mirror of
https://github.com/inspec/inspec
synced 2024-11-27 15:10:44 +00:00
Merge pull request #178 from chef/group_policy
Merged change 29f1ea8f-45dc-49bd-aa4a-7070a2fcf1d4 From review branch group_policy into master Signed-off-by: drichter <drichter@chef.io>
This commit is contained in:
commit
45414d804c
3 changed files with 0 additions and 111 deletions
|
@ -18,7 +18,6 @@ The following InSpec audit resources are available:
|
|||
* ``file``
|
||||
* ``gem``
|
||||
* ``group``
|
||||
* ``group_policy``
|
||||
* ``host``
|
||||
* ``inetd_conf``
|
||||
* ``interface``
|
||||
|
@ -1627,57 +1626,6 @@ The following examples show how to use this InSpec audit resource.
|
|||
|
||||
|
||||
|
||||
group_policy
|
||||
=====================================================
|
||||
Use the ``group_policy`` |inspec resource| to test group policy on the |windows| platform. This resource uses the ``Get-Item`` cmdlet to return all of the policy keys and related values.
|
||||
|
||||
**Stability: Experimental**
|
||||
|
||||
Syntax
|
||||
-----------------------------------------------------
|
||||
A ``group_policy`` |inspec resource| block declares the path to the policy:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
describe group_policy('Path\to\Policy') do
|
||||
its('setting') { should eq 'value' }
|
||||
end
|
||||
|
||||
where
|
||||
|
||||
* ``'Path\to\Policy'`` must specify a group policy, such as ``'Local Policies\Audit Policy'`` or ``'Local Policies\Security Options'``
|
||||
* ``'setting'`` is the group policy setting to be tested. For example: ``Automatically log off users when the logon time expires``
|
||||
* ``'value'`` is compared to the value on the group policy
|
||||
|
||||
Matchers
|
||||
-----------------------------------------------------
|
||||
This InSpec audit resource has the following matchers.
|
||||
|
||||
setting
|
||||
+++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
The ``setting`` matcher tests specific, named settings in the group policy:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
its('setting') { should eq 'value' }
|
||||
|
||||
where ``'setting'`` is replaced with the full string for the setting. For example: ``Automatically log off users when the logon time expires``.
|
||||
|
||||
Use a ``setting`` matcher for each setting to be tested.
|
||||
|
||||
Examples
|
||||
-----------------------------------------------------
|
||||
The following examples show how to use this InSpec audit resource.
|
||||
|
||||
**Test if users are logged off after the logon time expires**
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
describe group_policy('Local Policies\Security Options') do
|
||||
its('Automatically log off users when the logon time expires') { should eq 'Enabled' }
|
||||
end
|
||||
|
||||
|
||||
host
|
||||
=====================================================
|
||||
Use the ``host`` |inspec resource| to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available.
|
||||
|
|
|
@ -35,7 +35,6 @@ require 'resources/etc_group'
|
|||
require 'resources/file'
|
||||
require 'resources/gem'
|
||||
require 'resources/group'
|
||||
require 'resources/group_policy'
|
||||
require 'resources/host'
|
||||
require 'resources/inetd_conf'
|
||||
require 'resources/interface'
|
||||
|
|
|
@ -1,58 +0,0 @@
|
|||
# encoding: utf-8
|
||||
# copyright: 2015, Vulcano Security GmbH
|
||||
# author: Christoph Hartmann
|
||||
# author: Dominik Richter
|
||||
# license: All rights reserved
|
||||
|
||||
require 'json'
|
||||
|
||||
# return JSON object
|
||||
def gpo(policy_path, policy_name)
|
||||
file = ::File.read(::File.join ::File.dirname(__FILE__), 'gpo.json')
|
||||
gpo_hash = JSON.parse(file)
|
||||
key = 'Machine--' + policy_path + '--' + policy_name
|
||||
gpo_hash[key]
|
||||
end
|
||||
|
||||
# Group Policy
|
||||
class GroupPolicy < Inspec.resource(1)
|
||||
name 'group_policy'
|
||||
|
||||
def initialize(name)
|
||||
@name = name
|
||||
end
|
||||
|
||||
def get_registry_value(entry)
|
||||
keys = entry['registry_information'][0]
|
||||
cmd = "(Get-Item 'Registry::#{keys['path']}').GetValue('#{keys['key']}')"
|
||||
command_result ||= inspec.command(cmd)
|
||||
val = { exit_code: command_result.exit_status.to_i, data: command_result.stdout }
|
||||
val
|
||||
end
|
||||
|
||||
def convert_value(value)
|
||||
val = value.strip
|
||||
val = val.to_i if val.match(/^\d+$/)
|
||||
val
|
||||
end
|
||||
|
||||
# returns nil, if not existant or value
|
||||
def method_missing(meth)
|
||||
# map gpo to registry key
|
||||
entry = gpo(@name, meth.to_s)
|
||||
|
||||
# get data
|
||||
val = get_registry_value(entry)
|
||||
|
||||
# verify data
|
||||
if (val[:exit_code] == 0)
|
||||
return convert_value(val[:data])
|
||||
else
|
||||
return nil
|
||||
end
|
||||
end
|
||||
|
||||
def to_s
|
||||
'Group Policy'
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue