2019-06-07 23:33:56 +00:00
|
|
|
|
require "inspec/resources"
|
|
|
|
|
|
2019-05-25 09:59:31 +00:00
|
|
|
|
class MockLoader
|
|
|
|
|
# collects emulation operating systems
|
|
|
|
|
OPERATING_SYSTEMS = {
|
2019-06-11 22:24:35 +00:00
|
|
|
|
alpine: { name: "alpine", family: "alpine", release: "3.6.2", arch: "x86_64" },
|
|
|
|
|
arch: { name: "arch", family: "arch", release: nil, arch: nil },
|
|
|
|
|
centos5: { name: "centos", family: "redhat", release: "5.11", arch: "x86_64" },
|
|
|
|
|
centos6: { name: "centos", family: "redhat", release: "6.6", arch: "x86_64" },
|
|
|
|
|
centos7: { name: "centos", family: "redhat", release: "7.1.1503", arch: "x86_64" },
|
|
|
|
|
cloudlinux: { name: "cloudlinux", family: "redhat", release: "7.4", arch: "x86_64" },
|
|
|
|
|
coreos: { name: "coreos", family: "coreos", release: "1437.0.0", arch: "x86_64" },
|
|
|
|
|
debian6: { name: "debian", family: "debian", release: "6", arch: "x86_64" },
|
|
|
|
|
debian7: { name: "debian", family: "debian", release: "7", arch: "x86_64" },
|
|
|
|
|
debian8: { name: "debian", family: "debian", release: "8", arch: "x86_64" },
|
2019-06-22 17:23:32 +00:00
|
|
|
|
debian10: { name: "debian", family: "debian", release: "buster/sid", arch: "x86_64" },
|
2019-06-11 22:24:35 +00:00
|
|
|
|
freebsd9: { name: "freebsd", family: "freebsd", release: "9", arch: "amd64" },
|
|
|
|
|
freebsd10: { name: "freebsd", family: "freebsd", release: "10", arch: "amd64" },
|
|
|
|
|
osx104: { name: "mac_os_x", family: "darwin", release: "10.10.4", arch: nil },
|
|
|
|
|
ubuntu1204: { name: "ubuntu", family: "debian", release: "12.04", arch: "x86_64" },
|
|
|
|
|
ubuntu1404: { name: "ubuntu", family: "debian", release: "14.04", arch: "x86_64" },
|
|
|
|
|
ubuntu1504: { name: "ubuntu", family: "debian", release: "15.04", arch: "x86_64" },
|
|
|
|
|
ubuntu1604: { name: "ubuntu", family: "debian", release: "16.04", arch: "x86_64" },
|
|
|
|
|
mint17: { name: "linuxmint", family: "debian", release: "17.3", arch: "x86_64" },
|
|
|
|
|
mint18: { name: "linuxmint", family: "debian", release: "18", arch: "x86_64" },
|
|
|
|
|
windows: { name: "windows", family: "windows", release: "6.2.9200", arch: "x86_64" },
|
|
|
|
|
wrlinux: { name: "wrlinux", family: "redhat", release: "7.0(3)I2(2)", arch: "x86_64" },
|
|
|
|
|
solaris11: { name: "solaris", family: "solaris", release: "11", arch: "i386" },
|
|
|
|
|
solaris10: { name: "solaris", family: "solaris", release: "10", arch: "i386" },
|
|
|
|
|
hpux: { name: "hpux", family: "hpux", release: "B.11.31", arch: "ia64" },
|
|
|
|
|
aix: { name: "aix", family: "aix", release: "7.2", arch: "powerpc" },
|
|
|
|
|
amazon: { name: "amazon", family: "redhat", release: "2015.03", arch: "x86_64" },
|
|
|
|
|
amazon2: { name: "amazon", family: "redhat", release: "2", arch: "x86_64" },
|
|
|
|
|
undefined: { name: nil, family: nil, release: nil, arch: nil },
|
|
|
|
|
}.freeze
|
2019-05-25 09:59:31 +00:00
|
|
|
|
|
|
|
|
|
# pass the os identifier to emulate a specific operating system
|
2019-05-18 21:59:10 +00:00
|
|
|
|
def initialize(os = :ubuntu1404)
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# selects operating system
|
2019-05-18 21:59:10 +00:00
|
|
|
|
@platform = OPERATING_SYSTEMS[os]
|
2019-05-25 09:59:31 +00:00
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def backend
|
|
|
|
|
return @backend if defined?(@backend)
|
|
|
|
|
|
|
|
|
|
scriptpath = ::File.expand_path "../..", __FILE__
|
|
|
|
|
|
|
|
|
|
# create mock backend
|
|
|
|
|
@backend = Inspec::Backend.create(Inspec::Config.mock)
|
|
|
|
|
mock = @backend.backend
|
|
|
|
|
|
|
|
|
|
# create all mock files
|
2019-06-11 22:24:35 +00:00
|
|
|
|
local = Train.create("local", command_runner: :generic).connection
|
2019-05-25 09:59:31 +00:00
|
|
|
|
|
|
|
|
|
# set os emulation
|
|
|
|
|
mock.mock_os(@platform)
|
|
|
|
|
|
|
|
|
|
mockfile = lambda { |x|
|
2019-06-11 22:24:35 +00:00
|
|
|
|
path = ::File.join(scriptpath, "/unit/mock/files", x)
|
2019-05-25 09:59:31 +00:00
|
|
|
|
local.file(path)
|
|
|
|
|
}
|
2019-05-18 21:59:10 +00:00
|
|
|
|
|
2019-05-25 09:59:31 +00:00
|
|
|
|
mockdir = lambda { |x|
|
|
|
|
|
md = Object.new
|
|
|
|
|
|
|
|
|
|
class << md
|
|
|
|
|
attr_accessor :isdir
|
|
|
|
|
end
|
|
|
|
|
md.isdir = x
|
|
|
|
|
|
|
|
|
|
def md.directory?
