Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-12-18 00:53:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #526 from chef/adamleff/resource-namespace

Browse source 
Placing all resources in the Inspec::Resources namespace
This commit is contained in:
Dominik Richter 2016-03-09 10:29:11 +01:00
commit 9cb2bc5dec
52 changed files with 4779 additions and 4677 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/resources/apache.rb
View file

@ -4,6 +4,7 @@
# author: Dominik Richter
# license: All rights reserved
module Inspec::Resources
class Apache < Inspec.resource(1)
name 'apache'
@ -13,12 +14,12 @@ class Apache < Inspec.resource(1)
when 'ubuntu', 'debian'
@service = 'apache2'
@conf_dir = '/etc/apache2/'
@conf_path = File.join @conf_dir, 'apache2.conf'
@conf_path = ::File.join @conf_dir, 'apache2.conf'
@user = 'www-data'
else
@service = 'httpd'
@conf_dir = '/etc/httpd/'
@conf_path = File.join @conf_dir, '/conf/httpd.conf'
@conf_path = ::File.join @conf_dir, '/conf/httpd.conf'
@user = 'apache'
end
end
@ -27,3 +28,4 @@ class Apache < Inspec.resource(1)
'Apache Environment'
end
end
end

6
lib/resources/apache_conf.rb
View file

@ -7,6 +7,7 @@
require 'utils/simpleconfig'
require 'utils/find_files'
module Inspec::Resources
class ApacheConf < Inspec.resource(1)
name 'apache_conf'
desc 'Use the apache_conf InSpec audit resource to test the configuration settings for Apache. This file is typically located under /etc/apache2 on the Debian and Ubuntu platforms and under /etc/httpd on the Fedora, CentOS, Red Hat Enterprise Linux, and Arch Linux platforms. The configuration settings may vary significantly from platform to platform.'
@ -20,7 +21,7 @@ class ApacheConf < Inspec.resource(1)
def initialize(conf_path = nil)
@conf_path = conf_path || inspec.apache.conf_path
@conf_dir = File.dirname(@conf_path)
@conf_dir = ::File.dirname(@conf_path)
@files_contents = {}
@content = nil
@params = nil
@ -104,7 +105,7 @@ class ApacheConf < Inspec.resource(1)
includes = []
(include_files + include_files_optional).each do |f|
id = File.join(@conf_dir, f)
id = ::File.join(@conf_dir, f)
files = find_files(id, depth: 1, type: 'file')
includes.push(files) if files
@ -122,3 +123,4 @@ class ApacheConf < Inspec.resource(1)
"Apache Config #{@conf_path}"
end
end
end

2
lib/resources/apt.rb
View file

@ -28,6 +28,7 @@
require 'uri'
module Inspec::Resources
class AptRepository < Inspec.resource(1)
name 'apt'
desc 'Use the apt InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform.'
@ -145,3 +146,4 @@ class PpaRepository < AptRepository
warn '[DEPRECATION] `ppa(reponame)` is deprecated. Please use `apt(reponame)` instead.'
end
end
end

2
lib/resources/audit_policy.rb
View file

@ -24,6 +24,7 @@
#
# Further information is available at: https://msdn.microsoft.com/en-us/library/dd973859.aspx
module Inspec::Resources
class AuditPolicy < Inspec.resource(1)
name 'audit_policy'
desc 'Use the audit_policy InSpec audit resource to test auditing policies on the Microsoft Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each auditing category property that is enabled, the auditing level may be set to No Auditing, Not Specified, Success, Success and Failure, or Failure.'
@ -61,3 +62,4 @@ class AuditPolicy < Inspec.resource(1)
'Audit Policy'
end
end
end

2
lib/resources/auditd_conf.rb
View file

@ -6,6 +6,7 @@
require 'utils/simpleconfig'
module Inspec::Resources
class AuditDaemonConf < Inspec.resource(1)
name 'auditd_conf'
desc "Use the auditd_conf InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under /etc/audit/auditd.conf' on UNIX and Linux platforms."
@ -53,3 +54,4 @@ class AuditDaemonConf < Inspec.resource(1)
@params = conf.params
end
end
end

