mirror of
https://github.com/inspec/inspec
synced 2024-09-20 06:21:56 +00:00
rename vulcanosec -> inspec
This commit is contained in:
parent
ecc731dab1
commit
b58a4b3f43
118 changed files with 436 additions and 426 deletions
26
README.md
26
README.md
|
@ -1,4 +1,4 @@
|
|||
# Vulcano CLI
|
||||
# Inspec CLI
|
||||
|
||||
Test your Server, VM, or workstation.
|
||||
|
||||
|
@ -17,7 +17,7 @@ end
|
|||
Run this file locally:
|
||||
|
||||
```bash
|
||||
vulcano exec test.rb
|
||||
inspec exec test.rb
|
||||
```
|
||||
|
||||
## Installation
|
||||
|
@ -28,20 +28,20 @@ To simply run it without installation, you must install [bundler](http://bundler
|
|||
|
||||
```bash
|
||||
bundle install
|
||||
bundle exec bin/vulcano help
|
||||
bundle exec bin/inspec help
|
||||
```
|
||||
|
||||
To install it as a gem locally, run:
|
||||
|
||||
```bash
|
||||
gem build vulcano.gemspec
|
||||
gem install vulcano-*.gem
|
||||
gem build inspec.gemspec
|
||||
gem install inspec-*.gem
|
||||
```
|
||||
|
||||
You should now be able to run:
|
||||
|
||||
```bash
|
||||
vulcano --help
|
||||
inspec --help
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
@ -52,16 +52,16 @@ Run tests against different targets:
|
|||
|
||||
```bash
|
||||
# run test locally
|
||||
vulcano exec test.rb
|
||||
inspec exec test.rb
|
||||
|
||||
# run test on remote host on SSH
|
||||
vulcano exec test.rb -t ssh://user@hostname
|
||||
inspec exec test.rb -t ssh://user@hostname
|
||||
|
||||
# run test on remote windows host on WinRM
|
||||
vulcano exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
|
||||
inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
|
||||
|
||||
# run test on docker container
|
||||
vulcano exec test.rb -t docker://container_id
|
||||
inspec exec test.rb -t docker://container_id
|
||||
```
|
||||
|
||||
### detect
|
||||
|
@ -70,7 +70,7 @@ Verify your configuration and detect
|
|||
|
||||
```bash
|
||||
id=$( docker run -dti ubuntu:14.04 /bin/bash )
|
||||
vulcano detect -t docker://$id
|
||||
inspec detect -t docker://$id
|
||||
```
|
||||
|
||||
Which will provide you with:
|
||||
|
@ -87,12 +87,12 @@ application called Gordon and save it in `gordon_config.rb`:
|
|||
```ruby
|
||||
require 'yaml'
|
||||
|
||||
class GordonConfig < Vulcano.resource
|
||||
class GordonConfig < Inspec.resource
|
||||
name 'gordon_config'
|
||||
|
||||
def initialize
|
||||
@path = '/etc/gordon/config.yaml'
|
||||
@config = vulcano.file(@path).content
|
||||
@config = inspec.file(@path).content
|
||||
@params = YAML.load(@config)
|
||||
end
|
||||
|
||||
|
|
|
@ -6,9 +6,9 @@
|
|||
|
||||
require 'thor'
|
||||
require 'json'
|
||||
require_relative '../lib/vulcano'
|
||||
require_relative '../lib/inspec'
|
||||
|
||||
class VulcanoCLI < Thor
|
||||
class InspecCLI < Thor
|
||||
def self.target_options
|
||||
option :target, aliases: :t, type: :string, default: nil,
|
||||
desc: 'Simple targeting option using URIs, e.g. ssh://user:pass@host:port'
|
||||
|
@ -44,7 +44,7 @@ class VulcanoCLI < Thor
|
|||
option :output, aliases: :o, type: :string,
|
||||
desc: 'Save the created profile to a path'
|
||||
def json(path)
|
||||
profile = Vulcano::Profile.from_path(path, options)
|
||||
profile = Inspec::Profile.from_path(path, options)
|
||||
dst = options[:output].to_s
|
||||
if dst.empty?
|
||||
puts JSON.pretty_generate(profile.info)
|
||||
|
@ -63,7 +63,7 @@ class VulcanoCLI < Thor
|
|||
def check(path)
|
||||
o = options.dup
|
||||
o[:logger] = Logger.new(STDOUT)
|
||||
profile = Vulcano::Profile.from_path(path, o)
|
||||
profile = Inspec::Profile.from_path(path, o)
|
||||
exit 1 unless profile.check
|
||||
end
|
||||
|
||||
|
@ -73,7 +73,7 @@ class VulcanoCLI < Thor
|
|||
target_options
|
||||
option :format, type: :string, default: 'progress'
|
||||
def exec(*tests)
|
||||
runner = Vulcano::Runner.new(options)
|
||||
runner = Inspec::Runner.new(options)
|
||||
runner.add_tests(tests)
|
||||
runner.run
|
||||
rescue RuntimeError => e
|
||||
|
@ -83,7 +83,7 @@ class VulcanoCLI < Thor
|
|||
desc 'detect', 'detect the target OS'
|
||||
target_options
|
||||
def detect
|
||||
runner = Vulcano::Runner.new(options)
|
||||
runner = Inspec::Runner.new(options)
|
||||
rel = File.join(File.dirname(__FILE__), *%w{.. lib utils detect.rb})
|
||||
detect_util = File.expand_path(rel)
|
||||
runner.add_tests([detect_util])
|
||||
|
@ -95,15 +95,15 @@ class VulcanoCLI < Thor
|
|||
desc 'shell', 'open an interactive debugging shell'
|
||||
target_options
|
||||
def shell_func
|
||||
runner = Vulcano::Runner.new(options)
|
||||
Vulcano::Shell.new(runner).start
|
||||
runner = Inspec::Runner.new(options)
|
||||
Inspec::Shell.new(runner).start
|
||||
rescue RuntimeError => e
|
||||
puts e.message
|
||||
end
|
||||
|
||||
desc 'version', 'prints the version of this tool'
|
||||
def version
|
||||
puts Vulcano::VERSION
|
||||
puts Inspec::VERSION
|
||||
end
|
||||
end
|
||||
VulcanoCLI.start(ARGV)
|
||||
InspecCLI.start(ARGV)
|
|
@ -1,7 +1,7 @@
|
|||
# encoding: utf-8
|
||||
source 'https://rubygems.org'
|
||||
|
||||
gem 'vulcano', path: '../../.'
|
||||
gem 'inspec', path: '../../.'
|
||||
gem 'train', git: 'git@github.com:chef/train.git'
|
||||
|
||||
group :test do
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
# coding: utf-8
|
||||
lib = File.expand_path('../lib', __FILE__)
|
||||
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
||||
require 'vulcano/version'
|
||||
require 'inspec/version'
|
||||
|
||||
Gem::Specification.new do |spec|
|
||||
spec.name = 'vulcano'
|
||||
spec.version = Vulcano::VERSION
|
||||
spec.name = 'inspec'
|
||||
spec.version = Inspec::VERSION
|
||||
spec.authors = ['Dominik Richter']
|
||||
spec.email = ['dominik@vulcanosec.com']
|
||||
spec.summary = 'Validate Vulcano compliance checks.'
|
||||
spec.description = 'Validate Vulcano compliance checks.'
|
||||
spec.email = ['dominik.richter@gmail.com']
|
||||
spec.summary = 'Validate Inspec compliance checks.'
|
||||
spec.description = 'Validate Inspec compliance checks.'
|
||||
spec.homepage = 'https://github.com/...'
|
||||
spec.license = 'Proprietary'
|
||||
|
|
@ -10,11 +10,11 @@ Encoding.default_internal = Encoding::UTF_8
|
|||
libdir = File.dirname(__FILE__)
|
||||
$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
|
||||
|
||||
require 'vulcano/version'
|
||||
require 'vulcano/profile'
|
||||
require 'vulcano/resource'
|
||||
require 'vulcano/rspec_json_formatter'
|
||||
require 'vulcano/rule'
|
||||
require 'vulcano/runner'
|
||||
require 'vulcano/shell'
|
||||
require 'inspec/version'
|
||||
require 'inspec/profile'
|
||||
require 'inspec/resource'
|
||||
require 'inspec/rspec_json_formatter'
|
||||
require 'inspec/rule'
|
||||
require 'inspec/runner'
|
||||
require 'inspec/shell'
|
||||
require 'matchers/matchers'
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
require 'train'
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
module Backend
|
||||
# Create the transport backend with aggregated resources.
|
||||
#
|
||||
|
@ -29,7 +29,7 @@ module Vulcano
|
|||
define_method :backend do
|
||||
connection
|
||||
end
|
||||
Vulcano::Resource.registry.each do |id, r|
|
||||
Inspec::Resource.registry.each do |id, r|
|
||||
define_method id.to_sym do |*args|
|
||||
r.new(self, id.to_s, *args)
|
||||
end
|
|
@ -4,13 +4,13 @@
|
|||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
module Vulcano::DSL
|
||||
module Inspec::DSL
|
||||
def require_rules(id, &block)
|
||||
::Vulcano::DSL.load_spec_files_for_profile self, id, false, &block
|
||||
::Inspec::DSL.load_spec_files_for_profile self, id, false, &block
|
||||
end
|
||||
|
||||
def include_rules(id, &block)
|
||||
::Vulcano::DSL.load_spec_files_for_profile self, id, true, &block
|
||||
::Inspec::DSL.load_spec_files_for_profile self, id, true, &block
|
||||
end
|
||||
|
||||
# Register a given rule with RSpec and
|
||||
|
@ -18,18 +18,18 @@ module Vulcano::DSL
|
|||
# else is merged in.
|
||||
def self.execute_rule(r, profile_id)
|
||||
checks = r.instance_variable_get(:@checks)
|
||||
fid = VulcanoBaseRule.full_id(r, profile_id)
|
||||
fid = InspecBaseRule.full_id(r, profile_id)
|
||||
checks.each do |m, a, b|
|
||||
# check if the resource is skippable and skipped
|
||||
if a.is_a?(Array) && !a.empty? &&
|
||||
a[0].respond_to?(:resource_skipped) &&
|
||||
!a[0].resource_skipped.nil?