|
|
|
|
|
isdir
|
|
|
|
|
end
|
|
|
|
|
md
|
|
|
|
|
}
|
2019-05-18 21:59:10 +00:00
|
|
|
|
|
2019-05-25 09:59:31 +00:00
|
|
|
|
emptyfile = lambda {
|
2019-06-11 22:24:35 +00:00
|
|
|
|
mockfile.call("emptyfile")
|
2019-05-25 09:59:31 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mock.files = {
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"/proc/net/bonding/bond0" => mockfile.call("bond0"),
|
|
|
|
|
"/etc/ssh/ssh_config" => mockfile.call("ssh_config"),
|
|
|
|
|
"/etc/ssh/sshd_config" => mockfile.call("sshd_config"),
|
|
|
|
|
"/etc/ssh/sshd_config_does_not_exist" => mockfile.call("sshd_config_does_not_exist"),
|
|
|
|
|
"/etc/ssh/sshd_config_empty" => emptyfile.call,
|
|
|
|
|
"/etc/passwd" => mockfile.call("passwd"),
|
|
|
|
|
"/etc/shadow" => mockfile.call("shadow"),
|
|
|
|
|
"/etc/ntp.conf" => mockfile.call("ntp.conf"),
|
|
|
|
|
"/etc/login.defs" => mockfile.call("login.defs"),
|
|
|
|
|
"/etc/security/limits.conf" => mockfile.call("limits.conf"),
|
|
|
|
|
"/etc/inetd.conf" => mockfile.call("inetd.conf"),
|
|
|
|
|
"/etc/group" => mockfile.call("etcgroup"),
|
|
|
|
|
"/etc/grub.conf" => mockfile.call("grub.conf"),
|
|
|
|
|
"/boot/grub2/grub.cfg" => mockfile.call("grub2.cfg"),
|
|
|
|
|
"/boot/grub2/grubenv" => mockfile.call("grubenv"),
|
|
|
|
|
"/boot/grub2/grubenv_invalid" => mockfile.call("grubenv_invalid"),
|
|
|
|
|
"/etc/default/grub" => mockfile.call("grub_defaults"),
|
|
|
|
|
"/etc/default/grub_with_saved" => mockfile.call("grub_defaults_with_saved"),
|
|
|
|
|
"/etc/audit/auditd.conf" => mockfile.call("auditd.conf"),
|
|
|
|
|
"/etc/mysql/my.cnf" => mockfile.call("mysql.conf"),
|
|
|
|
|
"/etc/mysql/mysql2.conf" => mockfile.call("mysql2.conf"),
|
|
|
|
|
"/etc/rabbitmq/rabbitmq.config" => mockfile.call("rabbitmq.config"),
|
|
|
|
|
"kitchen.yml" => mockfile.call("kitchen.yml"),
|
|
|
|
|
"example.csv" => mockfile.call("example.csv"),
|
|
|
|
|
"policyfile.lock.json" => mockfile.call("policyfile.lock.json"),
|
|
|
|
|
"nonexistent.json" => mockfile.call("nonexistent.json"),
|
|
|
|
|
"/sys/class/net/br0/bridge" => mockdir.call(true),
|
|
|
|
|
"rootwrap.conf" => mockfile.call("rootwrap.conf"),
|
|
|
|
|
"/etc/apache2/apache2.conf" => mockfile.call("apache2.conf"),
|
|
|
|
|
"/etc/apache2/ports.conf" => mockfile.call("ports.conf"),
|
|
|
|
|
"/etc/httpd/conf/httpd.conf" => mockfile.call("httpd.conf"),
|
|
|
|
|
"/etc/httpd/conf.d/ssl.conf" => mockfile.call("ssl.conf"),
|
|
|
|
|
"/etc/httpd/mods-enabled/status.conf" => mockfile.call("status.conf"),
|
|
|
|
|
"/etc/httpd/conf-enabled/security.conf" => mockfile.call("security.conf"),
|
|
|
|
|
"/etc/apache2/conf-enabled/serve-cgi-bin.conf" => mockfile.call("serve-cgi-bin.conf"),
|
|
|
|
|
"/etc/apache2/conf-enabled/security.conf" => mockfile.call("security.conf"),
|
|
|
|
|
"/etc/nginx/failed.conf" => mockfile.call("nginx_failed.conf"),
|
|
|
|
|
"/etc/nginx/nginx.conf" => mockfile.call("nginx.conf"),
|
|
|
|
|
"/etc/nginx/proxy.conf" => mockfile.call("nginx_proxy.conf"),
|
|
|
|
|
"/etc/nginx/conf/mime.types" => mockfile.call("nginx_mime.types"),
|
2019-06-18 05:39:37 +00:00
|
|
|
|
"/etc/nginx/conf.d/comments_only.conf" => mockfile.call("nginx_confd_comments_only.conf"),
|
|
|
|
|
"/etc/nginx/conf.d/empty.conf" => mockfile.call("nginx_confd_empty.conf"),
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"/etc/nginx/conf.d/foobar.conf" => mockfile.call("nginx_confd_foobar.conf"),
|
|
|
|
|
"/etc/nginx/conf.d/multiple.conf" => mockfile.call("nginx_confd_multiple.conf"),
|
|
|
|
|
"/etc/nginx/quotes.d/example.conf" => mockfile.call("nginx_quotesd_example.conf"),
|
|
|
|
|
"/etc/xinetd.conf" => mockfile.call("xinetd.conf"),
|
|
|
|
|
"/etc/xinetd.d" => mockfile.call("xinetd.d"),
|
|
|
|
|
"/etc/xinetd.d/chargen-stream" => mockfile.call("xinetd.d_chargen-stream"),
|
|
|
|
|
"/etc/xinetd.d/chargen-dgram" => mockfile.call("xinetd.d_chargen-dgram"),
|
|
|
|
|
"/etc/xinetd.d/echo" => mockfile.call("xinetd.d_echo"),
|
|
|
|
|
"/etc/sysctl.conf" => mockfile.call("sysctl.conf"),
|
|
|
|
|
"/etc/postgresql/9.4/main/postgresql.conf" => mockfile.call("postgresql.conf"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# Test certificate/key for x509_certificate using RSA keys in PEM format
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"test_certificate.rsa.crt.pem" => mockfile.call("test_certificate.rsa.crt.pem"),
|
|
|
|
|
"test_certificate.rsa.key.pem" => mockfile.call("test_certificate.rsa.key.pem"),
|
|
|
|
|
"test_ca_public.key.pem" => mockfile.call("test_ca_public.key.pem"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# Test DH parameters, 2048 bit long safe prime, generator 2 for dh_params in PEM format
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"dh_params.dh_pem" => mockfile.call("dh_params.dh_pem"),
|
|
|
|
|
"default.toml" => mockfile.call("default.toml"),
|
|
|
|
|
"default.xml" => mockfile.call("default.xml"),
|
|
|
|
|
"database.xml" => mockfile.call("database.xml"),
|
|
|
|
|
"/test/path/to/postgres/pg_hba.conf" => mockfile.call("pg_hba.conf"),
|
|
|
|
|
"/etc/postgresql/9.5/main/pg_ident.conf" => mockfile.call("pg_ident.conf"),
|
|
|
|
|
"C:/etc/postgresql/9.5/main/pg_ident.conf" => mockfile.call("pg_ident.conf"),
|
|
|
|
|
"/etc/postgresql/9.5/main" => mockfile.call("9.5.main"),
|
|
|
|
|
"/var/lib/postgresql/9.5/main" => mockfile.call("var.9.5.main"),
|
|
|
|
|
"/etc/hosts" => mockfile.call("hosts"),
|
|
|
|
|
'C:\windows\system32\drivers\etc\hosts' => mockfile.call("hosts"),
|
|
|
|
|
"/etc/fstab" => mockfile.call("fstab"),
|
|
|
|
|
"fstab_no_home" => mockfile.call("fstab_no_home"),
|
|
|
|
|
"fstab_one_mount" => mockfile.call("fstab_one_mount"),
|
|
|
|
|
"/etc/aide.conf" => mockfile.call("aide.conf"),
|
|
|
|
|
"/var/lib/fake_rpmdb" => mockdir.call(true),
|
|
|
|
|
"/var/lib/rpmdb_does_not_exist" => mockdir.call(false),
|
|
|
|
|
"/etc/init/ssh.conf" => mockfile.call("upstart_ssh_enabled.conf"),
|
|
|
|
|
"/etc/hosts.allow" => mockfile.call("hosts.allow"),
|
|
|
|
|
"/etc/hosts.deny" => mockfile.call("hosts.deny"),
|
|
|
|
|
"/fakepath/fakefile" => emptyfile.call,
|
|
|
|
|
"C:/fakepath/fakefile" => emptyfile.call,
|
|
|
|
|
"/etc/cron.d/crondotd" => mockfile.call("crondotd"),
|
2019-08-08 20:44:07 +00:00
|
|
|
|
"/etc/postfix/main.cf" => mockfile.call("main.cf"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# create all mock commands
|
2019-06-11 22:24:35 +00:00
|
|
|
|
cmd = lambda { |x|
|
|
|
|
|
stdout = ::File.read(::File.join(scriptpath, "/unit/mock/cmd/" + x))
|
|
|
|
|
mock.mock_command("", stdout, "", 0)
|