2
lib/resources/auditd_rules.rb
View file

@ -7,6 +7,7 @@
require 'forwardable'
require 'utils/filter_array'
module Inspec::Resources
class AuditdRulesLegacy
def initialize(content)
@content = content
@ -201,3 +202,4 @@ class AuditDaemonRules < Inspec.resource(1)
[fields, opts]
end
end
end

2
lib/resources/bridge.rb
View file

@ -8,6 +8,7 @@
# it { should have_interface 'eth0' }
# end
module Inspec::Resources
class Bridge < Inspec.resource(1)
name 'bridge'
desc 'Use the bridge InSpec audit resource to test basic network bridge properties, such as name, if an interface is defined, and the associations for any defined interface.'
@ -119,3 +120,4 @@ class WindowsBridge < BridgeDetection
bridges[0]
end
end
end

2
lib/resources/command.rb
View file

@ -4,6 +4,7 @@
# author: Christoph Hartmann
# license: All rights reserved
module Inspec::Resources
class Cmd < Inspec.resource(1)
name 'command'
desc 'Use the command InSpec audit resource to test an arbitrary command that is run on the system.'
@ -59,3 +60,4 @@ class Cmd < Inspec.resource(1)
"Command #{@command}"
end
end
end

2
lib/resources/csv.rb
View file

@ -5,6 +5,7 @@
# Parses a csv document
# This implementation was inspired by a blog post
# @see http://technicalpickles.com/posts/parsing-csv-with-ruby
module Inspec::Resources
class CsvConfig < JsonConfig
name 'csv'
desc 'Use the csv InSpec audit resource to test configuration data in a CSV file.'
@ -31,3 +32,4 @@ class CsvConfig < JsonConfig
"Csv #{@path}"
end
end
end

2
lib/resources/etc_group.rb
View file

@ -24,6 +24,7 @@
require 'utils/convert'
require 'utils/parser'
module Inspec::Resources
class EtcGroup < Inspec.resource(1)
include Converter
include CommentParser
@ -156,3 +157,4 @@ class EtcGroupView
@parent.users(@filter)
end
end
end

2
lib/resources/gem.rb
View file

@ -2,6 +2,7 @@
# author: Christoph Hartmann
# author: Dominik Richter
module Inspec::Resources
class GemPackage < Inspec.resource(1)
name 'gem'
desc 'Use the gem InSpec audit resource to test if a global gem package is installed.'
@ -46,3 +47,4 @@ class GemPackage < Inspec.resource(1)
"gem package #{@package_name}"
end
end
end

2
lib/resources/group.rb
View file

@ -13,6 +13,7 @@
# it { should have_gid 0 }
# end
module Inspec::Resources
class Group < Inspec.resource(1)
name 'group'
desc 'Use the group InSpec audit resource to test groups on the system.'
@ -133,3 +134,4 @@ class WindowsGroup < GroupInfo
end
end
end
end

2
lib/resources/host.rb
View file

@ -24,6 +24,7 @@
# it { should be_resolvable.by('dns') }
# end
module Inspec::Resources
class Host < Inspec.resource(1)
name 'host'
desc 'Use the host InSpec audit resource to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available.'
@ -147,3 +148,4 @@ class WindowsHostProvider < HostProvider
resolv.map { |entry| entry['IPAddress'] }
end
end
end

2
lib/resources/inetd_conf.rb
View file

@ -6,6 +6,7 @@
require 'utils/simpleconfig'
module Inspec::Resources
class InetdConf < Inspec.resource(1)
name 'inetd_conf'
desc 'Use the inetd_conf InSpec audit resource to test if a service is enabled in the inetd.conf file on Linux and UNIX platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The inetd.conf file is typically located at /etc/inetd.conf and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.'
@ -54,3 +55,4 @@ class InetdConf < Inspec.resource(1)
'inetd.conf'
end
end
end

