diff --git a/docs/resources.rst b/docs/resources.rst index e73bd33b7..2331ef7ff 100644 --- a/docs/resources.rst +++ b/docs/resources.rst @@ -18,7 +18,6 @@ The following InSpec audit resources are available: * ``file`` * ``gem`` * ``group`` -* ``group_policy`` * ``host`` * ``inetd_conf`` * ``interface`` @@ -1627,57 +1626,6 @@ The following examples show how to use this InSpec audit resource. -group_policy -===================================================== -Use the ``group_policy`` |inspec resource| to test group policy on the |windows| platform. This resource uses the ``Get-Item`` cmdlet to return all of the policy keys and related values. - -**Stability: Experimental** - -Syntax ------------------------------------------------------ -A ``group_policy`` |inspec resource| block declares the path to the policy: - -.. code-block:: ruby - - describe group_policy('Path\to\Policy') do - its('setting') { should eq 'value' } - end - -where - -* ``'Path\to\Policy'`` must specify a group policy, such as ``'Local Policies\Audit Policy'`` or ``'Local Policies\Security Options'`` -* ``'setting'`` is the group policy setting to be tested. For example: ``Automatically log off users when the logon time expires`` -* ``'value'`` is compared to the value on the group policy - -Matchers ------------------------------------------------------ -This InSpec audit resource has the following matchers. - -setting -+++++++++++++++++++++++++++++++++++++++++++++++++++++ -The ``setting`` matcher tests specific, named settings in the group policy: - -.. code-block:: ruby - - its('setting') { should eq 'value' } - -where ``'setting'`` is replaced with the full string for the setting. For example: ``Automatically log off users when the logon time expires``. - -Use a ``setting`` matcher for each setting to be tested. - -Examples ------------------------------------------------------ -The following examples show how to use this InSpec audit resource. - -**Test if users are logged off after the logon time expires** - -.. code-block:: ruby - - describe group_policy('Local Policies\Security Options') do - its('Automatically log off users when the logon time expires') { should eq 'Enabled' } - end - - host ===================================================== Use the ``host`` |inspec resource| to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available. diff --git a/lib/inspec/resource.rb b/lib/inspec/resource.rb index 2a7cd26c7..2d9dd7946 100644 --- a/lib/inspec/resource.rb +++ b/lib/inspec/resource.rb @@ -35,7 +35,6 @@ require 'resources/etc_group' require 'resources/file' require 'resources/gem' require 'resources/group' -require 'resources/group_policy' require 'resources/host' require 'resources/inetd_conf' require 'resources/interface' diff --git a/lib/resources/group_policy.rb b/lib/resources/group_policy.rb deleted file mode 100644 index f15b33508..000000000 --- a/lib/resources/group_policy.rb +++ /dev/null @@ -1,58 +0,0 @@ -# encoding: utf-8 -# copyright: 2015, Vulcano Security GmbH -# author: Christoph Hartmann -# author: Dominik Richter -# license: All rights reserved - -require 'json' - -# return JSON object -def gpo(policy_path, policy_name) - file = ::File.read(::File.join ::File.dirname(__FILE__), 'gpo.json') - gpo_hash = JSON.parse(file) - key = 'Machine--' + policy_path + '--' + policy_name - gpo_hash[key] -end - -# Group Policy -class GroupPolicy < Inspec.resource(1) - name 'group_policy' - - def initialize(name) - @name = name - end - - def get_registry_value(entry) - keys = entry['registry_information'][0] - cmd = "(Get-Item 'Registry::#{keys['path']}').GetValue('#{keys['key']}')" - command_result ||= inspec.command(cmd) - val = { exit_code: command_result.exit_status.to_i, data: command_result.stdout } - val - end - - def convert_value(value) - val = value.strip - val = val.to_i if val.match(/^\d+$/) - val - end - - # returns nil, if not existant or value - def method_missing(meth) - # map gpo to registry key - entry = gpo(@name, meth.to_s) - - # get data - val = get_registry_value(entry) - - # verify data - if (val[:exit_code] == 0) - return convert_value(val[:data]) - else - return nil - end - end - - def to_s - 'Group Policy' - end -end