2019-05-25 09:59:31 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cmd_stderr = lambda { |x = nil|
|
2019-06-11 22:24:35 +00:00
|
|
|
|
stderr = x.nil? ? "" : File.read(File.join(scriptpath, "unit/mock/cmd", x))
|
|
|
|
|
mock.mock_command("", "", stderr, 1)
|
2019-05-25 09:59:31 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
empty = lambda {
|
2019-06-11 22:24:35 +00:00
|
|
|
|
mock.mock_command("", "", "", 0)
|
2019-05-25 09:59:31 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cmd_exit_1 = lambda { |x = nil|
|
2019-06-11 22:24:35 +00:00
|
|
|
|
stderr = x.nil? ? "" : File.read(File.join(scriptpath, "unit/mock/cmd", x))
|
|
|
|
|
mock.mock_command("", "", stderr, 1)
|
2019-05-25 09:59:31 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mock_cmds = {
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"" => empty.call,
|
|
|
|
|
"sh -c 'find /no/such/mock -type f -maxdepth 1'" => empty.call,
|
2019-05-25 09:59:31 +00:00
|
|
|
|
'type "brew"' => empty.call,
|
|
|
|
|
'bash -c \'type "pip"\'' => empty.call,
|
|
|
|
|
'bash -c \'type "/test/path/pip"\'' => empty.call,
|
|
|
|
|
'bash -c \'type "Rscript"\'' => empty.call,
|
|
|
|
|
'bash -c \'type "perl"\'' => empty.call,
|
|
|
|
|
'bash -c \'type "/sbin/auditctl"\'' => empty.call,
|
|
|
|
|
'bash -c \'type "sql"\'' => cmd_exit_1.call,
|
|
|
|
|
'type "pwsh"' => empty.call,
|
|
|
|
|
'type "netstat"' => empty.call,
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"sh -c 'find /etc/apache2/ports.conf -type l -maxdepth 1'" => empty.call,
|
|
|
|
|
"sh -c 'find /etc/httpd/conf.d/*.conf -type l -maxdepth 1'" => empty.call,
|
|
|
|
|
"sh -c 'find /etc/httpd/mods-enabled/*.conf -type l -maxdepth 1'" => empty.call,
|
|
|
|
|
"sh -c 'find /etc/httpd/conf-enabled/*.conf -type f -maxdepth 1'" => empty.call,
|
2019-05-25 09:59:31 +00:00
|
|
|
|
'find /sys/class/net/eth1/ -maxdepth 1 -type f -exec sh -c \'echo "[$(basename {})]"; cat {} || echo -n\' \;' => empty.call,
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"Get-Package -Name 'Not available' | ConvertTo-Json" => empty.call,
|
|
|
|
|
"ps axo pid,pcpu,pmem,vsz,rss,tty,stat,start,time,user,command" => cmd.call("ps-axo"),
|
|
|
|
|
"ps axo label,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,user:32,command" => cmd.call("ps-axoZ"),
|
|
|
|
|
"ps -o pid,vsz,rss,tty,stat,time,ruser,args" => cmd.call("ps-busybox"),
|
|
|
|
|
"env" => cmd.call("env"),
|
|
|
|
|
"${Env:PATH}" => cmd.call("$env-PATH"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# registry key test using winrm 2.0
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"9417f24311a9dcd90f1b1734080a2d4c6516ec8ff2d452a2328f68eb0ed676cf" => cmd.call("reg_schedule"),
|
|
|
|
|
"Auditpol /get /subcategory:'User Account Management' /r" => cmd.call("auditpol"),
|
|
|
|
|
"/sbin/auditctl -l" => cmd.call("auditctl"),
|
|
|
|
|
"/sbin/auditctl -s" => cmd.call("auditctl-s"),
|
|
|
|
|
"yum -v repolist all" => cmd.call("yum-repolist-all"),
|
|
|
|
|
"dpkg -s curl" => cmd.call("dpkg-s-curl"),
|
|
|
|
|
"dpkg -s held-package" => cmd.call("dpkg-s-held-package"),
|
|
|
|
|
"rpm -qi curl" => cmd.call("rpm-qi-curl"),
|
|
|
|
|
"rpm -qi --dbpath /var/lib/fake_rpmdb curl" => cmd.call("rpm-qi-curl"),
|
|
|
|
|
"rpm -qi --dbpath /var/lib/rpmdb_does_not_exist curl" => cmd_exit_1.call,
|
|
|
|
|
"pacman -Qi curl" => cmd.call("pacman-qi-curl"),
|
|
|
|
|
"brew info --json=v1 curl" => cmd.call("brew-info--json-v1-curl"),
|
|
|
|
|
"brew info --json=v1 nginx" => cmd.call("brew-info--json-v1-nginx"),
|
|
|
|
|
"brew info --json=v1 nope" => cmd_exit_1.call,
|
|
|
|
|
"/usr/local/bin/brew info --json=v1 curl" => cmd.call("brew-info--json-v1-curl"),
|
|
|
|
|
"gem list --local -a -q ^not-installed$" => cmd.call("gem-list-local-a-q-not-installed"),
|
|
|
|
|
"gem list --local -a -q ^rubocop$" => cmd.call("gem-list-local-a-q-rubocop"),
|
|
|
|
|
"/opt/ruby-2.3.1/embedded/bin/gem list --local -a -q ^pry$" => cmd.call("gem-list-local-a-q-pry"),
|
|
|
|
|
"/opt/chef/embedded/bin/gem list --local -a -q ^chef-sugar$" => cmd.call("gem-list-local-a-q-chef-sugar"),
|
|
|
|
|
'c:\opscode\chef\embedded\bin\gem.bat list --local -a -q ^json$' => cmd.call("gem-list-local-a-q-json"),
|
|
|
|
|
"/opt/opscode/embedded/bin/gem list --local -a -q ^knife-backup$" => cmd.call("gem-list-local-a-q-knife-backup"),
|
|
|
|
|
"npm -g ls --json bower" => cmd.call("npm-g-ls--json-bower"),
|
|
|
|
|
"cd /path/to/project && npm ls --json bower" => cmd.call("npm-ls--json-bower"),
|
|
|
|
|
"Rscript -e 'packageVersion(\"DBI\")'" => cmd.call("r-print-version"),
|
|
|
|
|
"Rscript -e 'packageVersion(\"DoesNotExist\")'" => cmd.call("r-print-version-not-installed"),
|
|
|
|
|
"perl -le 'eval \"require $ARGV[0]\" and print $ARGV[0]->VERSION or exit 1' DBD::Pg" => cmd.call("perl-print-version"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
"perl -le 'eval \"require $ARGV[0]\" and print $ARGV[0]->VERSION or exit 1' DOES::Not::Exist" => cmd_exit_1.call,
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"pip show jinja2" => cmd.call("pip-show-jinja2"),
|
|
|
|
|
"pip show django" => cmd.call("pip-show-django"),
|
|
|
|
|
"/test/path/pip show django" => cmd.call("pip-show-non-standard-django"),
|
|
|
|
|
"Get-Package -Name 'Mozilla Firefox' | ConvertTo-Json" => cmd.call("get-package-firefox"),
|
|
|
|
|
"Get-Package -Name 'Ruby 2.1.6-p336-x64' | ConvertTo-Json" => cmd.call("get-package-ruby"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
'Get-Command "choco"' => empty.call,
|
|
|
|
|
'bash -c \'type "choco"\'' => cmd_exit_1.call,
|
2019-06-11 22:24:35 +00:00
|
|
|
|
'(choco list --local-only --exact --include-programs --limit-output \'nssm\') -Replace "\|", "=" | ConvertFrom-StringData | ConvertTo-JSON' => cmd.call("choco-list-nssm"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
'(choco list --local-only --exact --include-programs --limit-output \'git\') -Replace "\|", "=" | ConvertFrom-StringData | ConvertTo-JSON' => empty.call,
|
2019-08-07 02:44:02 +00:00
|
|
|
|
"New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Service -Value (Get-Service -Name 'dhcp'| Select-Object -Property Name, DisplayName, Status) -PassThru | Add-Member -MemberType NoteProperty -Name WMI -Value (Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -eq 'dhcp' -or $_.DisplayName -eq 'dhcp'} | Select-Object -Property StartMode, StartName) -PassThru | ConvertTo-Json" => cmd.call("get-service-dhcp"),
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru | Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru | ConvertTo-Json" => cmd.call("get-windows-pip-package"),
