inspec/lib/resources/xinetd.rb

# encoding: utf-8
# author: Christoph Hartmann
# author: Dominik Richter

require 'utils/parser'
require 'utils/filter'

module Inspec::Resources
  class XinetdConf < Inspec.resource(1)
    name 'xinetd_conf'
    desc 'Xinetd services configuration.'
    example "
      describe xinetd_conf.services('chargen') do
        its('socket_types') { should include 'dgram' }
      end

      describe xinetd_conf.services('chargen').socket_types('dgram') do
        it { should be_disabled }
      end
    "

    include XinetdParser

    def initialize(conf_path = '/etc/xinetd.conf')
      @conf_path = conf_path
      @filters = ''
      @contents = {}
    end

    def to_s
      "Xinetd config #{@conf_path}#{@filters}"
    end

    def params
      @params ||= read_params
    end

    extend Inspec::Filter
    add_filter 'service'
    add_filter 'id'
    add_filter 'socket_type'
    add_filter 'type'
    add_filter 'wait'

    def disabled?
      where({ 'disable' => 'no' }).services.empty?
    end

    def enabled?
      where({ 'disable' => 'yes' }).services.empty?
    end

    def where(conditions = {})
      fields, filters = Inspec::Filter.where(service_lines, conditions)
      res = clone
      res.instance_variable_set(:@filters, @filters + filters)
      res.instance_variable_set(:@services, fields)
      res
    end

    private

    def read_content(path = @conf_path)
      return @contents[path] if @contents.key?(path)
      file = inspec.file(path)
      if !file.file?
        return skip_resource "Can't find file \"#{path}\""
      end

      @contents[path] = file.content
      if @contents[path].empty? && file.size > 0
        return skip_resource "Can't read file \"#{path}\""
      end

      @contents[path]
    end

    def read_params
      return {} if read_content.nil?
      flat_params = parse_xinetd(read_content)
      params = { 'services' => {} }

      # parse services that were defined:
      flat_params.each do |k, v|
        name = k[/^service (.+)$/, 1]
        if name.nil?
          params[k] = v
        else
          params['services'][name] = v
          # add the service identifier to its parameters
          v.each { |service| service.params['service'] = name }
        end
      end
      params
    end

    def service_lines
      @services ||= params['services'].values.flatten.map(&:params)
    end

    def get_fields(*fields)
      res = service_lines.map do |line|
        fields.map { |f| line[f] }
      end.flatten
      return res unless fields == ['service']
      res.uniq
    end
  end
end
add xinetd_conf resource 2016-02-26 12:19:16 +00:00			`# encoding: utf-8`
			`# author: Christoph Hartmann`
			`# author: Dominik Richter`

			`require 'utils/parser'`
use Inspec::Filter in xinetd resource 2016-03-12 17:20:58 +00:00			`require 'utils/filter'`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`module Inspec::Resources`
use Inspec::Filter in xinetd resource 2016-03-12 17:20:58 +00:00			`class XinetdConf < Inspec.resource(1)`
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`name 'xinetd_conf'`
			`desc 'Xinetd services configuration.'`
			`example "`
			`describe xinetd_conf.services('chargen') do`
			`its('socket_types') { should include 'dgram' }`
			`end`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`describe xinetd_conf.services('chargen').socket_types('dgram') do`
			`it { should be_disabled }`
			`end`
			`"`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`include XinetdParser`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00
use Inspec::Filter in xinetd resource 2016-03-12 17:20:58 +00:00			`def initialize(conf_path = '/etc/xinetd.conf')`
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`@conf_path = conf_path`
use Inspec::Filter in xinetd resource 2016-03-12 17:20:58 +00:00			`@filters = ''`
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`@contents = {}`
			`end`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`def to_s`
use Inspec::Filter in xinetd resource 2016-03-12 17:20:58 +00:00			`"Xinetd config #{@conf_path}#{@filters}"`
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`end`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00
use Inspec::Filter in xinetd resource 2016-03-12 17:20:58 +00:00			`def params`
			`@params \|\|= read_params`
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`end`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00
use Inspec::Filter in xinetd resource 2016-03-12 17:20:58 +00:00			`extend Inspec::Filter`
			`add_filter 'service'`
			`add_filter 'id'`
			`add_filter 'socket_type'`
			`add_filter 'type'`
			`add_filter 'wait'`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`def disabled?`
use Inspec::Filter in xinetd resource 2016-03-12 17:20:58 +00:00			`where({ 'disable' => 'no' }).services.empty?`
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`end`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`def enabled?`
use Inspec::Filter in xinetd resource 2016-03-12 17:20:58 +00:00			`where({ 'disable' => 'yes' }).services.empty?`
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`end`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00
use Inspec::Filter in xinetd resource 2016-03-12 17:20:58 +00:00			`def where(conditions = {})`
			`fields, filters = Inspec::Filter.where(service_lines, conditions)`
			`res = clone`
			`res.instance_variable_set(:@filters, @filters + filters)`
			`res.instance_variable_set(:@services, fields)`
			`res`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00			`end`

Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`private`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`def read_content(path = @conf_path)`
			`return @contents[path] if @contents.key?(path)`
			`file = inspec.file(path)`
			`if !file.file?`
			`return skip_resource "Can't find file \"#{path}\""`
			`end`

			`@contents[path] = file.content`
			`if @contents[path].empty? && file.size > 0`
			`return skip_resource "Can't read file \"#{path}\""`
			`end`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`@contents[path]`
			`end`
use Inspec::Filter in xinetd resource 2016-03-12 17:20:58 +00:00
			`def read_params`
			`return {} if read_content.nil?`
			`flat_params = parse_xinetd(read_content)`
			`params = { 'services' => {} }`

			`# parse services that were defined:`
			`flat_params.each do \|k, v\|`
			`name = k[/^service (.+)$/, 1]`
			`if name.nil?`
			`params[k] = v`
			`else`
			`params['services'][name] = v`
			`# add the service identifier to its parameters`
			`v.each { \|service\| service.params['service'] = name }`
			`end`
			`end`
			`params`
			`end`

			`def service_lines`
			`@services \|\|= params['services'].values.flatten.map(&:params)`
			`end`

			`def get_fields(*fields)`
			`res = service_lines.map do \|line\|`
			`fields.map { \|f\| line[f] }`
			`end.flatten`
			`return res unless fields == ['service']`
			`res.uniq`
			`end`
add xinetd_conf resource 2016-02-26 12:19:16 +00:00			`end`
			`end`