rename to control

2025-02-17 06:28:40 +00:00 · 2015-11-02 23:24:14 +00:00 · 2015-11-02 23:24:14 +00:00 · 43194819e4
commit 43194819e4
parent 86f37395d6
2 changed files with 23 additions and 23 deletions
--- a/docs/dsl_inspec.rst
+++ b/docs/dsl_inspec.rst
@ -2,16 +2,16 @@
 InSpec DSL
 =====================================================

-|inspec| is a run-time framework and rule language used to specify compliance, securuty, and policy requirements. It includes a collection of resources that help you write auditing rules quickly and easily. The syntax used by both open source and |chef compliance| auditing is the same. The open source |inspec resource| framework is compatible with |chef compliance|.
+|inspec| is a run-time framework and rule language used to specify compliance, securuty, and policy requirements. It includes a collection of resources that help you write auditing controls quickly and easily. The syntax used by both open source and |chef compliance| auditing is the same. The open source |inspec resource| framework is compatible with |chef compliance|.

-The InSpec DSL is a Ruby DSL for writing audit rules, which includes audit resources that you can invoke.
+The InSpec DSL is a Ruby DSL for writing audit controls, which includes audit resources that you can invoke.

 The following sections describe the syntax and show some simple examples of using the |inspec resources| to define

 Syntax
 =====================================================

-The following resource tests |ssh| server configuration. For example, a simple rule may desrcibed as:
+The following resource tests |ssh| server configuration. For example, a simple control may desrcibed as:

 .. code-block:: ruby

@ -19,11 +19,11 @@ The following resource tests |ssh| server configuration. For example, a simple r
    its('Port') { should eq('22') }
  end

-In various use cases like implementing IT compliance across different departments, it becomes handy to extend the rule with metadata. Each rule may define an additional ``impact``, ``title`` or ``desc``. An example looks like:
+In various use cases like implementing IT compliance across different departments, it becomes handy to extend the control with metadata. Each control may define an additional ``impact``, ``title`` or ``desc``. An example looks like:

 .. code-block:: ruby

-   rule 'sshd-8' do
+   control 'sshd-8' do
     impact 0.6
     title 'Server: Configure the service port'
     desc '
@ -37,21 +37,21 @@ In various use cases like implementing IT compliance across different department

 where

-* ``'sshd-8'`` is the name of the rule
-* ``impact``, ``title``, and ``desc`` define metadata that fully describes the importance of the rule, its purpose, with a succinct and complete description
+* ``'sshd-8'`` is the name of the control
+* ``impact``, ``title``, and ``desc`` define metadata that fully describes the importance of the control, its purpose, with a succinct and complete description
 * ``impact`` is an float that measures the importance of the compliance results and must be a value between ``0.0`` and ``1.0``.
-* ``describe`` is a block that contains at least one test. A ``rule`` block must contain at least one ``describe`` block, but may contain as many as required
+* ``describe`` is a block that contains at least one test. A ``control`` block must contain at least one ``describe`` block, but may contain as many as required
 * ``sshd_config`` is an |inspec| resource. For the full list of InSpec resources, see |inspec| resource documentation
 * ``its('Port')`` is the matcher; ``{ should eq('22') }`` is the test. A ``describe`` block must contain at least one matcher, but may contain as many as required


 Author Tests
 -----------------------------------------------------
-It is recommended that test files are located in the ``/tests`` directory. When writing rules, the ``impact``, ``title``, ``desc`` metadata are _optional_, but are highly recommended.
+It is recommended that test files are located in the ``/tests`` directory. When writing controls, the ``impact``, ``title``, ``desc`` metadata are _optional_, but are highly recommended.

 Examples
 =====================================================
-The following examples show simple compliance tests using a single ``rule`` block.
+The following examples show simple compliance tests using a single ``control`` block.

 Test System Event Log
 -----------------------------------------------------
@ -59,7 +59,7 @@ The following test shows how to audit machines running |windows| 2012 R2 that pw

 .. code-block:: ruby

-  rule 'windows-account-102' do
+  control 'windows-account-102' do
    impact 1.0
    title 'Windows Password Complexity is Enabled'
    desc 'Password must meet complexity requirement'
@ -74,7 +74,7 @@ The following test shows how to audit machines running |postgresql| to ensure th

 .. code-block:: ruby

-   rule 'postgres-7' do
+   control 'postgres-7' do
     impact 1.0
     title 'Don't allow empty passwords'
     describe postgres_session('user', 'pass').query("SELECT * FROM pg_shadow WHERE passwd IS NULL;") do
@ -89,7 +89,7 @@ The following test shows how to audit machines running |mysql| to ensure that pa

 .. code-block:: ruby

-   rule 'mysql-3' do
+   control 'mysql-3' do
     impact 1.0
     title 'Do not store your MySQL password in your ENV'
     desc '
@ -107,7 +107,7 @@ The following test shows how to audit machines to ensure that ``/etc/ssh`` is a

 .. code-block:: ruby

-   rule 'basic-1' do
+   control 'basic-1' do
     impact 1.0
     title '/etc/ssh should be a directory'
     desc '
@ -125,7 +125,7 @@ The following test shows how to audit machines to ensure that |apache| is enable

 .. code-block:: ruby

-   rule 'apache-1' do
+   control 'apache-1' do
     impact 0.3
     title 'Apache2 should be configured and running'
     describe service(apache.service) do
@ -140,7 +140,7 @@ The following test shows how to audit machines for insecure packages:

 .. code-block:: ruby

-  rule 'cis-os-services-5.1.3' do
+  control 'cis-os-services-5.1.3' do
    impact 0.7
    title '5.1.3 Ensure rsh client is not installed'

@ -160,7 +160,7 @@ The following test shows how to audit machines to ensure Safe DLL Seach Mode is

 .. code-block:: ruby

-  rule 'windows-base-101' do
+  control 'windows-base-101' do
    impact 1.0
    title 'Safe DLL Search Mode is Enabled'
    desc '
--- a/docs/readme.rst
+++ b/docs/readme.rst
@ -14,14 +14,14 @@ At first, we add our tests to the ``test`` folder. Each test file must end with
    mkdir test
    touch test/example_spec.rb

-We add a rule to this file, to check the ``/tmp`` path in our system:
+We add a control to this file, to check the ``/tmp`` path in our system:

 .. code-block:: ruby

  # encoding: utf-8

-  rule "cis-fs-2.1" do                        # A unique ID for this rule
-    impact 0.7                                # The criticality, if this rule fails.
+  control "cis-fs-2.1" do                     # A unique ID for this control
+    impact 0.7                                # The criticality, if this control fails.
    title "Create separate /tmp partition"    # A human-readable title
    desc "An optional description..."
    describe file('/tmp') do                  # The actual test
@ -42,12 +42,12 @@ It will contain:

  # encoding: utf-8

-  # Skip all rules, if SSH doesn't exist on the system
+  # Skip all controls, if SSH doesn't exist on the system
  only_if do
    command('sshd').exist?
  end

-  rule "sshd-11" do
+  control "sshd-11" do
    impact 1.0
    title "Server: Set protocol version to SSHv2"
    desc "
@ -59,7 +59,7 @@ It will contain:
    end
  end

-  rule "sshd-7" do
+  control "sshd-7" do
    impact 1.0
    title "Server: Do not permit root-based login with password."
    desc "