|
|
|
|
|
"Get-WindowsFeature | Where-Object {$_.Name -eq 'DHCP' -or $_.DisplayName -eq 'DHCP'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json" => cmd.call("get-windows-feature"),
|
|
|
|
|
"Get-WindowsFeature | Where-Object {$_.Name -eq 'IIS-WebServer' -or $_.DisplayName -eq 'IIS-WebServer'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json" => cmd_exit_1.call("get-windows-feature-iis-webserver"),
|
|
|
|
|
"dism /online /get-featureinfo /featurename:IIS-WebServer" => cmd.call("dism-iis-webserver"),
|
|
|
|
|
"lsmod" => cmd.call("lsmod"),
|
|
|
|
|
"/sbin/sysctl -q -n net.ipv4.conf.all.forwarding" => cmd.call("sbin_sysctl"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# ports on windows
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"Get-NetTCPConnection -state Listen | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json" => cmd.call("get-net-tcpconnection"),
|
|
|
|
|
'netstat -anbo | Select-String -CaseSensitive -pattern "^\s+UDP|\s+LISTENING\s+\d+$" -context 0,1' => cmd.call("netstat-anbo-pipe-select-string-pattern.utf8"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# lsof formatted list of ports (should be quite cross platform)
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"lsof -nP -i -FpctPn" => cmd.call("lsof-nP-i-FpctPn"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# ports on freebsd
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"sockstat -46l" => cmd.call("sockstat"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# ports on aix
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"netstat -Aan | grep LISTEN" => cmd.call("netstat-aan"),
|
|
|
|
|
"rmsock f0000000000000001 tcpcb" => cmd.call("rmsock-f0001"),
|
|
|
|
|
"rmsock f0000000000000002 tcpcb" => cmd.call("rmsock-f0002"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# packages on windows
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"f7718ece69188bb19cd458e2aeab0a8d968f3d40ac2f4199e21cc976f8db5ef6" => cmd.call("get-item-property-package"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# service status upstart on ubuntu
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"initctl status ssh" => cmd.call("initctl-status-ssh"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# upstart version on ubuntu
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"initctl --version" => cmd.call("initctl--version"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# show ssh service Centos 7
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"systemctl show --no-pager --all sshd" => cmd.call("systemctl-show-all-sshd"),
|
|
|
|
|
"systemctl show --no-pager --all apache2" => cmd.call("systemctl-show-all-apache2"),
|
|
|
|
|
"/path/to/systemctl show --no-pager --all sshd" => cmd.call("systemctl-show-all-sshd"),
|
|
|
|
|
"systemctl show --no-pager --all dbus" => cmd.call("systemctl-show-all-dbus"),
|
|
|
|
|
"/path/to/systemctl show --no-pager --all dbus" => cmd.call("systemctl-show-all-dbus"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# services on macos
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"launchctl list" => cmd.call("launchctl-list"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# services on freebsd 10
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"service -e" => cmd.call("service-e"),
|
|
|
|
|
"service sendmail onestatus" => cmd.call("service-sendmail-onestatus"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# services for system 5 e.g. centos6, debian 6
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"service sshd status" => cmd.call("service-sshd-status"),
|
|
|
|
|
'find /etc/rc*.d /etc/init.d/rc*.d -name "S*"' => cmd.call("find-etc-rc-d-name-S"),
|
|
|
|
|
"ls -1 /etc/init.d/" => cmd.call("ls-1-etc-init.d"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# user information for linux
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"id root" => cmd.call("id-root"),
|
|
|
|
|
"getent passwd root" => cmd.call("getent-passwd-root"),
|
|
|
|
|
"chage -l root" => cmd.call("chage-l-root"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# user information for ldap test
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"id jfolmer" => cmd.call("id-jfolmer"),
|
|
|
|
|
"getent passwd jfolmer" => cmd.call("getent-passwd-jfolmer"),
|
|
|
|
|
"chage -l jfolmer" => cmd.call("chage-l-root"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# user info for mac
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"id chartmann" => cmd.call("id-chartmann"),
|
|
|
|
|
"dscl -q . -read /Users/chartmann NFSHomeDirectory PrimaryGroupID RecordName UniqueID UserShell" => cmd.call("dscl"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# user info for freebsd
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"pw usershow root -7" => cmd.call("pw-usershow-root-7"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# user info for windows (winrm 1.6.0, 1.6.1)
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"27c6cda89fa5d196506251c0ed0d20468b378c5689711981dc1e1e683c7b02c1" => cmd.call("adsiusers"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# group info for windows
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"4020573097e910a573e22e8863c4faa434f52910a45714606cad1fb8b060d9e9" => cmd.call("adsigroups"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# group info for Darwin
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"dscacheutil -q group" => cmd.call("dscacheutil-query-group"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# network interface
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"fddd70e8b8510f5fcc0413cfdc41598c55d6922bb2a0a4075e2118633a0bf422" => cmd.call("find-net-interface"),
|
|
|
|
|
"c33821dece09c8b334e03a5bb9daefdf622007f73af4932605e758506584ec3f" => empty.call,
|
|
|
|
|
"/sbin/ip -br -4 address show dev eth0" => cmd.call("interface-addresses-4"),
|
|
|
|
|
"/sbin/ip -br -6 address show dev eth0" => cmd.call("interface-addresses-6"),
|
|
|
|
|
"Get-NetAdapter | Select-Object -Property Name, InterfaceDescription, Status, State, MacAddress, LinkSpeed, ReceiveLinkSpeed, TransmitLinkSpeed, Virtual | ConvertTo-Json" => cmd.call("Get-NetAdapter"),
|
|
|
|
|
"Get-NetIPAddress | Select-Object -Property IPv6Address, IPv4Address, InterfaceAlias, PrefixLength | ConvertTo-Json" => cmd.call("Get-NetIPAddress"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# bridge on linux
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"ls -1 /sys/class/net/br0/brif/" => cmd.call("ls-sys-class-net-br"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# bridge on Windows