|
||||
cres = ::Vulcano::Rule.__send__(m, *a) do
|
||||
cres = ::Inspec::Rule.__send__(m, *a) do
|
||||
it a[0].resource_skipped
|
||||
end
|
||||
else
|
||||
# execute the method
|
||||
cres = ::Vulcano::Rule.__send__(m, *a, &b)
|
||||
cres = ::Inspec::Rule.__send__(m, *a, &b)
|
||||
end
|
||||
if m == 'describe'
|
||||
set_rspec_ids(cres, fid)
|
||||
|
@ -42,7 +42,7 @@ module Vulcano::DSL
|
|||
# merge two rules completely; all defined
|
||||
# fields from src will be overwritten in dst
|
||||
def self.merge_rules(dst, src)
|
||||
VulcanoBaseRule.merge dst, src
|
||||
InspecBaseRule.merge dst, src
|
||||
end
|
||||
|
||||
# Attach an ID attribute to the
|
||||
|
@ -61,7 +61,7 @@ module Vulcano::DSL
|
|||
raw = File.read(file)
|
||||
# TODO: error-handling
|
||||
|
||||
ctx = Vulcano::ProfileContext.new(profile_id, rule_registry, only_ifs)
|
||||
ctx = Inspec::ProfileContext.new(profile_id, rule_registry, only_ifs)
|
||||
ctx.instance_eval(raw, file, 1)
|
||||
end
|
||||
|
||||
|
@ -79,7 +79,7 @@ module Vulcano::DSL
|
|||
# interpret the block and create a set of rules from it
|
||||
block_registry = {}
|
||||
if block_given?
|
||||
ctx = Vulcano::ProfileContext.new(profile_id, block_registry, only_ifs)
|
||||
ctx = Inspec::ProfileContext.new(profile_id, block_registry, only_ifs)
|
||||
ctx.instance_eval(&block)
|
||||
end
|
||||
|
||||
|
@ -110,7 +110,7 @@ module Vulcano::DSL
|
|||
end
|
||||
|
||||
def self.get_spec_files_for_profile(id)
|
||||
base_path = '/etc/vulcanosec/tests'
|
||||
base_path = '/etc/inspec/tests'
|
||||
path = File.join(base_path, id)
|
||||
# find all files to be included
|
||||
files = []
|
||||
|
@ -126,28 +126,25 @@ module Vulcano::DSL
|
|||
end
|
||||
end
|
||||
|
||||
module Vulcano::GlobalDSL
|
||||
module Inspec::GlobalDSL
|
||||
def __register_rule(r)
|
||||
# make sure the profile id is attached to the rule
|
||||
::Vulcano::DSL.execute_rule(r, __profile_id)
|
||||
::Inspec::DSL.execute_rule(r, __profile_id)
|
||||
end
|
||||
|
||||
def __unregister_rule(_id)
|
||||
end
|
||||
end
|
||||
|
||||
module Vulcano::DSLHelper
|
||||
module Inspec::DSLHelper
|
||||
def self.bind_dsl(scope)
|
||||
# rubocop:disable Lint/NestedMethodDefinition
|
||||
(class << scope; self; end).class_exec do
|
||||
include Vulcano::DSL
|
||||
include Vulcano::GlobalDSL
|
||||
def __profile_id
|
||||
ENV['VULCANOSEC_PROFILE_ID']
|
||||
end
|
||||
include Inspec::DSL
|
||||
include Inspec::GlobalDSL
|
||||
end
|
||||
# rubocop:enable all
|
||||
end
|
||||
end
|
||||
|
||||
::Vulcano::DSLHelper.bind_dsl(self)
|
||||
::Inspec::DSLHelper.bind_dsl(self)
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
require 'rainbow/ext/string'
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
class Log
|
||||
def initialize(opts = {})
|
||||
@quiet = opts[:quiet] || false
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
require 'logger'
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
# Extract metadata.rb information
|
||||
class Metadata
|
||||
attr_reader :params
|
|
@ -2,8 +2,8 @@
|
|||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
module Plugins
|
||||
autoload :Resource, 'vulcano/plugins/resource'
|
||||
autoload :Resource, 'inspec/plugins/resource'
|
||||
end
|
||||
end
|
|
@ -2,19 +2,19 @@
|
|||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
module Plugins
|
||||
class Resource
|
||||
def self.name(name = nil)
|
||||
return if name.nil?
|
||||
Vulcano::Plugins::Resource.__register(name, self)
|
||||
Inspec::Plugins::Resource.__register(name, self)
|
||||
end
|
||||
|
||||
def self.__register(name, obj)
|
||||
# rubocop:disable Lint/NestedMethodDefinition
|
||||
cl = Class.new(obj) do
|
||||
# add some common methods
|
||||
include Vulcano::Plugins::ResourceCommon
|
||||
include Inspec::Plugins::ResourceCommon
|
||||
def initialize(backend, name, *args)
|
||||
# attach the backend to this instance
|
||||
@__backend_runner__ = backend
|
||||
|
@ -23,14 +23,14 @@ module Vulcano
|
|||
super(*args)
|
||||
end
|
||||
|
||||
def vulcano
|
||||
def inspec
|
||||
@__backend_runner__
|
||||
end
|
||||
end
|
||||
# rubocop:enable Lint/NestedMethodDefinition
|
||||
|
||||
# add the resource to the registry by name
|
||||
Vulcano::Resource.registry[name] = cl
|
||||
Inspec::Resource.registry[name] = cl
|
||||
end
|
||||
|
||||
# Define methods which are available to all resources
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
require 'vulcano/metadata'
|
||||
require 'inspec/metadata'
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
class Profile
|
||||
def self.from_path(path, options = nil)
|
||||
opt = options.dup || {}
|
|
@ -2,11 +2,11 @@
|
|||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
require 'vulcano/rule'
|
||||
require 'vulcano/dsl'
|
||||
require 'inspec/rule'
|
||||
require 'inspec/dsl'
|
||||
require 'rspec/core/dsl'
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
class ProfileContext
|
||||
attr_reader :rules, :only_ifs
|
||||
def initialize(profile_id, backend, profile_registry = {}, only_ifs = [])
|
||||
|
@ -31,13 +31,13 @@ module Vulcano
|
|||
end
|
||||
|
||||
def unregister_rule(id)
|
||||
full_id = Vulcano::Rule.full_id(@profile_id, id)
|
||||
full_id = Inspec::Rule.full_id(@profile_id, id)
|
||||
@rules[full_id] = nil
|
||||
end
|
||||
|
||||
def register_rule(r)
|
||||
# get the full ID
|
||||
full_id = Vulcano::Rule.full_id(@profile_id, r)
|
||||
full_id = Inspec::Rule.full_id(@profile_id, r)
|
||||
if full_id.nil?
|
||||
# TODO: error
|
||||
return
|
||||
|
@ -48,7 +48,7 @@ module Vulcano
|
|||
if existing.nil?
|
||||
@rules[full_id] = r
|
||||
else
|
||||
Vulcano::Rule.merge(existing, r)
|
||||
Inspec::Rule.merge(existing, r)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -62,7 +62,7 @@ module Vulcano
|
|||
# @return [InnerDSLModule]
|
||||
def create_inner_dsl(backend)
|
||||
Module.new do
|
||||
Vulcano::Resource.registry.each do |id, r|
|
||||
Inspec::Resource.registry.each do |id, r|
|
||||
define_method id.to_sym do |*args|
|
||||
r.new(backend, id.to_s, *args)
|
||||
end
|
||||
|
@ -76,7 +76,7 @@ module Vulcano
|
|||
# @param dsl [InnerDSLModule] which contains all resources
|
||||
# @return [OuterDSLClass]
|
||||
def create_outer_dsl(dsl)
|
||||
rule_class = Class.new(Vulcano::Rule) do
|
||||
rule_class = Class.new(Inspec::Rule) do
|
||||
include RSpec::Core::DSL
|
||||
include dsl
|
||||
end
|
||||
|
@ -127,7 +127,7 @@ module Vulcano
|
|||
|
||||
# rubocop:disable Lint/NestedMethodDefinition
|
||||
Class.new(outer_dsl) do
|
||||
include Vulcano::DSL
|
||||
include Inspec::DSL
|
||||
|
||||
define_method :__register_rule do |*args|
|
||||
profile_context_owner.register_rule(*args)
|
|
@ -4,9 +4,9 @@
|
|||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
require 'vulcano/plugins'
|
||||
require 'inspec/plugins'
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
class Resource
|
||||
def self.registry
|
||||
@registry ||= {}
|
||||
|
@ -17,7 +17,7 @@ module Vulcano
|
|||
if version != 1
|
||||
fail 'Only resource version 1 is supported!'
|
||||
end
|
||||
Vulcano::Plugins::Resource
|
||||
Inspec::Plugins::Resource
|
||||
end
|
||||
end
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
require 'rspec/expectations'
|
||||
require 'method_source'
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
class ExpectationTarget
|
||||
attr_reader :calls, :value, :block
|
||||
def initialize(value, &block)
|
|
@ -5,15 +5,15 @@
|
|||
# author: Christoph Hartmann
|
||||
|
||||
require 'uri'
|
||||
require 'vulcano/backend'
|
||||
require 'vulcano/profile_context'
|
||||
require 'vulcano/targets'
|
||||
require 'inspec/backend'
|
||||
require 'inspec/profile_context'
|
||||
require 'inspec/targets'
|
||||
# spec requirements
|
||||
require 'rspec'
|
||||
require 'rspec/its'
|
||||
require 'vulcano/rspec_json_formatter'
|
||||
require 'inspec/rspec_json_formatter'
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
class Runner
|
||||
attr_reader :tests, :backend, :rules
|
||||
def initialize(conf = {})
|
||||
|
@ -39,13 +39,13 @@ module Vulcano
|
|||
end
|
||||
|
||||
def configure_transport
|
||||
@backend = Vulcano::Backend.create(@conf)
|
||||
@backend = Inspec::Backend.create(@conf)
|
||||
end
|
||||
|
||||
def add_tests(tests)
|
||||
# retrieve the raw ruby code of all tests
|
||||
items = tests.map do |test|
|
||||
Vulcano::Targets.resolve(test)
|
||||
Inspec::Targets.resolve(test)
|
||||
end
|
||||
|
||||
# add all tests (raw) to the runtime
|
||||
|
@ -55,7 +55,7 @@ module Vulcano
|
|||
end
|
||||
|
||||
def create_context
|
||||
Vulcano::ProfileContext.new(@profile_id, @backend)
|
||||
Inspec::ProfileContext.new(@profile_id, @backend)
|
||||
end
|
||||
|
||||
def add_content(content, source, line = nil)
|
|
@ -2,7 +2,7 @@
|
|||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
class Shell
|
||||
def initialize(runner)
|
||||
@runner = runner
|
||||
|
@ -38,7 +38,7 @@ module Vulcano
|
|||
end
|
||||
|
||||
def intro
|
||||
puts 'Welcome to the interactive Vulcano Shell'
|
||||
puts 'Welcome to the interactive Inspec Shell'
|
||||
puts "To find out how to use it, type: #{mark 'usage'}"
|
||||
puts
|
||||
end
|
||||
|
@ -47,7 +47,7 @@ module Vulcano
|
|||
ctx = @runner.backend
|
||||
puts <<EOF
|
||||
|
||||
Welcome to the interactive Vulcano Shell.
|
||||
Welcome to the interactive Inspec Shell.