2
lib/resources/ini.rb
View file

@ -4,6 +4,7 @@
require 'utils/simpleconfig'
module Inspec::Resources
class IniConfig < JsonConfig
name 'ini'
desc 'Use the ini InSpec audit resource to test data in a INI file.'
@ -21,3 +22,4 @@ class IniConfig < JsonConfig
"INI #{@path}"
end
end
end

2
lib/resources/interface.rb
View file

@ -4,6 +4,7 @@
require 'utils/convert'
module Inspec::Resources
class NetworkInterface < Inspec.resource(1)
name 'interface'
desc 'Use the interface InSpec audit resource to test basic network adapter properties, such as name, status, state, address, and link speed (in MB/sec).'
@ -125,3 +126,4 @@ class WindowsInterface < InterfaceInfo
adapters[0]
end
end
end

2
lib/resources/iptables.rb
View file

@ -21,6 +21,7 @@
# @see http://ipset.netfilter.org/iptables.man.html
# @see http://ipset.netfilter.org/iptables.man.html
# @see https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
module Inspec::Resources
class IpTables < Inspec.resource(1)
name 'iptables'
desc 'Use the iptables InSpec audit resource to test rules that are defined in iptables, which maintains tables of IP packet filtering rules. There may be more than one table. Each table contains one (or more) chains (both built-in and custom). A chain is a list of rules that match packets. When the rule matches, the rule defines what target to assign to the packet.'
@ -66,3 +67,4 @@ class IpTables < Inspec.resource(1)
format('Iptables %s %s', @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
end
end
end

2
lib/resources/json.rb
View file

@ -2,6 +2,7 @@
# author: Christoph Hartmann
# author: Dominik Richter
module Inspec::Resources
class JsonConfig < Inspec.resource(1)
name 'json'
desc 'Use the json InSpec audit resource to test data in a JSON file.'
@ -80,3 +81,4 @@ class JsonConfig < Inspec.resource(1)
extract_value(keys.clone, value)
end
end
end

2
lib/resources/kernel_module.rb
View file

@ -3,6 +3,7 @@
# author: Dominik Richter
# license: All rights reserved
module Inspec::Resources
class KernelModule < Inspec.resource(1)
name 'kernel_module'
desc 'Use the kernel_module InSpec audit resource to test kernel modules on Linux platforms. These parameters are located under /lib/modules. Any submodule may be tested using this resource.'
@ -39,3 +40,4 @@ class KernelModule < Inspec.resource(1)
"Kernel Module #{@module}"
end
end
end

2
lib/resources/kernel_parameter.rb
View file

@ -2,6 +2,7 @@
# author: Christoph Hartmann
# license: All rights reserved
module Inspec::Resources
class KernelParameter < Inspec.resource(1)
name 'kernel_parameter'
desc 'Use the kernel_parameter InSpec audit resource to test kernel parameters on Linux platforms.'
@ -55,3 +56,4 @@ class LinuxKernelParameter < KernelParameter
"Kernel Parameter #{@parameter}"
end
end
end

2
lib/resources/limits_conf.rb
View file

@ -6,6 +6,7 @@
require 'utils/simpleconfig'
module Inspec::Resources
class LimitsConf < Inspec.resource(1)
name 'limits_conf'
desc 'Use the limits_conf InSpec audit resource to test configuration settings in the /etc/security/limits.conf file. The limits.conf defines limits for processes (by user and/or group names) and helps ensure that the system on which those processes are running remains stable. Each process may be assigned a hard or soft limit.'
@ -53,3 +54,4 @@ class LimitsConf < Inspec.resource(1)
'limits.conf'
end
end
end

2
lib/resources/login_def.rb
View file

@ -18,6 +18,7 @@ require 'utils/simpleconfig'
# }
# end
module Inspec::Resources
class LoginDef < Inspec.resource(1)
name 'login_defs'
desc 'Use the login_defs InSpec audit resource to test configuration settings in the /etc/login.defs file. The logins.defs file defines site-specific configuration for the shadow password suite on Linux and UNIX platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.'
@ -64,3 +65,4 @@ class LoginDef < Inspec.resource(1)
'login.defs'
end
end
end