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json" => cmd.call("get-netadapter-binding-bridge"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# host for Windows
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"Resolve-DnsName –Type A microsoft.com | ConvertTo-Json" => cmd.call("Resolve-DnsName"),
|
|
|
|
|
"Test-NetConnection -ComputerName microsoft.com -WarningAction SilentlyContinue| Select-Object -Property ComputerName, TcpTestSucceeded, PingSucceeded | ConvertTo-Json" => cmd.call("Test-NetConnection"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# host for Linux
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"getent ahosts example.com" => cmd.call("getent-ahosts-example.com"),
|
|
|
|
|
"ping -w 1 -c 1 example.com" => cmd.call("ping-example.com"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# host for Darwin
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"host -t AAAA example.com" => cmd.call("host-AAAA-example.com"),
|
|
|
|
|
"ping -W 1 -c 1 example.com" => cmd.call("ping-example.com"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# apt
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"find /etc/apt/ -name *.list -exec sh -c 'cat {} || echo -n' \\;" => cmd.call("etc-apt"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# iptables
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"/usr/sbin/iptables -S" => cmd.call("iptables-s"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
%{bash -c 'type "/usr/sbin/iptables"'} => empty.call,
|
2019-06-23 00:35:32 +00:00
|
|
|
|
# ip6tables
|
|
|
|
|
"/usr/sbin/ip6tables -S" => cmd.call("ip6tables-s"),
|
|
|
|
|
%{bash -c 'type "/usr/sbin/ip6tables"'} => empty.call,
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# apache_conf
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"sh -c 'find /etc/apache2/ports.conf -type f -maxdepth 1'" => cmd.call("find-apache2-ports-conf"),
|
|
|
|
|
"sh -c 'find /etc/httpd/conf.d/*.conf -type f -maxdepth 1'" => cmd.call("find-httpd-ssl-conf"),
|
|
|
|
|
"sh -c 'find /etc/httpd/mods-enabled/*.conf -type f -maxdepth 1'" => cmd.call("find-httpd-status-conf"),
|
|
|
|
|
"sh -c 'find /etc/httpd/conf-enabled/*.conf -type l -maxdepth 1'" => cmd.call("find-httpd-conf-enabled-link"),
|
|
|
|
|
"sh -c 'find /etc/apache2/conf-enabled/*.conf -type f -maxdepth 1'" => cmd.call("find-apache2-conf-enabled"),
|
|
|
|
|
"sh -c 'find /etc/apache2/conf-enabled/*.conf -type l -maxdepth 1'" => cmd.call("find-apache2-conf-enabled-link"),
|
|
|
|
|
"sh -c 'find /etc/nginx/nginx.conf'" => cmd.call("find-nginx-conf"),
|
|
|
|
|
"sh -c 'find /etc/nginx/conf/mime.types'" => cmd.call("find-nginx-mime-types"),
|
|
|
|
|
"sh -c 'find /etc/nginx/proxy.conf'" => cmd.call("find-nginx-proxy-conf"),
|
|
|
|
|
"sh -c 'find /etc/nginx/conf.d/*.conf'" => cmd.call("find-nginx-confd-multiple-conf"),
|
|
|
|
|
"sh -c 'find /etc/nginx/quotes.d/*.conf'" => cmd.call("find-nginx-quotesd-example-conf"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# mount
|
|
|
|
|
"mount | grep -- ' on /'" => cmd.call("mount"),
|
|
|
|
|
"mount | grep -- ' on /mnt/iso-disk'" => cmd.call("mount-multiple"),
|
|
|
|
|
"mount | grep -- ' on /mnt/Research & Development'" => cmd.call("mount-whitespaces"),
|
|
|
|
|
# solaris 10 package manager
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"pkginfo -l SUNWzfsr" => cmd.call("pkginfo-l-SUNWzfsr"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# solaris 11 package manager
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"pkg info system/file-system/zfs" => cmd.call("pkg-info-system-file-system-zfs"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# dpkg-query all packages
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"dpkg-query -W -f='${db:Status-Abbrev} ${Package} ${Version} ${Architecture}\\n'" => cmd.call("dpkg-query-W"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# rpm query all packages
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"rpm -qa --queryformat '%{NAME} %{VERSION}-%{RELEASE} %{ARCH}\\n'" => cmd.call("rpm-qa-queryformat"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# port netstat on solaris 10 & 11
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"netstat -an -f inet -f inet6" => cmd.call("s11-netstat-an-finet-finet6"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# xinetd configuration
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"find /etc/xinetd.d -type f" => cmd.call("find-xinetd.d"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# wmi test
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"2979ebeb80a475107d85411f109209a580ccf569071b3dc7acff030b8635c6b9" => cmd.call("get-wmiobject"),
|
|
|
|
|
# user info on hpux
|
|
|
|
|
"logins -x -l root" => cmd.call("logins-x"),
|
|
|
|
|
# packages on hpux
|
|
|
|
|
"swlist -l product | grep vim" => cmd.call("swlist-l-product"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# ipv4 ports on hpux
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"netstat -an -f inet" => cmd.call("hpux-netstat-inet"),
|
|
|
|
|
# ipv6 ports on hpux
|
|
|
|
|
"netstat -an -f inet6" => cmd.call("hpux-netstat-inet6"),
|
2019-07-16 19:27:32 +00:00
|
|
|
|
# hostname linux and darwin
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"hostname" => cmd.call("hostname"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# hostname windows
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"$env:computername" => cmd.call("$env-computername"),
|
2019-06-21 14:23:47 +00:00
|
|
|
|
# Manufacturer linux
|
2019-07-16 19:14:39 +00:00
|
|
|
|
"cat /sys/class/dmi/id/sys_vendor" => cmd.call("manufacturer"),
|
2019-06-21 14:23:47 +00:00
|
|
|
|
# Manufacturer windows
|
|
|
|
|
"Get-CimInstance -ClassName Win32_ComputerSystem | Select Manufacturer -ExpandProperty Manufacturer" => cmd.call("manufacturer"),
|
|
|
|
|
# Model linux
|
2019-07-16 19:14:39 +00:00
|
|
|
|
"cat /sys/class/dmi/id/product_name" => cmd.call("model"),
|
2019-07-16 19:27:32 +00:00
|
|
|
|
# Model darwin
|
|
|
|
|
"sysctl -n hw.model" => cmd.call("model_darwin"),
|
2019-06-21 14:23:47 +00:00
|
|
|
|
# Model windows
|
|
|
|
|
"Get-CimInstance -ClassName Win32_ComputerSystem | Select Model -ExpandProperty Model" => cmd.call("model"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# windows_hotfix windows
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"get-hotfix -id KB4019215" => cmd.call("kb4019215"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# windows_hotfix windows doesn't exist
|
2019-07-09 00:20:30 +00:00
|
|
|