|
||||
|
||||
You can use resources in this environment to test the target machine.
|
||||
For example:
|
9
lib/inspec/targets.rb
Normal file
9
lib/inspec/targets.rb
Normal file
|
@ -0,0 +1,9 @@
|
|||
# encoding: utf-8
|
||||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
require 'inspec/targets/core'
|
||||
require 'inspec/targets/file'
|
||||
require 'inspec/targets/folder'
|
||||
require 'inspec/targets/url'
|
||||
require 'inspec/targets/dir'
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
require 'utils/modulator'
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
module Targets
|
||||
extend Modulator
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
module Vulcano::Targets
|
||||
module Inspec::Targets
|
||||
module DirsHelper
|
||||
class ProfileDir
|
||||
def handles?(paths)
|
|
@ -2,7 +2,7 @@
|
|||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
module Vulcano::Targets
|
||||
module Inspec::Targets
|
||||
class FileHelper
|
||||
def handles?(target)
|
||||
File.file?(target) and target.end_with?('.rb')
|
||||
|
@ -16,5 +16,5 @@ module Vulcano::Targets
|
|||
end
|
||||
end
|
||||
|
||||
Vulcano::Targets.add_module('file', FileHelper.new)
|
||||
Inspec::Targets.add_module('file', FileHelper.new)
|
||||
end
|
|
@ -2,10 +2,10 @@
|
|||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
require 'vulcano/targets/dir'
|
||||
require 'vulcano/targets/file'
|
||||
require 'inspec/targets/dir'
|
||||
require 'inspec/targets/file'
|
||||
|
||||
module Vulcano::Targets
|
||||
module Inspec::Targets
|
||||
class FolderHelper
|
||||
def handles?(target)
|
||||
File.directory?(target)
|
||||
|
@ -23,7 +23,7 @@ module Vulcano::Targets
|
|||
end
|
||||
|
||||
# get all test file contents
|
||||
file_handler = Vulcano::Targets.modules['file']
|
||||
file_handler = Inspec::Targets.modules['file']
|
||||
raw_files = helper.get_filenames(files)
|
||||
raw_files.map do |f|
|
||||
file_handler.resolve(File.join(target, f))
|
||||
|
@ -31,5 +31,5 @@ module Vulcano::Targets
|
|||
end
|
||||
end
|
||||
|
||||
Vulcano::Targets.add_module('folder', FolderHelper.new)
|
||||
Inspec::Targets.add_module('folder', FolderHelper.new)
|
||||
end
|
|
@ -5,7 +5,7 @@
|
|||
require 'rubygems/package'
|
||||
require 'zlib'
|
||||
|
||||
module Vulcano::Targets
|
||||
module Inspec::Targets
|
||||
class TarHelper
|
||||
def structure(input)
|
||||
files = []
|
|
@ -5,9 +5,9 @@
|
|||
require 'uri'
|
||||
require 'tempfile'
|
||||
require 'open-uri'
|
||||
require 'vulcano/targets/zip'
|
||||
require 'inspec/targets/zip'
|
||||
|
||||
module Vulcano::Targets
|
||||
module Inspec::Targets
|
||||
class UrlHelper
|
||||
def handles?(target)
|
||||
uri = URI.parse(target)
|
||||
|
@ -24,7 +24,7 @@ module Vulcano::Targets
|
|||
end
|
||||
|
||||
def resolve_zip(url)
|
||||
zipfile = Tempfile.new('vulcano-dl-')
|
||||
zipfile = Tempfile.new('inspec-dl-')
|
||||
zipfile.binmode
|
||||
zipfile.write(open(url).read)
|
||||
zipfile.rewind
|
||||
|
@ -35,5 +35,5 @@ module Vulcano::Targets
|
|||
end
|
||||
end
|
||||
|
||||
Vulcano::Targets.add_module('url', UrlHelper.new)
|
||||
Inspec::Targets.add_module('url', UrlHelper.new)
|
||||
end
|
|
@ -3,9 +3,9 @@
|
|||
# author: Christoph Hartmann
|
||||
|
||||
require 'zip'
|
||||
require 'vulcano/targets/dir'
|
||||
require 'inspec/targets/dir'
|
||||
|
||||
module Vulcano::Targets
|
||||
module Inspec::Targets
|
||||
class ZipHelper
|
||||
def content(input, _filter)
|
||||
content = []
|
||||
|
@ -39,7 +39,7 @@ module Vulcano::Targets
|
|||
end
|
||||
# get all file contents
|
||||
# @TODO
|
||||
_file_handler = Vulcano::Targets.modules['file']
|
||||
_file_handler = Inspec::Targets.modules['file']
|
||||
test_files = helper.get_filenames(files)
|
||||
content(path, test_files)
|
||||
end
|
|
@ -2,6 +2,6 @@
|
|||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
module Vulcano
|
||||
module Inspec
|
||||
VERSION = '0.8.0'
|
||||
end
|
|
@ -7,7 +7,7 @@
|
|||
require 'utils/simpleconfig'
|
||||
require 'utils/find_files'
|
||||
|
||||
class ApacheConf < Vulcano.resource(1)
|
||||
class ApacheConf < Inspec.resource(1)
|
||||
name 'apache_conf'
|
||||
|
||||
include FindFiles
|
||||
|
@ -49,7 +49,7 @@ class ApacheConf < Vulcano.resource(1)
|
|||
@params = {}
|
||||
|
||||
# skip if the main configuration file doesn't exist
|
||||
file = vulcano.file(@conf_path)
|
||||
file = inspec.file(@conf_path)
|
||||
if !file.file?
|
||||
return skip_resource "Can't find file \"#{@conf_path}\""
|
||||
end
|
||||
|
@ -104,7 +104,7 @@ class ApacheConf < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
def read_file(path)
|
||||
@files_contents[path] ||= vulcano.file(path).content
|
||||
@files_contents[path] ||= inspec.file(path).content
|
||||
end
|
||||
|
||||
def to_s
|
||||
|
|
|
@ -28,13 +28,13 @@
|
|||
|
||||
require 'uri'
|
||||
|
||||
class AptRepository < Vulcano.resource(1)
|
||||
class AptRepository < Inspec.resource(1)
|
||||
name 'apt'
|
||||
|
||||
def initialize(ppa_name)
|
||||
@deb_url = nil
|
||||
# check if the os is ubuntu or debian
|
||||
if vulcano.os.debian?
|
||||
if inspec.os.debian?
|
||||
@deb_url = determine_ppa_url(ppa_name)
|
||||
else
|
||||
# this resource is only supported on ubuntu and debian
|
||||
|
@ -70,7 +70,7 @@ class AptRepository < Vulcano.resource(1)
|
|||
return @repo_cache if defined?(@repo_cache)
|
||||
|
||||
# load all lists
|
||||
cmd = vulcano.command("find /etc/apt/ -name \*.list -exec sh -c 'cat {} || echo -n' \\;")
|
||||
cmd = inspec.command("find /etc/apt/ -name \*.list -exec sh -c 'cat {} || echo -n' \\;")
|
||||
|
||||
# @see https://help.ubuntu.com/community/Repositories/CommandLine#Explanation_of_the_Repository_Format
|
||||
@repo_cache = cmd.stdout.chomp.split("\n").each_with_object([]) do |raw_line, lines|
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
# its('Other Account Logon Events') { should_not eq 'No Auditing' }
|
||||
# end
|
||||
|
||||
class AuditPolicy < Vulcano.resource(1)
|
||||
class AuditPolicy < Inspec.resource(1)
|
||||
name 'audit_policy'
|
||||
|
||||
def method_missing(method)
|
||||
|
@ -39,7 +39,7 @@ class AuditPolicy < Vulcano.resource(1)
|
|||
# expected result:
|
||||
# Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
|
||||
# WIN-MB8NINQ388J,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,
|
||||
result ||= vulcano.command("Auditpol /get /subcategory:'#{key}' /r").stdout
|
||||
result ||= inspec.command("Auditpol /get /subcategory:'#{key}' /r").stdout
|
||||
|
||||
# find line
|
||||
target = nil
|
||||
|
|
|
@ -13,7 +13,7 @@ require 'utils/simpleconfig'
|
|||
# its("admin_space_left_action") { should eq "halt" }
|
||||
# end
|
||||
|
||||
class AuditDaemonConf < Vulcano.resource(1)
|
||||
class AuditDaemonConf < Inspec.resource(1)
|
||||
name 'auditd_conf'
|
||||
|
||||
def initialize(path = nil)
|
||||
|
@ -34,7 +34,7 @@ class AuditDaemonConf < Vulcano.resource(1)
|
|||
return @params if defined?(@params)
|
||||
|
||||
# read the file
|
||||
file = vulcano.file(@conf_path)
|
||||
file = inspec.file(@conf_path)
|
||||
if !file.file?
|
||||
skip_resource "Can't find file '#{@conf_path}'"
|
||||
return @params = {}
|
||||
|
|
|
@ -12,11 +12,11 @@
|
|||
# its("LIST_RULES") {should contain_match(/^exit,always watch=\/etc\/localtime perm=wa key=time-change/)}
|
||||
# end
|
||||
|
||||
class AuditDaemonRules < Vulcano.resource(1)
|
||||
class AuditDaemonRules < Inspec.resource(1)
|
||||
name 'auditd_rules'
|
||||
|
||||
def initialize
|
||||
@content = vulcano.command('/sbin/auditctl -l').stdout.chomp
|
||||
@content = inspec.command('/sbin/auditctl -l').stdout.chomp
|
||||
|
||||
@opts = {
|
||||
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
||||
|
@ -37,7 +37,7 @@ class AuditDaemonRules < Vulcano.resource(1)
|
|||
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
||||
multiple_values: false,
|
||||
}
|
||||
@status_content ||= vulcano.command('/sbin/auditctl -s').stdout.chomp
|
||||
@status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp
|
||||
@status_params = SimpleConfig.new(@status_content, @status_opts).params
|
||||
|
||||
status = @status_params['AUDIT_STATUS']
|
||||
|
|
|
@ -10,14 +10,14 @@ require 'resources/file'
|
|||
# it { should have_interface 'eth0' }
|
||||
# end
|
||||
|
||||
module Vulcano::Resources
|
||||
module Inspec::Resources
|
||||
class Bond < File
|
||||
name 'bond'
|
||||
|
||||
def initialize(bond)
|
||||
@bond = bond
|
||||
@path = "/proc/net/bonding/#{bond}"
|
||||
@file = vulcano.file(@path)
|
||||
@file = inspec.file(@path)
|
||||
@content = nil
|
||||
@params = {}
|
||||
@loaded = false
|
||||
|
|
|
@ -8,17 +8,17 @@
|
|||
# it { should have_interface 'eth0' }
|
||||
# end
|
||||
|
||||
class Bridge < Vulcano.resource(1)
|
||||
class Bridge < Inspec.resource(1)
|
||||
name 'bridge'
|
||||
|
||||
def initialize(bridge_name)
|
||||
@bridge_name = bridge_name
|
||||
|
||||
@bridge_provider = nil
|
||||
if vulcano.os.linux?
