~>"
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '4.0'
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: bundler
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
50
|
+
requirements:
|
51
|
+
- - "~>"
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '2.1'
|
54
|
+
type: :development
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - "~>"
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '2.1'
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: github-markup
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - "~>"
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: '3.0'
|
68
|
+
type: :development
|
69
|
+
prerelease: false
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - "~>"
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '3.0'
|
75
|
+
- !ruby/object:Gem::Dependency
|
76
|
+
name: pry
|
77
|
+
requirement: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - "~>"
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '0.10'
|
82
|
+
type: :development
|
83
|
+
prerelease: false
|
84
|
+
version_requirements: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - "~>"
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: '0.10'
|
89
|
+
- !ruby/object:Gem::Dependency
|
90
|
+
name: rake
|
91
|
+
requirement: !ruby/object:Gem::Requirement
|
92
|
+
requirements:
|
93
|
+
- - "~>"
|
94
|
+
- !ruby/object:Gem::Version
|
95
|
+
version: '13.0'
|
96
|
+
type: :development
|
97
|
+
prerelease: false
|
98
|
+
version_requirements: !ruby/object:Gem::Requirement
|
99
|
+
requirements:
|
100
|
+
- - "~>"
|
101
|
+
- !ruby/object:Gem::Version
|
102
|
+
version: '13.0'
|
103
|
+
- !ruby/object:Gem::Dependency
|
104
|
+
name: redcarpet
|
105
|
+
requirement: !ruby/object:Gem::Requirement
|
106
|
+
requirements:
|
107
|
+
- - "~>"
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: '3.2'
|
110
|
+
type: :development
|
111
|
+
prerelease: false
|
112
|
+
version_requirements: !ruby/object:Gem::Requirement
|
113
|
+
requirements:
|
114
|
+
- - "~>"
|
115
|
+
- !ruby/object:Gem::Version
|
116
|
+
version: '3.2'
|
117
|
+
- !ruby/object:Gem::Dependency
|
118
|
+
name: rspec
|
119
|
+
requirement: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - "~>"
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: '3.1'
|
124
|
+
type: :development
|
125
|
+
prerelease: false
|
126
|
+
version_requirements: !ruby/object:Gem::Requirement
|
127
|
+
requirements:
|
128
|
+
- - "~>"
|
129
|
+
- !ruby/object:Gem::Version
|
130
|
+
version: '3.1'
|
131
|
+
- !ruby/object:Gem::Dependency
|
132
|
+
name: rubocop
|
133
|
+
requirement: !ruby/object:Gem::Requirement
|
134
|
+
requirements:
|
135
|
+
- - "~>"
|
136
|
+
- !ruby/object:Gem::Version
|
137
|
+
version: 0.81.0
|
138
|
+
type: :development
|
139
|
+
prerelease: false
|
140
|
+
version_requirements: !ruby/object:Gem::Requirement
|
141
|
+
requirements:
|
142
|
+
- - "~>"
|
143
|
+
- !ruby/object:Gem::Version
|
144
|
+
version: 0.81.0
|
145
|
+
- !ruby/object:Gem::Dependency
|
146
|
+
name: yard
|
147
|
+
requirement: !ruby/object:Gem::Requirement
|
148
|
+
requirements:
|
149
|
+
- - ">="
|
150
|
+
- !ruby/object:Gem::Version
|
151
|
+
version: 0.9.11
|
152
|
+
- - "<"
|
153
|
+
- !ruby/object:Gem::Version
|
154
|
+
version: '1.0'
|
155
|
+
type: :development
|
156
|
+
prerelease: false
|
157
|
+
version_requirements: !ruby/object:Gem::Requirement
|
158
|
+
requirements:
|
159
|
+
- - ">="
|
160
|
+
- !ruby/object:Gem::Version
|
161
|
+
version: 0.9.11
|
162
|
+
- - "<"
|
163
|
+
- !ruby/object:Gem::Version
|
164
|
+
version: '1.0'
|
165
|
+
description: Sensu check plugin for executing InSpec controls
|
166
|
+
email: "<sensu-users@googlegroups.com>"
|
167
|
+
executables:
|
168
|
+
- check-inspec.rb
|
169
|
+
extensions: []
|
170
|
+
extra_rdoc_files: []
|
171
|
+
files:
|
172
|
+
- CHANGELOG.md
|
173
|
+
- LICENSE
|
174
|
+
- README.md
|
175
|
+
- bin/check-inspec.rb
|
176
|
+
- lib/sensu-plugins-inspec.rb
|
177
|
+
- lib/sensu-plugins-inspec/version.rb
|
178
|
+
homepage: https://github.com/sensu-plugins/sensu-plugins-inspec
|
179
|
+
licenses:
|
180
|
+
- MIT
|
181
|
+
metadata:
|
182
|
+
maintainer: sensu-plugin
|
183
|
+
development_status: active
|
184
|
+
production_status: unstable - testing recommended
|
185
|
+
release_draft: 'false'
|
186
|
+
release_prerelease: 'false'
|
187
|
+
post_install_message:
|
188
|
+
rdoc_options: []
|
189
|
+
require_paths:
|
190
|
+
- lib
|
191
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
192
|
+
requirements:
|
193
|
+
- - ">="
|
194
|
+
- !ruby/object:Gem::Version
|
195
|
+
version: '2.3'
|
196
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
197
|
+
requirements:
|
198
|
+
- - ">="
|
199
|
+
- !ruby/object:Gem::Version
|
200
|
+
version: '0'
|
201
|
+
requirements: []
|
202
|
+
rubygems_version: 3.0.8
|
203
|
+
signing_key:
|
204
|
+
specification_version: 4
|
205
|
+
summary: Sensu plugin for executing InSpec controls
|
206
|
+
test_files: []
|