mirror of
https://github.com/inspec/inspec
synced 2025-02-25 11:57:17 +00:00
Merge pull request #178 from chef/group_policy
Merged change 29f1ea8f-45dc-49bd-aa4a-7070a2fcf1d4 From review branch group_policy into master Signed-off-by: drichter <drichter@chef.io>
This commit is contained in:
chef-delivery
commit
45414d804c
3 changed files with 0 additions and 111 deletions
|
|
@ -18,7 +18,6 @@ The following InSpec audit resources are available:
|
||||||
* ``file``
|
* ``file``
|
||||||
* ``gem``
|
* ``gem``
|
||||||
* ``group``
|
* ``group``
|
||||||
* ``group_policy``
|
|
||||||
* ``host``
|
* ``host``
|
||||||
* ``inetd_conf``
|
* ``inetd_conf``
|
||||||
* ``interface``
|
* ``interface``
|
||||||
|
|
@ -1627,57 +1626,6 @@ The following examples show how to use this InSpec audit resource.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
group_policy
|
|
||||||
=====================================================
|
|
||||||
Use the ``group_policy`` |inspec resource| to test group policy on the |windows| platform. This resource uses the ``Get-Item`` cmdlet to return all of the policy keys and related values.
|
|
||||||
|
|
||||||
**Stability: Experimental**
|
|
||||||
|
|
||||||
Syntax
|
|
||||||
-----------------------------------------------------
|
|
||||||
A ``group_policy`` |inspec resource| block declares the path to the policy:
|
|
||||||
|
|
||||||
.. code-block:: ruby
|
|
||||||
|
|
||||||
describe group_policy('Path\to\Policy') do
|
|
||||||
its('setting') { should eq 'value' }
|
|
||||||
end
|
|
||||||
|
|
||||||
where
|
|
||||||
|
|
||||||
* ``'Path\to\Policy'`` must specify a group policy, such as ``'Local Policies\Audit Policy'`` or ``'Local Policies\Security Options'``
|
|
||||||
* ``'setting'`` is the group policy setting to be tested. For example: ``Automatically log off users when the logon time expires``
|
|
||||||
* ``'value'`` is compared to the value on the group policy
|
|
||||||
|
|
||||||
Matchers
|
|
||||||
-----------------------------------------------------
|
|
||||||
This InSpec audit resource has the following matchers.
|
|
||||||
|
|
||||||
setting
|
|
||||||
+++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
The ``setting`` matcher tests specific, named settings in the group policy:
|
|
||||||
|
|
||||||
.. code-block:: ruby
|
|
||||||
|
|
||||||
its('setting') { should eq 'value' }
|
|
||||||
|
|
||||||
where ``'setting'`` is replaced with the full string for the setting. For example: ``Automatically log off users when the logon time expires``.
|
|
||||||
|
|
||||||
Use a ``setting`` matcher for each setting to be tested.
|
|
||||||
|
|
||||||
Examples
|
|
||||||
-----------------------------------------------------
|
|
||||||
The following examples show how to use this InSpec audit resource.
|
|
||||||
|
|
||||||
**Test if users are logged off after the logon time expires**
|
|
||||||
|
|
||||||
.. code-block:: ruby
|
|
||||||
|
|
||||||
describe group_policy('Local Policies\Security Options') do
|
|
||||||
its('Automatically log off users when the logon time expires') { should eq 'Enabled' }
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
host
|
host
|
||||||
=====================================================
|
=====================================================
|
||||||
Use the ``host`` |inspec resource| to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available.
|
Use the ``host`` |inspec resource| to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available.
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,6 @@ require 'resources/etc_group'
|
||||||
require 'resources/file'
|
require 'resources/file'
|
||||||
require 'resources/gem'
|
require 'resources/gem'
|
||||||
require 'resources/group'
|
require 'resources/group'
|
||||||
require 'resources/group_policy'
|
|
||||||
require 'resources/host'
|
require 'resources/host'
|
||||||
require 'resources/inetd_conf'
|
require 'resources/inetd_conf'
|
||||||
require 'resources/interface'
|
require 'resources/interface'
|
||||||
|
|
|
||||||
|
|
@ -1,58 +0,0 @@
|
||||||
# encoding: utf-8
|
|
||||||
# copyright: 2015, Vulcano Security GmbH
|
|
||||||
# author: Christoph Hartmann
|
|
||||||
# author: Dominik Richter
|
|
||||||
# license: All rights reserved
|
|
||||||
|
|
||||||
require 'json'
|
|
||||||
|
|
||||||
# return JSON object
|
|
||||||
def gpo(policy_path, policy_name)
|
|
||||||
file = ::File.read(::File.join ::File.dirname(__FILE__), 'gpo.json')
|
|
||||||
gpo_hash = JSON.parse(file)
|
|
||||||
key = 'Machine--' + policy_path + '--' + policy_name
|
|
||||||
gpo_hash[key]
|
|
||||||
end
|
|
||||||
|
|
||||||
# Group Policy
|
|
||||||
class GroupPolicy < Inspec.resource(1)
|
|
||||||
name 'group_policy'
|
|
||||||
|
|
||||||
def initialize(name)
|
|
||||||
@name = name
|
|
||||||
end
|
|
||||||
|
|
||||||
def get_registry_value(entry)
|
|
||||||
keys = entry['registry_information'][0]
|
|
||||||
cmd = "(Get-Item 'Registry::#{keys['path']}').GetValue('#{keys['key']}')"
|
|
||||||
command_result ||= inspec.command(cmd)
|
|
||||||
val = { exit_code: command_result.exit_status.to_i, data: command_result.stdout }
|
|
||||||
val
|
|
||||||
end
|
|
||||||
|
|
||||||
def convert_value(value)
|
|
||||||
val = value.strip
|
|
||||||
val = val.to_i if val.match(/^\d+$/)
|
|
||||||
val
|
|
||||||
end
|
|
||||||
|
|
||||||
# returns nil, if not existant or value
|
|
||||||
def method_missing(meth)
|
|
||||||
# map gpo to registry key
|
|
||||||
entry = gpo(@name, meth.to_s)
|
|
||||||
|
|
||||||
# get data
|
|
||||||
val = get_registry_value(entry)
|
|
||||||
|
|
||||||
# verify data
|
|
||||||
if (val[:exit_code] == 0)
|
|
||||||
return convert_value(val[:data])
|
|
||||||
else
|
|
||||||
return nil
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def to_s
|
|
||||||
'Group Policy'
|
|
||||||
end
|
|
||||||
end
|
|
||||||
Loading…
Add table
Reference in a new issue