|
||||
@bridge_provider = LinuxBridge.new(vulcano)
|
||||
elsif vulcano.os.windows?
|
||||
@bridge_provider = WindowsBridge.new(vulcano)
|
||||
if inspec.os.linux?
|
||||
@bridge_provider = LinuxBridge.new(inspec)
|
||||
elsif inspec.os.windows?
|
||||
@bridge_provider = WindowsBridge.new(inspec)
|
||||
else
|
||||
return skip_resource 'The `bridge` resource is not supported on your OS yet.'
|
||||
end
|
||||
|
@ -29,7 +29,7 @@ class Bridge < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
def has_interface?(interface)
|
||||
return skip_resource 'The `bridge` resource does not provide interface detection for Windows yet' if vulcano.os.windows?
|
||||
return skip_resource 'The `bridge` resource does not provide interface detection for Windows yet' if inspec.os.windows?
|
||||
bridge_info.nil? ? false : bridge_info[:interfaces].include?(interface)
|
||||
end
|
||||
|
||||
|
@ -50,8 +50,9 @@ class Bridge < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
class BridgeDetection
|
||||
def initialize(vulcano)
|
||||
@vulcano = vulcano
|
||||
attr_reader :inspec
|
||||
def initialize(inspec)
|
||||
@inspec = inspec
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -63,11 +64,11 @@ end
|
|||
class LinuxBridge < BridgeDetection
|
||||
def bridge_info(bridge_name)
|
||||
# read bridge information
|
||||
bridge = @vulcano.file("/sys/class/net/#{bridge_name}/bridge").directory?
|
||||
bridge = inspec.file("/sys/class/net/#{bridge_name}/bridge").directory?
|
||||
return nil unless bridge
|
||||
|
||||
# load interface names
|
||||
interfaces = @vulcano.command("ls -1 /sys/class/net/#{bridge_name}/brif/")
|
||||
interfaces = inspec.command("ls -1 /sys/class/net/#{bridge_name}/brif/")
|
||||
interfaces = interfaces.stdout.chomp.split("\n")
|
||||
{
|
||||
name: bridge_name,
|
||||
|
@ -84,7 +85,7 @@ end
|
|||
class WindowsBridge < BridgeDetection
|
||||
def bridge_info(bridge_name)
|
||||
# find all bridge adapters
|
||||
cmd = @vulcano.command('Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json')
|
||||
cmd = inspec.command('Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json')
|
||||
|
||||
# filter network interface
|
||||
begin
|
||||
|
|
|
@ -12,14 +12,14 @@
|
|||
# its(:exit_status) { should eq 0 }
|
||||
# end
|
||||
|
||||
class Cmd < Vulcano.resource(1)
|
||||
class Cmd < Inspec.resource(1)
|
||||
name 'command'
|
||||
def initialize(cmd)
|
||||
@command = cmd
|
||||
end
|
||||
|
||||
def result
|
||||
@result ||= vulcano.backend.run_command(@command)
|
||||
@result ||= inspec.backend.run_command(@command)
|
||||
end
|
||||
|
||||
def stdout
|
||||
|
@ -35,7 +35,7 @@ class Cmd < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
def exist?
|
||||
res = vulcano.backend.run_command("type \"#{@command}\" > /dev/null")
|
||||
res = inspec.backend.run_command("type \"#{@command}\" > /dev/null")
|
||||
res.exit_status.to_i == 0
|
||||
end
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
require 'resources/file'
|
||||
|
||||
module Vulcano::Resources
|
||||
module Inspec::Resources
|
||||
class Directory < File
|
||||
name 'directory'
|
||||
end
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
require 'utils/convert'
|
||||
require 'utils/parser'
|
||||
|
||||
class EtcGroup < Vulcano.resource(1)
|
||||
class EtcGroup < Inspec.resource(1)
|
||||
include Converter
|
||||
include ContentParser
|
||||
|
||||
|
@ -37,7 +37,7 @@ class EtcGroup < Vulcano.resource(1)
|
|||
|
||||
# skip resource if it is not supported on current OS
|
||||
return skip_resource 'The `etc_group` resource is not supported on your OS.' \
|
||||
unless %w{ubuntu debian redhat fedora arch darwin freebsd}.include?(vulcano.os[:family])
|
||||
unless %w{ubuntu debian redhat fedora arch darwin freebsd}.include?(inspec.os[:family])
|
||||
end
|
||||
|
||||
def groups(filter = nil)
|
||||
|
@ -90,7 +90,7 @@ class EtcGroup < Vulcano.resource(1)
|
|||
private
|
||||
|
||||
def parse_group(path)
|
||||
@content = vulcano.file(path).content
|
||||
@content = inspec.file(path).content
|
||||
# iterate over each line and filter comments
|
||||
@content.split("\n").each_with_object([]) do |line, lines|
|
||||
grp_info = parse_group_line(line)
|
||||
|
|
|
@ -4,14 +4,14 @@
|
|||
# author: Christoph Hartmann
|
||||
# license: All rights reserved
|
||||
|
||||
module Vulcano::Resources
|
||||
class File < Vulcano.resource(1)
|
||||
module Inspec::Resources
|
||||
class File < Inspec.resource(1)
|
||||
name 'file'
|
||||
|
||||
attr_reader :path
|
||||
def initialize(path)
|
||||
@path = path
|
||||
@file = vulcano.backend.file(@path)
|
||||
@file = inspec.backend.file(@path)
|
||||
end
|
||||
|
||||
%w{
|
||||
|
@ -79,16 +79,16 @@ module Vulcano::Resources
|
|||
|
||||
# check permissions on linux
|
||||
def check_user_access(user, file, flag)
|
||||
if vulcano.os.linux? == true
|
||||
if inspec.os.linux? == true
|
||||
# use sh on linux
|
||||
perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{file}\" #{user}"
|
||||
elsif vulcano.os[:family] == 'freebsd'
|
||||
elsif inspec.os[:family] == 'freebsd'
|
||||
# use sudo on freebsd
|
||||
perm_cmd = "sudo -u #{user} test -#{flag} #{file}"
|
||||
end
|
||||
|
||||
if !perm_cmd.nil?
|
||||
cmd = vulcano.command(perm_cmd)
|
||||
cmd = inspec.command(perm_cmd)
|
||||
cmd.exit_status == 0 ? true : false
|
||||
else
|
||||
return skip_resource 'The `file` resource does not support `by_user` on your OS.'
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
# describe gem('rubocop') do
|
||||
# it { should be_installed }
|
||||
# end
|
||||
class GemPackage < Vulcano.resource(1)
|
||||
class GemPackage < Inspec.resource(1)
|
||||
name 'gem'
|
||||
|
||||
def initialize(package_name)
|
||||
|
@ -16,7 +16,7 @@ class GemPackage < Vulcano.resource(1)
|
|||
def info
|
||||
return @info if defined?(@info)
|
||||
|
||||
cmd = vulcano.command("gem list --local -a -q \^#{@package_name}\$")
|
||||
cmd = inspec.command("gem list --local -a -q \^#{@package_name}\$")
|
||||
@info = {
|
||||
installed: cmd.exit_status == 0,
|
||||
type: 'gem',
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# it { should have_gid 0 }
|
||||
# end
|
||||
|
||||
class Group < Vulcano.resource(1)
|
||||
class Group < Inspec.resource(1)
|
||||
name 'group'
|
||||
|
||||
def initialize(groupname, domain = nil)
|
||||
|
@ -25,10 +25,10 @@ class Group < Vulcano.resource(1)
|
|||
|
||||
# select group manager
|
||||
@group_provider = nil
|
||||
if vulcano.os.unix?
|
||||
@group_provider = UnixGroup.new(vulcano)
|
||||
elsif vulcano.os.windows?
|
||||
@group_provider = WindowsGroup.new(vulcano)
|
||||
if inspec.os.unix?
|
||||
@group_provider = UnixGroup.new(inspec)
|
||||
elsif inspec.os.windows?
|
||||
@group_provider = WindowsGroup.new(inspec)
|
||||
else
|
||||
return skip_resource 'The `group` resource is not supported on your OS yet.'
|
||||
end
|
||||
|
@ -82,15 +82,16 @@ class Group < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
class GroupInfo
|
||||
def initialize(vulcano)
|
||||
@vulcano = vulcano
|
||||
attr_reader :inspec
|
||||
def initialize(inspec)
|
||||
@inspec = inspec
|
||||
end
|
||||
end
|
||||
|
||||
# implements generic unix groups via /etc/group
|
||||
class UnixGroup < GroupInfo
|
||||
def group_info(group, _domain = nil)
|
||||
@vulcano.etc_group.where(name: group).entries.map { |grp|
|
||||
inspec.etc_group.where(name: group).entries.map { |grp|
|
||||
{
|
||||
name: grp['name'],
|
||||
gid: grp['gid'],
|
||||
|
@ -101,7 +102,7 @@ end
|
|||
|
||||
class WindowsGroup < GroupInfo
|
||||
def group_info(compare_group, compare_domain = nil)
|
||||
cmd = @vulcano.command('Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json')
|
||||
cmd = inspec.command('Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json')
|
||||
|
||||
# cannot rely on exit code for now, successful command returns exit code 1
|
||||
# return nil if cmd.exit_status != 0, try to parse json
|
||||
|
|
|
@ -15,13 +15,13 @@ def gpo(policy_path, policy_name)
|
|||
end
|
||||
|
||||
# Group Policy
|
||||
class GroupPolicy < Vulcano.resource(1)
|
||||
class GroupPolicy < Inspec.resource(1)
|
||||
name 'group_policy'
|
||||
|
||||
def get_registry_value(entry)
|
||||
keys = entry['registry_information'][0]
|
||||
cmd = "(Get-Item 'Registry::#{keys['path']}').GetValue('#{keys['key']}')"
|
||||
command_result ||= vulcano.command(cmd)
|
||||
command_result ||= inspec.command(cmd)
|
||||
val = { exit_code: command_result.exit_status.to_i, data: command_result.stdout }
|
||||
val
|
||||
end
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
# it { should be_resolvable.by('dns') }
|
||||
# end
|
||||
|
||||
class Host < Vulcano.resource(1)
|
||||
class Host < Inspec.resource(1)
|
||||
name 'host'
|
||||
|
||||
def initialize(hostname, params = {})
|
||||
|
@ -33,10 +33,10 @@ class Host < Vulcano.resource(1)
|
|||
@proto = params[:proto] || nil
|
||||
|
||||
@host_provider = nil
|
||||
if vulcano.os.linux?
|
||||
@host_provider = LinuxHostProvider.new(vulcano)
|
||||
elsif vulcano.os.windows?