2
lib/resources/mount.rb
View file

@ -4,6 +4,7 @@
require 'utils/simpleconfig'
module Inspec::Resources
class Mount < Inspec.resource(1)
name 'mount'
desc 'Use the mount InSpec audit resource to test if mount points.'
@ -55,3 +56,4 @@ class Mount < Inspec.resource(1)
"Mount #{@path}"
end
end
end

2
lib/resources/mysql.rb
View file

@ -4,6 +4,7 @@
# author: Christoph Hartmann
# license: All rights reserved
module Inspec::Resources
class Mysql < Inspec.resource(1)
name 'mysql'
@ -79,3 +80,4 @@ class Mysql < Inspec.resource(1)
'MySQL'
end
end
end

6
lib/resources/mysql_conf.rb
View file

@ -8,6 +8,7 @@ require 'utils/find_files'
require 'utils/hash'
require 'resources/mysql'
module Inspec::Resources
class MysqlConfEntry
def initialize(path, params)
@params = params
@ -88,7 +89,7 @@ class MysqlConf < Inspec.resource(1)
to_read = to_read.drop(1)
# see if there is more stuff to include
dir = File.dirname(cur_file)
dir = ::File.dirname(cur_file)
to_read += include_files(dir, raw_conf).find_all do |fp|
not @files_contents.key? fp
end
@ -109,7 +110,7 @@ class MysqlConf < Inspec.resource(1)
def abs_path(dir, f)
return f if f.start_with? '/'
File.join(dir, f)
::File.join(dir, f)
end
def read_file(path)
@ -120,3 +121,4 @@ class MysqlConf < Inspec.resource(1)
'MySQL Configuration'
end
end
end

2
lib/resources/mysql_session.rb
View file

@ -4,6 +4,7 @@
# author: Christoph Hartmann
# license: All rights reserved
module Inspec::Resources
class MysqlSession < Inspec.resource(1)
name 'mysql_session'
desc 'Use the mysql_session InSpec audit resource to test SQL commands run against a MySQL database.'
@ -57,3 +58,4 @@ class MysqlSession < Inspec.resource(1)
@pass = pass[1]
end
end
end

2
lib/resources/npm.rb
View file

@ -2,6 +2,7 @@
# author: Christoph Hartmann
# author: Dominik Richter
module Inspec::Resources
class NpmPackage < Inspec.resource(1)
name 'npm'
desc 'Use the npm InSpec audit resource to test if a global npm package is installed. npm is the the package manager for Nodejs packages, such as bower and StatsD.'
@ -44,3 +45,4 @@ class NpmPackage < Inspec.resource(1)
"Npm Package #{@package_name}"
end
end
end

2
lib/resources/ntp_conf.rb
View file

@ -6,6 +6,7 @@
require 'utils/simpleconfig'
module Inspec::Resources
class NtpConf < Inspec.resource(1)
name 'ntp_conf'
desc 'Use the ntp_conf InSpec audit resource to test the synchronization settings defined in the ntp.conf file. This file is typically located at /etc/ntp.conf.'
@ -56,3 +57,4 @@ class NtpConf < Inspec.resource(1)
@params = conf.params
end
end
end

2
lib/resources/oneget.rb
View file

@ -9,6 +9,7 @@
# describe oneget('zoomit') do
# it { should be_installed }
# end
module Inspec::Resources
class OneGetPackage < Inspec.resource(1)
name 'oneget'
desc 'Use the oneget InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses OneGet, which is part of the Windows Management Framework 5.0 and Windows 10. This resource uses the Get-Package cmdlet to return all of the package names in the OneGet repository.'
@ -67,3 +68,4 @@ class OneGetPackage < Inspec.resource(1)
"OneGet Package #{@package_name}"
end
end
end

2
lib/resources/os.rb
View file

@ -2,6 +2,7 @@
# author: Dominik Richter
# author: Christoph Hartmann
module Inspec::Resources
class OS < Inspec.resource(1)
name 'os'
desc 'Use the os InSpec audit resource to test the platform on which the system is running.'
@ -28,3 +29,4 @@ class OS < Inspec.resource(1)
'Operating System Detection'
end
end
end