|
"get-hotfix -id KB9999999" => empty.call,
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# windows_task doesnt exist
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"schtasks /query /v /fo csv /tn 'does-not-exist' | ConvertFrom-Csv | Select @{N='URI';E={$_.TaskName}},@{N='State';E={$_.Status.ToString()}},'Logon Mode','Last Result','Task To Run','Run As User','Scheduled Task State' | ConvertTo-Json -Compress" => cmd.call("schtasks-error"),
|
2019-06-28 07:14:24 +00:00
|
|
|
|
# windows_task exists and has 1 trigger
|
|
|
|
|
"schtasks /query /v /fo csv /tn 'WeLovePizza' | ConvertFrom-Csv | Select @{N='URI';E={$_.TaskName}},@{N='State';E={$_.Status.ToString()}},'Logon Mode','Last Result','Task To Run','Run As User','Scheduled Task State' | ConvertTo-Json -Compress" => cmd.call("schtasks-success-single-trigger"),
|
|
|
|
|
# windows_task exists and has multiple triggers
|
|
|
|
|
"schtasks /query /v /fo csv /tn 'WeLoveMultiplePizzas' | ConvertFrom-Csv | Select @{N='URI';E={$_.TaskName}},@{N='State';E={$_.Status.ToString()}},'Logon Mode','Last Result','Task To Run','Run As User','Scheduled Task State' | ConvertTo-Json -Compress" => cmd.call("schtasks-success-multiple-triggers"),
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"modinfo -F version dhcp" => cmd.call("modinfo-f-version-dhcp"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# crontab display for root / current user
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"crontab -l" => cmd.call("crontab-root"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# crontab display for non-current user
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"crontab -l -u foouser" => cmd.call("crontab-foouser"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# crontab display for special time strings
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"crontab -l -u special" => cmd.call("crontab-special"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# zfs output for dataset tank/tmp
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"/sbin/zfs get -Hp all tank/tmp" => cmd.call("zfs-get-all-tank-tmp"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# zfs output for pool tank
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"/sbin/zpool get -Hp all tank" => cmd.call("zpool-get-all-tank"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# docker
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"4f8e24022ea8b7d3b117041ec32e55d9bf08f11f4065c700e7c1dc606c84fd17" => cmd.call("docker-ps-a"),
|
|
|
|
|
"b40ed61c006b54f155b28a85dc944dc0352b30222087b47c6279568ec0e59d05" => cmd.call("df-t"),
|
|
|
|
|
"docker version --format '{{ json . }}'" => cmd.call("docker-version"),
|
|
|
|
|
"docker info --format '{{ json . }}'" => cmd.call("docker-info"),
|
|
|
|
|
"docker inspect 71b5df59442b" => cmd.call("docker-inspec"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# docker images
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"83c36bfade9375ae1feb91023cd1f7409b786fd992ad4013bf0f2259d33d6406" => cmd.call("docker-images"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# docker services
|
2019-06-11 22:24:35 +00:00
|
|
|
|
%{docker service ls --format '{"ID": {{json .ID}}, "Name": {{json .Name}}, "Mode": {{json .Mode}}, "Replicas": {{json .Replicas}}, "Image": {{json .Image}}, "Ports": {{json .Ports}}}'} => cmd.call("docker-service-ls"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# docker plugins
|
2019-06-11 22:24:35 +00:00
|
|
|
|
%{docker plugin ls --format '{"id": {{json .ID}}, "name": "{{ with split .Name ":"}}{{index . 0}}{{end}}", "version": "{{ with split .Name ":"}}{{index . 1}}{{end}}", "enabled": {{json .Enabled}} }'} => cmd.call("docker-plugin-ls"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# modprobe for kernel_module
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"modprobe --showconfig" => cmd.call("modprobe-config"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# get-process cmdlet for processes resource
|
2019-06-11 22:24:35 +00:00
|
|
|
|
'$Proc = Get-Process -IncludeUserName | Where-Object {$_.Path -ne $null } | Select-Object PriorityClass,Id,CPU,PM,VirtualMemorySize,NPM,SessionId,Responding,StartTime,TotalProcessorTime,UserName,Path | ConvertTo-Csv -NoTypeInformation;$Proc.Replace("""","").Replace("`r`n","`n")' => cmd.call("get-process_processes"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# host resource: TCP/UDP reachability check on linux
|
|
|
|
|
%{bash -c 'type "nc"'} => empty.call,
|
|
|
|
|
%{bash -c 'type "ncat"'} => empty.call,
|
|
|
|
|
%{bash -c 'type "timeout"'} => empty.call,
|
|
|
|
|
%{strings `which bash` | grep -qE '/dev/(tcp|udp)/'} => empty.call,
|
|
|
|
|
%{echo | nc -v -w 1 -u example.com 1234} => empty.call,
|
|
|
|
|
%{echo | nc -v -w 1 example.com 1234} => empty.call,
|
|
|
|
|
'timeout 1 bash -c "< /dev/tcp/example.com/1234"' => empty.call,
|
|
|
|
|
'timeout 1 bash -c "< /dev/udp/example.com/1234"' => empty.call,
|
|
|
|
|
# host resource: netcat for TCP reachability check on darwin
|
|
|
|
|
'type "nc"' => empty.call,
|
|
|
|
|
'type "ncat"' => empty.call,
|
|
|
|
|
'type "gtimeout"' => empty.call,
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"nc -vz -G 1 example.com 1234" => empty.call,
|
2019-05-25 09:59:31 +00:00
|
|
|
|
'gtimeout 1 bash -c "< /dev/tcp/example.com/1234"' => empty.call,
|
|
|
|
|
'gtimeout 1 bash -c "< /dev/udp/example.com/1234"' => empty.call,
|
|
|
|
|
# host resource: test-netconnection for reachability check on windows
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"Test-NetConnection -ComputerName microsoft.com -WarningAction SilentlyContinue -RemotePort 1234| Select-Object -Property ComputerName, TcpTestSucceeded, PingSucceeded | ConvertTo-Json" => cmd.call("Test-NetConnection"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# postgres tests
|
2019-06-11 22:24:35 +00:00
|
|
|
|
%q{bash -c 'type "psql"'} => cmd.call("bash -c type psql"),
|
|
|
|
|
%q(psql --version | awk '{ print $NF }' | awk -F. '{ print $1"."$2 }') => cmd.call("psql-version"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# mssql tests
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"bash -c 'type \"sqlcmd\"'" => cmd.call("mssql-sqlcmd"),
|
|
|
|
|
"cb0efcd12206e9690c21ac631a72be9dd87678aa048e6dae16b8e9353ab6dd64" => cmd.call("mssql-getdate"),
|
|
|
|
|
"7109e5d809058cd3e9cad108e21e91234d2638db4a4f81fadfde21e071a423dc" => cmd.call("mssql-getdate"),
|
|
|
|
|
"5c2bc0f0568d11451d6cf83aff02ee3d47211265b52b6c5d45f8e57290b35082" => cmd.call("mssql-getdate"),
|
|
|
|
|
"148af1d7706d9cf81097f66d5b891ddfca719445d60fa582befad118f51b9d92" => cmd.call("mssql-getdate"),
|
|
|
|
|
"9a1dfd9e403053efb1fd1970a77a241e5c7a9eae34e6f6c56904fa8189bc2e45" => cmd.call("mssql-getdate"),
|
|
|
|
|
"e8bece33e9d550af1fc81a5bc1c72b647b3810db3e567ee9f30feb81f4e3b700" => cmd.call("mssql-getdate"),
|
|
|
|
|
"53d201ff1cfb8867b79200177b8e2e99dedb700c5fbe15e43820011d7e8b941f" => cmd.call("mssql-getdate"),
|
|
|
|
|
"4b550bb227058ac5851aa0bc946be794ee46489610f17842700136cf8bb5a0e9" => cmd.call("mssql-getdate"),
|
|
|
|
|
"7d1a7a0f2bd1e7da9a6904e1f28981146ec01a0323623e12a8579d30a3960a79" => cmd.call("mssql-result"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# oracle
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"bash -c 'type \"sqlplus\"'" => cmd.call("oracle-cmd"),
|
|
|
|
|
"1998da5bc0f09bd5258fad51f45447556572b747f631661831d6fcb49269a448" => cmd.call("oracle-result"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# nginx mock cmd
|
2019-06-11 22:24:35 +00:00
|
|
|
|
%{nginx -V 2>&1} => cmd.call("nginx-v"),
|
|
|
|
|
%{/usr/sbin/nginx -V 2>&1} => cmd.call("nginx-v"),
|
|
|
|
|
%{bash -c 'type "/usr/sbin/nginx"'} => cmd.call("bash-c-type-nginx"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# needed for two differnt inspec.command call formats
|
|
|
|
|
# host resource: dig commands,
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"dig +short A example.com" => cmd.call("dig-A-example.com"),
|
|
|
|
|
"dig +short AAAA example.com" => cmd.call("dig-AAAA-example.com"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# firewalld resource
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"firewall-cmd --get-zones" => cmd.call("firewall-cmd--get-zones"),
|
|
|
|
|
"firewall-cmd --get-default-zone" => cmd.call("firewall-cmd--get-default-zone"),
|
|
|
|
|
"firewall-cmd --get-active-zones" => cmd.call("firewall-cmd--get-active-zones"),
|
|
|
|
|
"firewall-cmd --state" => cmd.call("firewall-cmd--state"),
|
|
|
|
|
"firewall-cmd --zone=public --query-service=ssh" => cmd.call("firewall-cmd--service-enabled-in-zone"),
|
|
|
|
|
"firewall-cmd --zone=public --query-port=22/udp" => cmd.call("firewall-cmd-has-port-enabled-in-zone"),
|
|
|
|
|
"firewall-cmd --zone=public --query-rich-rule='rule family=ipv4 source address=192.168.0.14 accept'" => cmd.call("firewall-cmd-has-rule-enabled"),
|
|
|
|
|
"firewall-cmd --zone=public --service=ssh --get-ports --permanent" => cmd.call("firewall-cmd-service-ports-enabled-in-zone"),
|
|
|
|
|
"firewall-cmd --zone=public --service=ssh --get-protocols --permanent" => cmd.call("firewall-cmd-service-protocols-enabled-in-zone"),
|
|
|
|
|
"firewall-cmd --zone=public --list-services" => cmd.call("firewall-cmd-services-bound"),
|
|
|
|
|
"firewall-cmd --zone=default --list-services" => cmd.call("firewall-cmd-services-bound"),
|
|
|
|
|
"firewall-cmd --zone=public --list-sources" => cmd.call("firewall-cmd-sources-bound"),
|
|
|
|
|
"firewall-cmd --zone=default --list-sources" => cmd.call("firewall-cmd-sources-bound"),
|
|
|
|
|
"firewall-cmd --zone=public --query-rich-rule=rule family=ipv4 source address=192.168.0.14 accept" => cmd.call("firewall-cmd-has-rule-enabled"),
|
|
|
|
|
"bash -c 'type \"firewall-cmd\"'" => cmd.call("firewall-cmd"),
|
|
|
|
|
"rpm -qia firewalld" => cmd.call("pkg-info-firewalld"),
|
|
|
|
|
"systemctl is-active sshd --quiet" => empty.call,
|
|
|
|
|
"systemctl is-active apache2 --quiet" => empty.call,
|
|
|
|
|
"systemctl is-enabled sshd --quiet" => empty.call,
|
|
|
|
|
"systemctl is-enabled apache2 --quiet" => cmd_exit_1.call("systemctl-is-enabled-apache2-stderr"),
|
|
|
|
|
"systemctl is-active dbus --quiet" => empty.call,
|
|
|
|
|
"systemctl is-enabled dbus --quiet" => empty.call,
|
|
|
|
|
"/path/to/systemctl is-active sshd --quiet" => empty.call,
|
|
|
|
|
"/path/to/systemctl is-enabled sshd --quiet" => empty.call,
|
|
|
|
|
"/usr/sbin/service sshd status" => empty.call,
|
|
|
|
|
"/sbin/service sshd status" => empty.call,
|
|
|
|
|
"service apache2 status" => cmd_exit_1.call,
|
2019-05-25 09:59:31 +00:00
|
|
|
|
'type "lsof"' => empty.call,
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf" => empty.call,
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# http resource - remote worker'
|
2019-06-11 22:24:35 +00:00
|
|
|
|
%{bash -c 'type "curl"'} => cmd.call("bash-c-type-curl"),
|
|
|
|
|
"curl -i -X GET --connect-timeout 60 --max-time 120 'http://www.example.com'" => cmd.call("http-remote-no-options"),
|
|
|
|
|
"curl -i -X GET --connect-timeout 60 --max-time 120 --location --max-redirs 1 'http://www.example.com'" => cmd.call("http-remote-max-redirs"),
|
|
|
|
|
"curl -i -X GET --connect-timeout 60 --max-time 120 --user 'user:pass' 'http://www.example.com'" => cmd.call("http-remote-basic-auth"),
|
|
|
|
|
"f77ebcedaf6fbe8f02d2f9d4735a90c12311d2ca4b43ece9efa2f2e396491747" => cmd.call("http-remote-post"),
|
|
|
|
|
"curl -i -X GET --connect-timeout 60 --max-time 120 -H 'accept: application/json' -H 'foo: bar' 'http://www.example.com'" => cmd.call("http-remote-headers"),
|
|
|
|
|
"curl -i -X GET --connect-timeout 60 --max-time 120 'http://www.example.com?a=b&c=d'" => cmd.call("http-remote-params"),
|
|
|
|
|
"curl -i --head --connect-timeout 60 --max-time 120 'http://www.example.com'" => cmd.call("http-remote-head-request"),
|
|
|
|
|
"curl -i -X OPTIONS --connect-timeout 60 --max-time 120 -H 'Access-Control-Request-Method: GET' -H 'Access-Control-Request-Headers: origin, x-requested-with' -H 'Origin: http://www.example.com' 'http://www.example.com'" => cmd.call("http-remote-options-request"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
|
|
|
|
|
# elasticsearch resource
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"curl -H 'Content-Type: application/json' http://localhost:9200/_nodes" => cmd.call("elasticsearch-cluster-nodes-default"),
|
|
|
|
|
"curl -k -H 'Content-Type: application/json' http://localhost:9200/_nodes" => cmd.call("elasticsearch-cluster-no-ssl"),
|
|
|
|
|
"curl -H 'Content-Type: application/json' -u es_admin:password http://localhost:9200/_nodes" => cmd.call("elasticsearch-cluster-auth"),
|
|
|
|
|
"curl -H 'Content-Type: application/json' http://elasticsearch.mycompany.biz:1234/_nodes" => cmd.call("elasticsearch-cluster-url"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
# iis_app_pool resource
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"Import-Module WebAdministration\nIf (Test-Path 'IIS:\\AppPools\\DefaultAppPool') {\n Get-Item 'IIS:\\AppPools\\DefaultAppPool' | Select-Object * | ConvertTo-Json -Compress\n} Else {\n Write-Host '{}'\n}\n" => cmd.call("iis-default-app-pool"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