|
||||
@host_provider = WindowsHostProvider.new(vulcano)
|
||||
if inspec.os.linux?
|
||||
@host_provider = LinuxHostProvider.new(inspec)
|
||||
elsif inspec.os.windows?
|
||||
@host_provider = WindowsHostProvider.new(inspec)
|
||||
else
|
||||
return skip_resource 'The `host` resource is not supported on your OS yet.'
|
||||
end
|
||||
|
@ -76,8 +76,9 @@ class Host < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
class HostProvider
|
||||
def initialize(vulcano)
|
||||
@vulcano = vulcano
|
||||
attr_reader :inspec
|
||||
def initialize(inspec)
|
||||
@inspec = inspec
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -86,13 +87,13 @@ class LinuxHostProvider < HostProvider
|
|||
def ping(hostname, _port = nil, _proto = nil)
|
||||
# fall back to ping, but we can only test ICMP packages with ping
|
||||
# therefore we have to skip the test, if we do not have everything on the node to run the test
|
||||
ping = @vulcano.command("ping -w 1 -c 1 #{hostname}")
|
||||
ping = inspec.command("ping -w 1 -c 1 #{hostname}")
|
||||
ping.exit_status.to_i != 0 ? false : true
|
||||
end
|
||||
|
||||
def resolve(hostname)
|
||||
# TODO: we rely on getent hosts for now, but it prefers to return IPv6, only then IPv4
|
||||
cmd = @vulcano.command("getent hosts #{hostname}")
|
||||
cmd = inspec.command("getent hosts #{hostname}")
|
||||
return nil if cmd.exit_status.to_i != 0
|
||||
|
||||
# extract ip adress
|
||||
|
@ -117,7 +118,7 @@ class WindowsHostProvider < HostProvider
|
|||
request += '| Select-Object -Property ComputerName, RemoteAddress, RemotePort, SourceAddress, PingSucceeded | ConvertTo-Json'
|
||||
p request
|
||||
request += '| Select-Object -Property ComputerName, PingSucceeded | ConvertTo-Json'
|
||||
cmd = @vulcano.command(request)
|
||||
cmd = inspec.command(request)
|
||||
|
||||
begin
|
||||
ping = JSON.parse(cmd.stdout)
|
||||
|
@ -129,7 +130,7 @@ class WindowsHostProvider < HostProvider
|
|||
end
|
||||
|
||||
def resolve(hostname)
|
||||
cmd = @vulcano.command("Resolve-DnsName –Type A #{hostname} | ConvertTo-Json")
|
||||
cmd = inspec.command("Resolve-DnsName –Type A #{hostname} | ConvertTo-Json")
|
||||
begin
|
||||
resolv = JSON.parse(cmd.stdout)
|
||||
rescue JSON::ParserError => _e
|
||||
|
|
|
@ -14,7 +14,7 @@ require 'utils/simpleconfig'
|
|||
# its('exec') { should eq nil }
|
||||
# end
|
||||
|
||||
class InetdConf < Vulcano.resource(1)
|
||||
class InetdConf < Inspec.resource(1)
|
||||
name 'inetd_config'
|
||||
|
||||
def initialize(path = nil)
|
||||
|
@ -29,7 +29,7 @@ class InetdConf < Vulcano.resource(1)
|
|||
return @params if defined?(@params)
|
||||
|
||||
# read the file
|
||||
file = vulcano.file(@conf_path)
|
||||
file = inspec.file(@conf_path)
|
||||
if !file.file?
|
||||
skip_resource "Can't find file \"#{@conf_path}\""
|
||||
return @params = {}
|
||||
|
|
|
@ -11,17 +11,17 @@
|
|||
|
||||
require 'utils/convert'
|
||||
|
||||
class NetworkInterface < Vulcano.resource(1)
|
||||
class NetworkInterface < Inspec.resource(1)
|
||||
name 'interface'
|
||||
|
||||
def initialize(iface)
|
||||
@iface = iface
|
||||
|
||||
@interface_provider = nil
|
||||
if vulcano.os.linux?
|
||||
@interface_provider = LinuxInterface.new(vulcano)
|
||||
elsif vulcano.os.windows?
|
||||
@interface_provider = WindowsInterface.new(vulcano)
|
||||
if inspec.os.linux?
|
||||
@interface_provider = LinuxInterface.new(inspec)
|
||||
elsif inspec.os.windows?
|
||||
@interface_provider = WindowsInterface.new(inspec)
|
||||
else
|
||||
return skip_resource 'The `interface` resource is not supported on your OS yet.'
|
||||
end
|
||||
|
@ -54,15 +54,16 @@ end
|
|||
|
||||
class InterfaceInfo
|
||||
include Converter
|
||||
def initialize(vulcano)
|
||||
@vulcano = vulcano
|
||||
attr_reader :inspec
|
||||
def initialize(inspec)
|
||||
@inspec = inspec
|
||||
end
|
||||
end
|
||||
|
||||
class LinuxInterface < InterfaceInfo
|
||||
def interface_info(iface)
|
||||
# will return "[mtu]\n1500\n[type]\n1"
|
||||
cmd = @vulcano.command("find /sys/class/net/#{iface}/ -type f -maxdepth 1 -exec sh -c 'echo \"[$(basename {})]\"; cat {} || echo -n' \\;")
|
||||
cmd = inspec.command("find /sys/class/net/#{iface}/ -type f -maxdepth 1 -exec sh -c 'echo \"[$(basename {})]\"; cat {} || echo -n' \\;")
|
||||
return nil if cmd.exit_status.to_i != 0
|
||||
|
||||
# parse values, we only recieve values, therefore we threat them as keys
|
||||
|
@ -96,7 +97,7 @@ end
|
|||
class WindowsInterface < InterfaceInfo
|
||||
def interface_info(iface)
|
||||
# gather all network interfaces
|
||||
cmd = @vulcano.command('Get-NetAdapter | Select-Object -Property Name, InterfaceDescription, Status, State, MacAddress, LinkSpeed, ReceiveLinkSpeed, TransmitLinkSpeed, Virtual | ConvertTo-Json')
|
||||
cmd = inspec.command('Get-NetAdapter | Select-Object -Property Name, InterfaceDescription, Status, State, MacAddress, LinkSpeed, ReceiveLinkSpeed, TransmitLinkSpeed, Virtual | ConvertTo-Json')
|
||||
|
||||
# filter network interface
|
||||
begin
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
# @see http://ipset.netfilter.org/iptables.man.html
|
||||
# @see http://ipset.netfilter.org/iptables.man.html
|
||||
# @see https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
|
||||
class IpTables < Vulcano.resource(1)
|
||||
class IpTables < Inspec.resource(1)
|
||||
name 'iptables'
|
||||
|
||||
def initialize(params = {})
|
||||
|
@ -29,7 +29,7 @@ class IpTables < Vulcano.resource(1)
|
|||
@chain = params[:chain] || nil
|
||||
|
||||
# we're done if we are on linux
|
||||
return if vulcano.os.linux?
|
||||
return if inspec.os.linux?
|
||||
|
||||
# ensures, all calls are aborted for non-supported os
|
||||
@iptables_cache = []
|
||||
|
@ -52,7 +52,7 @@ class IpTables < Vulcano.resource(1)
|
|||
# construct iptables command to read all rules
|
||||
@table.nil? ? table_cmd = '' : table_cmd = " -t #{@table} "
|
||||
@chain.nil? ? chain_cmd = '' : chain_cmd = " #{@chain}"
|
||||
cmd = vulcano.command(format('iptables %s -S %s', table_cmd, chain_cmd).strip)
|
||||
cmd = inspec.command(format('iptables %s -S %s', table_cmd, chain_cmd).strip)
|
||||
return [] if cmd.exit_status.to_i != 0
|
||||
|
||||
# split rules, returns array or rules
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
# describe json('policyfile.lock.json') do
|
||||
# its('cookbook_locks.omnibus.version') { should eq('2.2.0') }
|
||||
# end
|
||||
class JsonConfig < Vulcano.resource(1)
|
||||
class JsonConfig < Inspec.resource(1)
|
||||
name 'json'
|
||||
|
||||
# make params readable
|
||||
|
@ -15,7 +15,7 @@ class JsonConfig < Vulcano.resource(1)
|
|||
|
||||
def initialize(path)
|
||||
@path = path
|
||||
@file_content = vulcano.file(@path).content
|
||||
@file_content = inspec.file(@path).content
|
||||
@params = parse(@file_content)
|
||||
end
|
||||
|
||||
|
|
|
@ -8,24 +8,24 @@
|
|||
# describe kernel_module('bridge') do
|
||||
# it { should be_loaded }
|
||||
# end
|
||||
class KernelModule < Vulcano.resource(1)
|
||||
class KernelModule < Inspec.resource(1)
|
||||
name 'kernel_module'
|
||||
|
||||
def initialize(modulename = nil)
|
||||
@module = modulename
|
||||
|
||||
# this resource is only supported on Linux
|
||||
return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !vulcano.os.linux?
|
||||
return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
|
||||
end
|
||||
|
||||
def loaded?
|
||||
# default lsmod command
|
||||
lsmod_cmd = 'lsmod'
|
||||
# special care for CentOS 5 and sudo
|
||||
lsmod_cmd = '/sbin/lsmod' if vulcano.os[:family] == 'centos' && vulcano.os[:release].to_i == 5
|
||||
lsmod_cmd = '/sbin/lsmod' if inspec.os[:family] == 'centos' && inspec.os[:release].to_i == 5
|
||||
|
||||
# get list of all modules
|
||||
cmd = vulcano.command(lsmod_cmd)
|
||||
cmd = inspec.command(lsmod_cmd)
|
||||
return false if cmd.exit_status != 0
|
||||
|
||||
# check if module is loaded
|
||||
|
|
|
@ -6,18 +6,18 @@
|
|||
# describe kernel_parameter('net.ipv4.conf.all.forwarding') do
|
||||
# its(:value) { should eq 0 }
|
||||
# end
|
||||
class KernelParameter < Vulcano.resource(1)
|
||||
class KernelParameter < Inspec.resource(1)
|
||||
name 'kernel_parameter'
|
||||
|
||||
def initialize(parameter = nil)
|
||||
@parameter = parameter
|
||||
|
||||
# this resource is only supported on Linux
|
||||
return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !vulcano.os.linux?