2
lib/resources/os_env.rb
View file

@ -13,6 +13,7 @@
require 'utils/simpleconfig'
module Inspec::Resources
class OsEnv < Inspec.resource(1)
name 'os_env'
desc 'Use the os_env InSpec audit resource to test the environment variables for the platform on which the system is running.'
@ -70,3 +71,4 @@ class OsEnv < Inspec.resource(1)
end
end
end
end

2
lib/resources/package.rb
View file

@ -8,6 +8,7 @@
# describe package('nginx') do
# it { should be_installed }
# end
module Inspec::Resources
class Package < Inspec.resource(1)
name 'package'
desc 'Use the package InSpec audit resource to test if the named package and/or package version is installed on the system.'
@ -258,3 +259,4 @@ class SolarisPkg < PkgManagement
}
end
end
end

2
lib/resources/parse_config.rb
View file

@ -13,6 +13,7 @@
# }
# describe parse_config(audit, options ) do
module Inspec::Resources
class PConfig < Inspec.resource(1)
name 'parse_config'
desc 'Use the parse_config InSpec audit resource to test arbitrary configuration files.'
@ -87,3 +88,4 @@ class PConfigFile < PConfig
"Parse Config File #{@conf_path}"
end
end
end

2
lib/resources/passwd.rb
View file

@ -15,6 +15,7 @@
require 'utils/parser'
module Inspec::Resources
class Passwd < Inspec.resource(1)
name 'passwd'
desc 'Use the passwd InSpec audit resource to test the contents of /etc/passwd, which contains the following information for users that may log into the system and/or as users that own running processes.'
@ -124,3 +125,4 @@ class Passwd < Inspec.resource(1)
@params.map { |x| x[id] }
end
end
end

2
lib/resources/pip.rb
View file

@ -7,6 +7,7 @@
# it { should be_installed }
# end
#
module Inspec::Resources
class PipPackage < Inspec.resource(1)
name 'pip'
desc 'Use the pip InSpec audit resource to test packages that are installed using the pip installer.'
@ -79,3 +80,4 @@ class PipPackage < Inspec.resource(1)
pipcmd || 'pip'
end
end
end

2
lib/resources/port.rb
View file

@ -17,6 +17,7 @@ require 'utils/parser'
#
# TODO: currently we return local ip only
# TODO: improve handling of same port on multiple interfaces
module Inspec::Resources
class Port < Inspec.resource(1)
name 'port'
desc "Use the port InSpec audit resource to test basic port properties, such as port, process, if it's listening."
@ -427,3 +428,4 @@ class SolarisPorts < FreeBsdPorts
ports
end
end
end

8
lib/resources/postgres.rb
View file

@ -4,6 +4,7 @@
# author: Christoph Hartmann
# license: All rights reserved
module Inspec::Resources
class Postgres < Inspec.resource(1)
name 'postgres'
@ -15,19 +16,19 @@ class Postgres < Inspec.resource(1)
@data_dir = '/var/lib/postgresql'
@version = inspec.command('ls /etc/postgresql/').stdout.chomp
@conf_dir = "/etc/postgresql/#{@version}/main"
@conf_path = File.join @conf_dir, 'postgresql.conf'
@conf_path = ::File.join @conf_dir, 'postgresql.conf'
when 'arch'
@service = 'postgresql'
@data_dir = '/var/lib/postgres/data'
@conf_dir = '/var/lib/postgres/data'
@conf_path = File.join @conf_dir, 'postgresql.conf'
@conf_path = ::File.join @conf_dir, 'postgresql.conf'
else
@service = 'postgresql'
@data_dir = '/var/lib/postgresql'
@conf_dir = '/var/lib/pgsql/data'
@conf_path = File.join @conf_dir, 'postgresql.conf'
@conf_path = ::File.join @conf_dir, 'postgresql.conf'
end
end
@ -35,3 +36,4 @@ class Postgres < Inspec.resource(1)
'PostgreSQL'
end
end
end