|
|
|
|
|
# iis_site resource
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"Get-Website 'Default Web Site' | Select-Object -Property Name,State,PhysicalPath,bindings,ApplicationPool | ConvertTo-Json" => cmd.call("iis-default-web-site"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
|
# security_policy resource calls
|
|
|
|
|
"Get-Content win_secpol-abc123.cfg" => cmd.call("secedit-export"),
|
|
|
|
|
"secedit /export /cfg win_secpol-abc123.cfg" => cmd.call("success"),
|
|
|
|
|
"Remove-Item win_secpol-abc123.cfg" => cmd.call("success"),
|
|
|
|
|
"(New-Object System.Security.Principal.SecurityIdentifier(\"S-1-5-32-544\")).Translate( [System.Security.Principal.NTAccount]).Value" => cmd.call("security-policy-sid-translated"),
|
|
|
|
|
"(New-Object System.Security.Principal.SecurityIdentifier(\"S-1-5-32-555\")).Translate( [System.Security.Principal.NTAccount]).Value" => cmd.call("security-policy-sid-untranslated"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
|
|
|
|
|
# Windows SID calls
|
2019-06-11 22:24:35 +00:00
|
|
|
|
'wmic useraccount where \'Name="Alice"\' get Name","SID /format:csv' => cmd.call("security-identifier-alice"),
|
|
|
|
|
'wmic useraccount where \'Name="Bob"\' get Name","SID /format:csv' => cmd.call("security-identifier-unknown"),
|
|
|
|
|
'wmic useraccount where \'Name="DontExist"\' get Name","SID /format:csv' => cmd.call("security-identifier-unknown"),
|
|
|
|
|
'wmic group where \'Name="Guests"\' get Name","SID /format:csv' => cmd.call("security-identifier-guests"),
|
|
|
|
|
'wmic group where \'Name="DontExist"\' get Name","SID /format:csv' => cmd.call("security-identifier-unknown"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
|
|
|
|
|
# alpine package commands
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"apk info -vv --no-network | grep git" => cmd.call("apk-info-grep-git"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
|
|
|
|
|
# filesystem command
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"2e7e0d4546342cee799748ec7e2b1c87ca00afbe590fa422a7c27371eefa88f0" => cmd.call("get-wmiobject-filesystem"),
|
2019-05-25 09:59:31 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# ports on linux
|
|
|
|
|
# allow the ss and/or netstat commands to exist so the later mock is called
|
2019-06-11 22:24:35 +00:00
|
|
|
|
if @platform && @platform[:name] == "alpine"
|
2019-05-25 09:59:31 +00:00
|
|
|
|
mock_cmds.merge!(
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"ps --help" => cmd_stderr.call("ps-help-busybox"),
|
2019-07-09 00:20:30 +00:00
|
|
|
|
%{bash -c 'type "netstat"'} => cmd_exit_1.call,
|
|
|
|
|
%{bash -c 'type "ss"'} => cmd_exit_1.call,
|
|
|
|
|
%{which "ss"} => cmd_exit_1.call,
|
|
|
|
|
%{which "netstat"} => empty.call,
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"netstat -tulpen" => cmd.call("netstat-tulpen-busybox")
|
2019-05-25 09:59:31 +00:00
|
|
|
|
)
|
|
|
|
|
else
|
|
|
|
|
mock_cmds.merge!(
|
2019-07-09 00:20:30 +00:00
|
|
|
|
"ps --help" => empty.call,
|
|
|
|
|
%{bash -c 'type "ss"'} => empty.call,
|
|
|
|
|
%{bash -c 'type "netstat"'} => empty.call,
|
2019-06-11 22:24:35 +00:00
|
|
|
|
"ss -tulpen" => cmd.call("ss-tulpen"),
|
|
|
|
|
"netstat -tulpen" => cmd.call("netstat-tulpen")
|
2019-05-25 09:59:31 +00:00
|
|
|
|
)
|
|
|
|
|
end
|
|
|
|
|
mock.commands = mock_cmds
|
|
|
|
|
|
|
|
|
|
@backend
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# loads a resource class and instantiates the class with the given arguments
|
|
|
|
|
def load_resource(resource, *args)
|
|
|
|
|
# initialize resource with backend and parameters
|
|
|
|
|
@resource_class = Inspec::Resource.registry[resource]
|
|
|
|
|
raise ArgumentError, "No resource #{resource}" unless @resource_class
|
2019-07-09 00:20:30 +00:00
|
|
|
|
|
2019-05-25 09:59:31 +00:00
|
|
|
|
@resource = @resource_class.new(backend, resource, *args)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.mock_os(resource, name)
|
|
|
|
|
osinfo = OPERATING_SYSTEMS[name] ||
|
2019-06-11 22:24:35 +00:00
|
|
|
|
raise("Can't find operating system to mock: #{name}")
|
2019-05-25 09:59:31 +00:00
|
|
|
|
resource.inspec.backend.mock_os(osinfo)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.mock_command(resource, cmd, res = {})
|
|
|
|
|
resource.inspec.backend
|
2019-07-09 00:20:30 +00:00
|
|
|
|
.mock_command(cmd, res[:stdout], res[:stderr], res[:exit_status])
|
2019-05-25 09:59:31 +00:00
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.home
|
|
|
|
|
File.expand_path "../../unit", __FILE__
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.profile_path(name)
|
|
|
|
|
dst = name
|
|
|
|
|
dst = "#{home}/mock/profiles/#{name}" unless (Pathname.new name).absolute?
|
|
|
|
|
dst
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.load_profile(name, opts = {})
|
2019-06-07 23:33:56 +00:00
|
|
|
|
require "inspec/profile"
|
2019-05-25 09:59:31 +00:00
|
|
|
|
opts[:test_collector] = Inspec::RunnerMock.new
|
|
|
|
|
opts[:backend] = Inspec::Backend.create(Inspec::Config.mock(opts))
|
|
|
|
|
Inspec::Profile.for_target(profile_path(name), opts)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.profile_tgz(name)
|
2019-06-11 22:24:35 +00:00
|
|
|
|
path = File.join(home, "mock", "profiles", name)
|
2019-05-25 09:59:31 +00:00
|
|
|
|
dst = File.join(Dir.mktmpdir, "#{name}.tar.gz")
|
|
|
|
|
|
|
|
|
|
# generate relative paths
|
|
|
|
|
files = Dir.glob("#{path}/**/*")
|
|
|
|
|
relatives = files.map { |e| Pathname.new(e).relative_path_from(Pathname.new(path)).to_s }
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
|
require "inspec/archive/tar"
|
2019-05-25 09:59:31 +00:00
|
|
|
|
tag = Inspec::Archive::TarArchiveGenerator.new
|
|
|
|
|
tag.archive(path, relatives, dst)
|
|
|
|
|
|
|
|
|
|
dst
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.profile_zip(name, opts = {})
|
2019-06-11 22:24:35 +00:00
|
|
|
|
path = File.join(home, "mock", "profiles", name)
|
2019-05-25 09:59:31 +00:00
|
|
|
|
dst = File.join(Dir.mktmpdir, "#{name}.zip")
|
|
|
|
|
|
|
|
|
|
# rubyzip only works relative paths
|
|
|
|
|
files = Dir.glob("#{path}/**/*")
|
|
|
|
|
relatives = files.map { |e| Pathname.new(e).relative_path_from(Pathname.new(path)).to_s }
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
|
require "inspec/archive/zip"
|
2019-05-25 09:59:31 +00:00
|
|
|
|
zag = Inspec::Archive::ZipArchiveGenerator.new
|
|
|
|
|
zag.archive(path, relatives, dst)
|
|
|
|
|
|
|
|
|
|
dst
|
|
|
|
|
end
|
|
|
|
|
end
|