|
||||
return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
|
||||
end
|
||||
|
||||
def value
|
||||
cmd = vulcano.command("/sbin/sysctl -q -n #{@parameter}")
|
||||
cmd = inspec.command("/sbin/sysctl -q -n #{@parameter}")
|
||||
return nil if cmd.exit_status != 0
|
||||
# remove whitespace
|
||||
cmd = cmd.stdout.chomp.strip
|
||||
|
|
|
@ -12,7 +12,7 @@ require 'utils/simpleconfig'
|
|||
# its('*') { should include ['hard','core','0'] }
|
||||
# end
|
||||
|
||||
class LimitsConf < Vulcano.resource(1)
|
||||
class LimitsConf < Inspec.resource(1)
|
||||
name 'limits_conf'
|
||||
|
||||
def initialize(path = nil)
|
||||
|
@ -27,7 +27,7 @@ class LimitsConf < Vulcano.resource(1)
|
|||
return @params if defined?(@params)
|
||||
|
||||
# read the file
|
||||
file = vulcano.file(@conf_path)
|
||||
file = inspec.file(@conf_path)
|
||||
if !file.file?
|
||||
skip_resource "Can't find file \"#{@conf_path}\""
|
||||
return @params = {}
|
||||
|
|
|
@ -18,7 +18,7 @@ require 'utils/simpleconfig'
|
|||
# }
|
||||
# end
|
||||
|
||||
class LoginDef < Vulcano.resource(1)
|
||||
class LoginDef < Inspec.resource(1)
|
||||
name 'login_defs'
|
||||
|
||||
def initialize(path = nil)
|
||||
|
@ -33,7 +33,7 @@ class LoginDef < Vulcano.resource(1)
|
|||
return @params if defined?(@params)
|
||||
|
||||
# read the file
|
||||
file = vulcano.file(@conf_path)
|
||||
file = inspec.file(@conf_path)
|
||||
if !file.file?
|
||||
skip_resource "Can't find file \"#{@conf_path}\""
|
||||
return @params = {}
|
||||
|
|
|
@ -4,13 +4,13 @@
|
|||
# author: Christoph Hartmann
|
||||
# license: All rights reserved
|
||||
|
||||
class Mysql < Vulcano.resource(1)
|
||||
class Mysql < Inspec.resource(1)
|
||||
name 'mysql'
|
||||
|
||||
attr_reader :package, :service, :conf_dir, :conf_path, :data_dir, :log_dir, :log_path, :log_group, :log_dir_group
|
||||
def initialize
|
||||
# set OS-dependent filenames and paths
|
||||
case vulcano.os[:family]
|
||||
case inspec.os[:family]
|
||||
when 'ubuntu', 'debian'
|
||||
init_ubuntu
|
||||
when 'redhat', 'fedora'
|
||||
|
|
|
@ -26,7 +26,7 @@ class MysqlConfEntry
|
|||
end
|
||||
end
|
||||
|
||||
class MysqlConf < Vulcano.resource(1)
|
||||
class MysqlConf < Inspec.resource(1)
|
||||
name 'mysql_conf'
|
||||
|
||||
include FindFiles
|
||||
|
@ -62,11 +62,11 @@ class MysqlConf < Vulcano.resource(1)
|
|||
@params = {}
|
||||
|
||||
# skip if the main configuration file doesn't exist
|
||||
if !vulcano.file(@conf_path).file?
|
||||
if !inspec.file(@conf_path).file?
|
||||
return skip_resource "Can't find file \"#{@conf_path}\""
|
||||
end
|
||||
raw_conf = read_file(@conf_path)
|
||||
if raw_conf.empty? && vulcano.file(@conf_path).size > 0
|
||||
if raw_conf.empty? && inspec.file(@conf_path).size > 0
|
||||
return skip_resource("Can't read file \"#{@conf_path}\"")
|
||||
end
|
||||
|
||||
|
@ -107,7 +107,7 @@ class MysqlConf < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
def read_file(path)
|
||||
@files_contents[path] ||= vulcano.file(path).content
|
||||
@files_contents[path] ||= inspec.file(path).content
|
||||
end
|
||||
|
||||
def to_s
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
# author: Christoph Hartmann
|
||||
# license: All rights reserved
|
||||
|
||||
class MysqlSession < Vulcano.resource(1)
|
||||
class MysqlSession < Inspec.resource(1)
|
||||
name 'mysql_session'
|
||||
|
||||
def initialize(user, pass)
|
||||
|
@ -20,7 +20,7 @@ class MysqlSession < Vulcano.resource(1)
|
|||
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
|
||||
|
||||
# run the query
|
||||
cmd = vulcano.command("mysql -u#{@user} -p#{@pass} #{db} -s -e \"#{escaped_query}\"")
|
||||
cmd = inspec.command("mysql -u#{@user} -p#{@pass} #{db} -s -e \"#{escaped_query}\"")
|
||||
out = cmd.stdout + "\n" + cmd.stderr
|
||||
if out =~ /Can't connect to .* MySQL server/ or
|
||||
out.downcase =~ /^error/
|
||||
|
@ -40,7 +40,7 @@ class MysqlSession < Vulcano.resource(1)
|
|||
|
||||
def init_fallback
|
||||
# support debian mysql administration login
|
||||
debian = vulcano.command('test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf').stdout
|
||||
debian = inspec.command('test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf').stdout
|
||||
return if debian.empty?
|
||||
|
||||
user = debian.match(/^\s*user\s*=\s*([^ ]*)\s*$/)
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
# describe npm('bower') do
|
||||
# it { should be_installed }
|
||||
# end
|
||||
class NpmPackage < Vulcano.resource(1)
|
||||
class NpmPackage < Inspec.resource(1)
|
||||
name 'npm'
|
||||
|
||||
def initialize(package_name)
|
||||
|
@ -17,7 +17,7 @@ class NpmPackage < Vulcano.resource(1)
|
|||
def info
|
||||
return @info if defined?(@info)
|
||||
|
||||
cmd = vulcano.command("npm ls -g --json #{@package_name}")
|
||||
cmd = inspec.command("npm ls -g --json #{@package_name}")
|
||||
@info = {
|
||||
name: @package_name,
|
||||
type: 'npm',
|
||||
|
|
|
@ -13,7 +13,7 @@ require 'utils/simpleconfig'
|
|||
# its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
|
||||
# end
|
||||
|
||||
class NtpConf < Vulcano.resource(1)
|
||||
class NtpConf < Inspec.resource(1)
|
||||
name 'ntp_conf'
|
||||
|
||||
def initialize(path = nil)
|
||||
|
@ -36,13 +36,13 @@ class NtpConf < Vulcano.resource(1)
|
|||
def read_params
|
||||
return @params if defined?(@params)
|
||||
|
||||
if !vulcano.file(@conf_path).file?
|
||||
if !inspec.file(@conf_path).file?
|
||||
skip_resource "Can't find file \"#{@conf_path}\""
|
||||
return @params = {}
|
||||
end
|
||||
|
||||
content = vulcano.file(@conf_path).content
|
||||
if content.empty? && vulcano.file(@conf_path).size > 0
|
||||
content = inspec.file(@conf_path).content
|
||||
if content.empty? && inspec.file(@conf_path).size > 0
|
||||
skip_resource "Can't read file \"#{@conf_path}\""
|
||||
return @params = {}
|
||||
end
|
||||
|
|
|
@ -9,14 +9,14 @@
|
|||
# describe oneget('zoomit') do
|
||||
# it { should be_installed }
|
||||
# end
|
||||
class OneGetPackage < Vulcano.resource(1)
|
||||
class OneGetPackage < Inspec.resource(1)
|
||||
name 'oneget'
|
||||
|
||||
def initialize(package_name)
|
||||
@package_name = package_name
|
||||
|
||||
# verify that this resource is only supported on Windows
|
||||
return skip_resource 'The `oneget` resource is not supported on your OS.' if vulcano.os[:family] != 'windows'
|
||||
return skip_resource 'The `oneget` resource is not supported on your OS.' if inspec.os[:family] != 'windows'
|
||||
end
|
||||
|
||||
def info
|
||||
|
@ -26,7 +26,7 @@ class OneGetPackage < Vulcano.resource(1)
|
|||
@info[:type] = 'oneget'
|
||||
@info[:installed] = false
|
||||
|
||||
cmd = vulcano.command("Get-Package -Name '#{@package_name}' | ConvertTo-Json")
|
||||
cmd = inspec.command("Get-Package -Name '#{@package_name}' | ConvertTo-Json")
|
||||
# cannot rely on exit code for now, successful command returns exit code 1
|
||||
# return nil if cmd.exit_status != 0
|
||||
# try to parse json
|
||||
|
|
|
@ -2,18 +2,18 @@
|
|||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
class OS < Vulcano.resource(1)
|
||||
class OS < Inspec.resource(1)
|
||||
name 'os'
|
||||
|
||||
# reuse helper methods from backend
|
||||
%w{redhat? debian? suse? bsd? solaris? linux? unix? windows?}.each do |os_family|
|
||||
define_method((os_family).to_sym) do
|
||||
vulcano.backend.os.send(os_family)
|
||||
inspec.backend.os.send(os_family)
|
||||
end
|
||||
end
|
||||
|
||||
def [](name)
|
||||
vulcano.backend.os[name]
|
||||
inspec.backend.os[name]
|
||||
end
|
||||
|
||||
def to_s
|
||||
|
|
|
@ -11,13 +11,13 @@
|
|||
# its(:split) { should_not include('.') }
|
||||
# end
|
||||
|
||||
class OsEnv < Vulcano.resource(1)
|
||||
class OsEnv < Inspec.resource(1)
|
||||
name 'os_env'
|
||||
|
||||
attr_reader :content
|
||||
def initialize(env)
|
||||
@osenv = env
|
||||
@command_result = vulcano.command("su - root -c 'echo $#{env}'")
|
||||
@command_result = inspec.command("su - root -c 'echo $#{env}'")
|
||||
@content = @command_result.stdout.chomp
|
||||
end
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
# describe package('nginx') do
|
||||
# it { should be_installed }
|
||||
# end
|
||||
class Package < Vulcano.resource(1)
|
||||
class Package < Inspec.resource(1)
|
||||
name 'package'
|
||||
|
||||
def initialize(package_name = nil)
|
||||
|
@ -18,17 +18,17 @@ class Package < Vulcano.resource(1)
|
|||
|
||||
# select package manager
|
||||
@pkgman = nil
|
||||
case vulcano.os[:family]
|
||||
case inspec.os[:family]
|
||||
when 'ubuntu', 'debian'
|
||||
@pkgman = Deb.new(vulcano)
|
||||
@pkgman = Deb.new(inspec)
|
||||
when 'redhat', 'fedora', 'centos', 'opensuse'
|
||||
@pkgman = Rpm.new(vulcano)
|
||||
@pkgman = Rpm.new(inspec)
|
||||
when 'arch'
|
||||
@pkgman = Pacman.new(vulcano)
|
||||
@pkgman = Pacman.new(inspec)
|
||||
when 'darwin'
|
||||
@pkgman = Brew.new(vulcano)
|
||||
@pkgman = Brew.new(inspec)
|
||||
when 'windows'
|
||||
@pkgman = WindowsPkg.new(vulcano)
|
||||
@pkgman = WindowsPkg.new(inspec)
|
||||
else
|
||||
return skip_resource 'The `package` resource is not supported on your OS yet.'