4
lib/resources/postgres_conf.rb
View file

@ -8,6 +8,7 @@ require 'utils/simpleconfig'
require 'utils/find_files'
require 'resources/postgres'
module Inspec::Resources
class PostgresConf < Inspec.resource(1)
name 'postgres_conf'
desc 'Use the postgres_conf InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at /etc/postgresql/<version>/main/postgresql.conf or /var/lib/postgres/data/postgresql.conf, depending on the platform.'
@ -21,7 +22,7 @@ class PostgresConf < Inspec.resource(1)
def initialize(conf_path = nil)
@conf_path = conf_path || inspec.postgres.conf_path
@conf_dir = File.expand_path(File.dirname(@conf_path))
@conf_dir = ::File.expand_path(::File.dirname(@conf_path))
@files_contents = {}
@content = nil
@params = nil
@ -91,3 +92,4 @@ class PostgresConf < Inspec.resource(1)
'PostgreSQL Configuration'
end
end
end

2
lib/resources/postgres_session.rb
View file

@ -4,6 +4,7 @@
# author: Christoph Hartmann
# license: All rights reserved
module Inspec::Resources
class Lines
attr_reader :output
@ -60,3 +61,4 @@ class PostgresSession < Inspec.resource(1)
end
end
end
end

2
lib/resources/processes.rb
View file

@ -4,6 +4,7 @@
# author: Christoph Hartmann
# license: All rights reserved
module Inspec::Resources
class Processes < Inspec.resource(1)
name 'processes'
desc 'Use the processes InSpec audit resource to test properties for programs that are running on the system.'
@ -71,3 +72,4 @@ class Processes < Inspec.resource(1)
end
end
end
end

2
lib/resources/registry_key.rb
View file

@ -10,6 +10,7 @@ require 'json'
# its('Start') { should eq 2 }
# end
module Inspec::Resources
class RegistryKey < Inspec.resource(1)
name 'registry_key'
desc 'Use the registry_key InSpec audit resource to test key values in the Microsoft Windows registry.'
@ -181,3 +182,4 @@ class WindowsRegistryKey < RegistryKey
warn '[DEPRECATION] `windows_registry_key(reg_key)` is deprecated. Please use `registry_key(\'path\to\key\')` instead.'
end
end
end

2
lib/resources/script.rb
View file

@ -4,6 +4,7 @@
# author: Dominik Richter
# license: All rights reserved
module Inspec::Resources
class Script < Cmd
name 'script'
desc 'Use the script InSpec audit resource to test a Windows PowerShell script on the Microsoft Windows platform.'
@ -39,3 +40,4 @@ class Script < Cmd
'Script'
end
end
end

2
lib/resources/security_policy.rb
View file

@ -13,6 +13,7 @@
# All local GPO parameters can be examined via Registry, but not all security
# parameters. Therefore we need a combination of Registry and secedit output
module Inspec::Resources
class SecurityPolicy < Inspec.resource(1)
name 'security_policy'
desc 'Use the security_policy InSpec audit resource to test security policies on the Microsoft Windows platform.'
@ -80,3 +81,4 @@ class SecurityPolicy < Inspec.resource(1)
'Security Policy'
end
end
end

2
lib/resources/service.rb
View file

@ -4,6 +4,7 @@
# author: Stephan Renatus
# license: All rights reserved
module Inspec::Resources
class Runlevels < Hash
attr_accessor :owner
@ -729,3 +730,4 @@ class RunitService < Service
Runit.new(inspec, service_ctl)
end
end
end

2
lib/resources/shadow.rb
View file

@ -15,6 +15,7 @@ require 'forwardable'
# - inactive_days before deactivating the account
# - expiry_date when this account will expire
module Inspec::Resources
class Shadow < Inspec.resource(1)
name 'shadow'
desc 'Use the shadow InSpec resource to test the contents of /etc/shadow, '\
@ -133,3 +134,4 @@ class Shadow < Inspec.resource(1)
}
end
end
end