|
||||
end
|
||||
|
@ -60,15 +60,16 @@ class Package < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
class PkgManagement
|
||||
def initialize(vulcano)
|
||||
@vulcano = vulcano
|
||||
attr_reader :inspec
|
||||
def initialize(inspec)
|
||||
@inspec = inspec
|
||||
end
|
||||
end
|
||||
|
||||
# Debian / Ubuntu
|
||||
class Deb < PkgManagement
|
||||
def info(package_name)
|
||||
cmd = @vulcano.command("dpkg -s #{package_name}")
|
||||
cmd = inspec.command("dpkg -s #{package_name}")
|
||||
return nil if cmd.exit_status.to_i != 0
|
||||
|
||||
params = SimpleConfig.new(
|
||||
|
@ -88,7 +89,7 @@ end
|
|||
# RHEL family
|
||||
class Rpm < PkgManagement
|
||||
def info(package_name)
|
||||
cmd = @vulcano.command("rpm -qia #{package_name}")
|
||||
cmd = inspec.command("rpm -qia #{package_name}")
|
||||
# CentOS does not return an error code if the package is not installed,
|
||||
# therefore we need to check for emptyness
|
||||
return nil if cmd.exit_status.to_i != 0 || cmd.stdout.chomp.empty?
|
||||
|
@ -109,7 +110,7 @@ end
|
|||
# MacOS / Darwin implementation
|
||||
class Brew < PkgManagement
|
||||
def info(package_name)
|
||||
cmd = @vulcano.command("brew info --json=v1 #{package_name}")
|
||||
cmd = inspec.command("brew info --json=v1 #{package_name}")
|
||||
return nil if cmd.exit_status.to_i != 0
|
||||
# parse data
|
||||
pkg = JSON.parse(cmd.stdout)[0]
|
||||
|
@ -125,7 +126,7 @@ end
|
|||
# Arch Linux
|
||||
class Pacman < PkgManagement
|
||||
def info(package_name)
|
||||
cmd = @vulcano.command("pacman -Qi #{package_name}")
|
||||
cmd = inspec.command("pacman -Qi #{package_name}")
|
||||
return nil if cmd.exit_status.to_i != 0
|
||||
|
||||
params = SimpleConfig.new(
|
||||
|
@ -150,7 +151,7 @@ end
|
|||
class WindowsPkg < PkgManagement
|
||||
def info(package_name)
|
||||
# Find the package
|
||||
cmd = @vulcano.command("Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -eq '#{package_name}'} | Select-Object -Property Name,Version,Vendor,PackageCode,Caption,Description | ConvertTo-Json")
|
||||
cmd = inspec.command("Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -eq '#{package_name}'} | Select-Object -Property Name,Version,Vendor,PackageCode,Caption,Description | ConvertTo-Json")
|
||||
|
||||
begin
|
||||
package = JSON.parse(cmd.stdout)
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# }
|
||||
# describe parse_config(audit, options ) do
|
||||
|
||||
class PConfig < Vulcano.resource(1)
|
||||
class PConfig < Inspec.resource(1)
|
||||
name 'parse_config'
|
||||
|
||||
def initialize(content = nil, useropts = {})
|
||||
|
@ -35,11 +35,11 @@ class PConfig < Vulcano.resource(1)
|
|||
@conf_path = conf_path
|
||||
|
||||
# read the file
|
||||
if !vulcano.file(conf_path).file?
|
||||
if !inspec.file(conf_path).file?
|
||||
return skip_resource "Can't find file \"#{conf_path}\""
|
||||
end
|
||||
@content = read_file(conf_path)
|
||||
if @content.empty? && vulcano.file(conf_path).size > 0
|
||||
if @content.empty? && inspec.file(conf_path).size > 0
|
||||
return skip_resource "Can't read file \"#{conf_path}\""
|
||||
end
|
||||
|
||||
|
@ -47,7 +47,7 @@ class PConfig < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
def read_file(path)
|
||||
@files_contents[path] ||= vulcano.file(path).content
|
||||
@files_contents[path] ||= inspec.file(path).content
|
||||
end
|
||||
|
||||
def read_content
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
|
||||
require 'utils/parser'
|
||||
|
||||
class Passwd < Vulcano.resource(1)
|
||||
class Passwd < Inspec.resource(1)
|
||||
name 'passwd'
|
||||
|
||||
include ContentParser
|
||||
|
@ -37,7 +37,7 @@ class Passwd < Vulcano.resource(1)
|
|||
|
||||
def initialize(path = nil)
|
||||
@path = path || '/etc/passwd'
|
||||
@content = vulcano.file(@path).content
|
||||
@content = inspec.file(@path).content
|
||||
@parsed = parse_passwd(@content)
|
||||
end
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
# it { should be_installed }
|
||||
# end
|
||||
#
|
||||
class PipPackage < Vulcano.resource(1)
|
||||
class PipPackage < Inspec.resource(1)
|
||||
name 'pip'
|
||||
|
||||
def initialize(package_name)
|
||||
|
@ -19,7 +19,7 @@ class PipPackage < Vulcano.resource(1)
|
|||
|
||||
@info = {}
|
||||
@info[:type] = 'pip'
|
||||
cmd = vulcano.command("#{pip_cmd} show #{@package_name}")
|
||||
cmd = inspec.command("#{pip_cmd} show #{@package_name}")
|
||||
return @info if cmd.exit_status != 0
|
||||
|
||||
params = SimpleConfig.new(
|
||||
|
@ -50,11 +50,11 @@ class PipPackage < Vulcano.resource(1)
|
|||
def pip_cmd
|
||||
# Pip is not on the default path for Windows, therefore we do some logic
|
||||
# to find the binary on Windows
|
||||
family = vulcano.os[:family]
|
||||
family = inspec.os[:family]
|
||||
case family
|
||||
when 'windows'
|
||||
# we need to detect the pip command on Windows
|
||||
cmd = vulcano.command('New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru | Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru | ConvertTo-Json')
|
||||
cmd = inspec.command('New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru | Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru | ConvertTo-Json')
|
||||
begin
|
||||
paths = JSON.parse(cmd.stdout)
|
||||
# use pip if it on system path
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
#
|
||||
# TODO: currently we return local ip only
|
||||
# TODO: improve handling of same port on multiple interfaces
|
||||
class Port < Vulcano.resource(1)
|
||||
class Port < Inspec.resource(1)
|
||||
name 'port'
|
||||
|
||||
def initialize(port)
|
||||
|
@ -23,15 +23,15 @@ class Port < Vulcano.resource(1)
|
|||
@port_manager = nil
|
||||
@cache = nil
|
||||
|
||||
case vulcano.os[:family]
|
||||
case inspec.os[:family]
|
||||
when 'ubuntu', 'debian', 'redhat', 'fedora', 'arch'
|
||||
@port_manager = LinuxPorts.new(vulcano)
|
||||
@port_manager = LinuxPorts.new(inspec)
|
||||
when 'darwin'
|
||||
@port_manager = DarwinPorts.new(vulcano)
|
||||
@port_manager = DarwinPorts.new(inspec)
|
||||
when 'windows'
|
||||
@port_manager = WindowsPorts.new(vulcano)
|
||||
@port_manager = WindowsPorts.new(inspec)
|
||||
when 'freebsd'
|
||||
@port_manager = FreeBsdPorts.new(vulcano)
|
||||
@port_manager = FreeBsdPorts.new(inspec)
|
||||
else
|
||||
return skip_resource 'The `port` resource is not supported on your OS yet.'
|
||||
end
|
||||
|
@ -82,8 +82,9 @@ end
|
|||
# }],
|
||||
# }]
|
||||
class PortsInfo
|
||||
def initialize(vulcano)
|
||||
@vulcano = vulcano
|
||||
attr_reader :inspec
|
||||
def initialize(inspec)
|
||||
@inspec = inspec
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -95,7 +96,7 @@ end
|
|||
class WindowsPorts < PortsInfo
|
||||
def info
|
||||
# get all port information
|
||||
cmd = @vulcano.command('Get-NetTCPConnection | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json')
|
||||
cmd = inspec.command('Get-NetTCPConnection | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json')
|
||||
|
||||
begin
|
||||
ports = JSON.parse(cmd.stdout)
|
||||
|
@ -121,7 +122,7 @@ end
|
|||
class DarwinPorts < PortsInfo
|
||||
def info
|
||||
# collects UDP and TCP information
|
||||
cmd = @vulcano.command('lsof -nP -iTCP -iUDP -sTCP:LISTEN')
|
||||
cmd = inspec.command('lsof -nP -iTCP -iUDP -sTCP:LISTEN')
|
||||
return nil if cmd.exit_status.to_i != 0
|
||||
|
||||
ports = []
|
||||
|
@ -160,7 +161,7 @@ end
|
|||
# extract port information from netstat
|
||||
class LinuxPorts < PortsInfo
|
||||
def info
|
||||
cmd = @vulcano.command('netstat -tulpen')
|
||||
cmd = inspec.command('netstat -tulpen')
|
||||
return nil if cmd.exit_status.to_i != 0
|
||||
|
||||
ports = []
|
||||
|
@ -224,7 +225,7 @@ end
|
|||
# extracts information from sockstat
|
||||
class FreeBsdPorts < PortsInfo
|
||||
def info
|
||||
cmd = @vulcano.command('sockstat -46l')
|
||||
cmd = inspec.command('sockstat -46l')
|
||||
return nil if cmd.exit_status.to_i != 0
|
||||
|
||||
ports = []
|
||||
|
|
|
@ -4,16 +4,16 @@
|
|||
# author: Christoph Hartmann
|
||||
# license: All rights reserved
|
||||
|
||||
class Postgres < Vulcano.resource(1)
|
||||
class Postgres < Inspec.resource(1)
|
||||
name 'postgres'
|
||||
|
||||
attr_reader :service, :data_dir, :conf_dir, :conf_path
|
||||
def initialize
|
||||
case vulcano.os[:family]
|
||||
case inspec.os[:family]
|
||||
when 'ubuntu', 'debian'
|
||||
@service = 'postgresql'
|
||||
@data_dir = '/var/lib/postgresql'
|
||||
@version = vulcano.command('ls /etc/postgresql/').stdout.chomp
|
||||
@version = inspec.command('ls /etc/postgresql/').stdout.chomp
|
||||
@conf_dir = "/etc/postgresql/#{@version}/main"
|
||||
@conf_path = File.join @conf_dir, 'postgresql.conf'
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ require 'utils/simpleconfig'
|
|||
require 'utils/find_files'
|
||||
require 'resources/postgres'
|
||||
|
||||
class PostgresConf < Vulcano.resource(1)
|
||||
class PostgresConf < Inspec.resource(1)
|
||||
name 'postgres_conf'
|
||||
|
||||
include FindFiles
|
||||
|
@ -40,11 +40,11 @@ class PostgresConf < Vulcano.resource(1)
|
|||
@params = {}
|
||||
|
||||
# skip if the main configuration file doesn't exist
|
||||
if !vulcano.file(@conf_path).file?