2
lib/resources/ssh_conf.rb
View file

@ -6,6 +6,7 @@
require 'utils/simpleconfig'
module Inspec::Resources
class SshConf < Inspec.resource(1)
name 'ssh_config'
desc 'Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command executation, and data exchanges.'
@ -79,3 +80,4 @@ class SshdConf < SshConf
super(path || '/etc/ssh/sshd_config')
end
end
end

2
lib/resources/user.rb
View file

@ -38,6 +38,7 @@
require 'utils/parser'
require 'utils/convert'
module Inspec::Resources
class User < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
name 'user'
desc 'Use the user InSpec audit resource to test user profiles, including the groups to which they belong, the frequency of required password changes, the directory paths to home and shell.'
@ -456,3 +457,4 @@ class WindowsUser < UserInfo
}
end
end
end

2
lib/resources/windows_feature.rb
View file

@ -27,6 +27,7 @@
# "Installed": false,
# "InstallState": 0
# }
module Inspec::Resources
class WindowsFeature < Inspec.resource(1)
name 'windows_feature'
desc 'Use the windows_feature InSpec audit resource to test features on Microsoft Windows.'
@ -81,3 +82,4 @@ class WindowsFeature < Inspec.resource(1)
"Windows Feature '#{@feature}'"
end
end
end

2
lib/resources/xinetd.rb
View file

@ -4,6 +4,7 @@
require 'utils/parser'
module Inspec::Resources
class XinetdConf < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
name 'xinetd_conf'
desc 'Xinetd services configuration.'
@ -140,3 +141,4 @@ class XinetdConf < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
@contents[path]
end
end
end

2
lib/resources/yaml.rb
View file

@ -9,6 +9,7 @@ require 'yaml'
# describe yaml('.kitchen.yaml') do
# its('driver.name') { should eq('vagrant') }
# end
module Inspec::Resources
class YamlConfig < JsonConfig
name 'yaml'
desc 'Use the yaml InSpec audit resource to test configuration data in a YAML file.'
@ -27,3 +28,4 @@ class YamlConfig < JsonConfig
"YAML #{@path}"
end
end
end

2
lib/resources/yum.rb
View file

@ -30,6 +30,7 @@ require 'resources/file'
# it { should be_enabled }
# end
module Inspec::Resources
class Yum < Inspec.resource(1)
name 'yum'
desc 'Use the yum InSpec audit resource to test packages in the Yum repository.'
@ -159,3 +160,4 @@ class YumRepoLegacy < Yum
warn '[DEPRECATION] `yumrepo(reponame)` is deprecated. Please use `yum.repo(reponame)` instead.'
end
end
end

4
test/helper.rb
View file

@ -136,7 +136,7 @@ class MockLoader
'$Env:PATH' => cmd.call('$env-PATH'),
# registry key test (winrm 1.6.0, 1.6.1)
'2790db1e88204a073ed7fd3493f5445e5ce531afd0d2724a0e36c17110c535e6' => cmd.call('reg_schedule'),
'b00eb49a98c96a808c469e4894b5123a913e354c9ffea5b785898fe30d288ee0' => cmd.call('reg_schedule'),
'25a1a38fafc289a646d30f7aa966ce0901c267798f47abf2f9440e27d31a5b7d' => cmd.call('reg_schedule'),
'Auditpol /get /subcategory:\'User Account Management\' /r' => cmd.call('auditpol'),
'/sbin/auditctl -l' => cmd.call('auditctl'),
'/sbin/auditctl -s' => cmd.call('auditctl-s'),
@ -196,7 +196,7 @@ class MockLoader
'pw usershow root -7' => cmd.call('pw-usershow-root-7'),
# user info for windows (winrm 1.6.0, 1.6.1)
'650b6b72a66316418b25421a54afe21a230704558082914c54711904bb10e370' => cmd.call('GetUserAccount'),
'272e1d767fe6e28c86cfba1a75c3d458acade1f4a36cfd5e711b97884879de24' => cmd.call('GetUserAccount'),
'174686f0441b8dd387b35cf1cbeed3f98441544351de5d8fb7b54f655e75583f' => cmd.call('GetUserAccount'),
# group info for windows
'Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json' => cmd.call('GetWin32Group'),
# network interface