|
||||
if !inspec.file(@conf_path).file?
|
||||
return skip_resource "Can't find file \"#{@conf_path}\""
|
||||
end
|
||||
raw_conf = read_file(@conf_path)
|
||||
if raw_conf.empty? && vulcano.file(@conf_path).size > 0
|
||||
if raw_conf.empty? && inspec.file(@conf_path).size > 0
|
||||
return skip_resource("Can't read file \"#{@conf_path}\"")
|
||||
end
|
||||
|
||||
|
@ -78,7 +78,7 @@ class PostgresConf < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
def read_file(path)
|
||||
@files_contents[path] ||= vulcano.file(path).content
|
||||
@files_contents[path] ||= inspec.file(path).content
|
||||
end
|
||||
|
||||
def to_s
|
||||
|
|
|
@ -35,7 +35,7 @@ class PostgresSession
|
|||
# that does this securely
|
||||
escaped_query = query.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
|
||||
# run the query
|
||||
cmd = vulcano.command("PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -c \"#{escaped_query}\"")
|
||||
cmd = inspec.command("PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -c \"#{escaped_query}\"")
|
||||
out = cmd.stdout + "\n" + cmd.stderr
|
||||
if out =~ /could not connect to .*/ or
|
||||
out.downcase =~ /^error/
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
# author: Christoph Hartmann
|
||||
# license: All rights reserved
|
||||
|
||||
class Processes < Vulcano.resource(1)
|
||||
class Processes < Inspec.resource(1)
|
||||
name 'processes'
|
||||
|
||||
attr_reader :list
|
||||
|
@ -29,7 +29,7 @@ class Processes < Vulcano.resource(1)
|
|||
|
||||
def ps_aux
|
||||
# get all running processes
|
||||
cmd = vulcano.command('ps aux')
|
||||
cmd = inspec.command('ps aux')
|
||||
all = cmd.stdout.split("\n")[1..-1]
|
||||
|
||||
lines = all.map do |line|
|
||||
|
|
|
@ -10,7 +10,7 @@ require 'json'
|
|||
# its('Start') { should eq 2 }
|
||||
# end
|
||||
|
||||
class RegistryKey < Vulcano.resource(1)
|
||||
class RegistryKey < Inspec.resource(1)
|
||||
name 'registry_key'
|
||||
|
||||
attr_accessor :reg_key
|
||||
|
@ -24,7 +24,7 @@ class RegistryKey < Vulcano.resource(1)
|
|||
|
||||
def registry_value(path, key)
|
||||
cmd = "(Get-Item 'Registry::#{path}').GetValue('#{key}')"
|
||||
command_result ||= vulcano.command(cmd)
|
||||
command_result ||= inspec.command(cmd)
|
||||
val = { exit_code: command_result.exit_status.to_i, data: command_result.stdout }
|
||||
val
|
||||
end
|
||||
|
|
|
@ -9,7 +9,7 @@ class Script < Cmd
|
|||
attr_accessor :command
|
||||
|
||||
def initialize(script)
|
||||
case vulcano.os[:family]
|
||||
case inspec.os[:family]
|
||||
when 'windows'
|
||||
# encodes a script as base64 to run as powershell encodedCommand
|
||||
# this comes with performance issues: @see https://gist.github.com/fnichol/7b20596b950e65fb96f9
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# All local GPO parameters can be examined via Registry, but not all security
|
||||
# parameters. Therefore we need a combination of Registry and secedit output
|
||||
|
||||
class SecurityPolicy < Vulcano.resource(1)
|
||||
class SecurityPolicy < Inspec.resource(1)
|
||||
name 'security_policy'
|
||||
|
||||
def initialize
|
||||
|
@ -25,11 +25,11 @@ class SecurityPolicy < Vulcano.resource(1)
|
|||
# load security content
|
||||
def load
|
||||
# export the security policy
|
||||
vulcano.command('secedit /export /cfg win_secpol.cfg')
|
||||
inspec.command('secedit /export /cfg win_secpol.cfg')
|
||||
# store file content
|
||||
command_result ||= vulcano.command('type win_secpol.cfg')
|
||||
command_result ||= inspec.command('type win_secpol.cfg')
|
||||
# delete temp file
|
||||
vulcano.command('del win_secpol.cfg')
|
||||
inspec.command('del win_secpol.cfg')
|
||||
|
||||
@exit_status = command_result.exit_status.to_i
|
||||
@policy = command_result.stdout
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
# Ubuntu < 15.04 : upstart
|
||||
#
|
||||
# TODO: extend the logic to detect the running init system, independently of OS
|
||||
class Service < Vulcano.resource(1)
|
||||
class Service < Inspec.resource(1)
|
||||
name 'service'
|
||||
|
||||
def initialize(service_name)
|
||||
|
@ -30,7 +30,7 @@ class Service < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
def select_package_manager # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
||||
family = vulcano.os[:family]
|
||||
family = inspec.os[:family]
|
||||
|
||||
case family
|
||||
# Ubuntu
|
||||
|
@ -42,34 +42,34 @@ class Service < Vulcano.resource(1)
|
|||
# Upstart runs with PID 1 as /sbin/init.
|
||||
# Systemd runs with PID 1 as /lib/systemd/systemd.
|
||||
when 'ubuntu'
|
||||
version = vulcano.os[:release].to_f
|
||||
version = inspec.os[:release].to_f
|
||||
if version < 15.04
|
||||
@service_mgmt = Upstart.new(vulcano)
|
||||
@service_mgmt = Upstart.new(inspec)
|
||||
else
|
||||
@service_mgmt = Systemd.new(vulcano)
|
||||
@service_mgmt = Systemd.new(inspec)
|
||||
end
|
||||
when 'debian'
|
||||
version = vulcano.os[:release].to_i
|
||||
version = inspec.os[:release].to_i
|
||||
if version > 7
|
||||
@service_mgmt = Systemd.new(vulcano)
|
||||
@service_mgmt = Systemd.new(inspec)
|
||||
else
|
||||
@service_mgmt = SysV.new(vulcano)
|
||||
@service_mgmt = SysV.new(inspec)
|
||||
end
|
||||
when 'redhat', 'fedora', 'centos'
|
||||
version = vulcano.os[:release].to_i
|
||||
version = inspec.os[:release].to_i
|
||||
if (%w{ redhat centos }.include?(family) && version >= 7) || (family == 'fedora' && version >= 15)
|
||||
@service_mgmt = Systemd.new(vulcano)
|
||||
@service_mgmt = Systemd.new(inspec)
|
||||
else
|
||||
@service_mgmt = SysV.new(vulcano)
|
||||
@service_mgmt = SysV.new(inspec)
|
||||
end
|
||||
when 'darwin'
|
||||
@service_mgmt = LaunchCtl.new(vulcano)
|
||||
@service_mgmt = LaunchCtl.new(inspec)
|
||||
when 'windows'
|
||||
@service_mgmt = WindowsSrv.new(vulcano)
|
||||
@service_mgmt = WindowsSrv.new(inspec)
|
||||
when 'freebsd'
|
||||
@service_mgmt = BSDInit.new(vulcano)
|
||||
@service_mgmt = BSDInit.new(inspec)
|
||||
when 'arch', 'opensuse'
|
||||
@service_mgmt = Systemd.new(vulcano)
|
||||
@service_mgmt = Systemd.new(inspec)
|
||||
end
|
||||
|
||||
return skip_resource 'The `service` resource is not supported on your OS yet.' if @service_mgmt.nil?
|
||||
|
@ -105,8 +105,9 @@ class Service < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
class ServiceManager
|
||||
def initialize(vulcano)
|
||||
@vulcano = vulcano
|
||||
attr_reader :inspec
|
||||
def initialize(inspec)
|
||||
@inspec = inspec
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -114,7 +115,7 @@ end
|
|||
# @see: http://www.freedesktop.org/software/systemd/man/systemd-system.conf.html
|
||||
class Systemd < ServiceManager
|
||||
def info(service_name)
|
||||
cmd = @vulcano.command("systemctl show --all #{service_name}")
|
||||
cmd = inspec.command("systemctl show --all #{service_name}")
|
||||
return nil if cmd.exit_status.to_i != 0
|
||||
|
||||
# parse data
|
||||
|
@ -148,7 +149,7 @@ end
|
|||
class Upstart < ServiceManager
|
||||
def info(service_name)
|
||||
# get the status of upstart service
|
||||
cmd = @vulcano.command("initctl status #{service_name}")
|
||||
cmd = inspec.command("initctl status #{service_name}")
|
||||
return nil if cmd.exit_status != 0
|
||||
|
||||
# @see: http://upstart.ubuntu.com/cookbook/#job-states
|
||||
|
@ -161,12 +162,17 @@ class Upstart < ServiceManager
|
|||
# $ initctl show-config $job | grep -q "^ start on" && echo enabled || echo disabled
|
||||
# Ubuntu 10.04 show-config is not supported
|
||||
# @see http://manpages.ubuntu.com/manpages/maverick/man8/initctl.8.html
|
||||
config = @vulcano.command("initctl show-config #{service_name}")
|
||||
config = inspec.command("initctl show-config #{service_name}")
|
||||
match_enabled = /^\s*start on/.match(config.stdout)
|
||||
!match_enabled.nil? ? (enabled = true) : (enabled = false)
|
||||
|
||||
# implement fallback for Ubuntu 10.04
|
||||
enabled = true if @vulcano.os[:family] == 'ubuntu' && @vulcano.os[:release].to_f >= 10.04 && @vulcano.os[:release].to_f < 12.04 && cmd.exit_status == 0
|
||||
if inspec.os[:family] == 'ubuntu' &&
|
||||
inspec.os[:release].to_f >= 10.04 &&
|
||||
inspec.os[:release].to_f < 12.04 &&
|
||||
cmd.exit_status == 0
|
||||
enabled = true
|
||||
end
|
||||
|
||||
{
|
||||
name: service_name,
|
||||
|
@ -183,7 +189,7 @@ class SysV < ServiceManager
|
|||
def info(service_name)
|
||||
# check if service is installed
|
||||
# read all available services via ls /etc/init.d/
|
||||
srvlist = @vulcano.command('ls -1 /etc/init.d/')
|
||||
srvlist = inspec.command('ls -1 /etc/init.d/')
|
||||
return nil if srvlist.exit_status != 0
|
||||
|
||||
# check if the service is in list
|
||||
|
@ -195,7 +201,7 @@ class SysV < ServiceManager
|
|||
# read all enabled services from runlevel
|
||||
# on rhel via: 'chkconfig --list', is not installed by default
|
||||
# bash: for i in `find /etc/rc*.d -name S*`; do basename $i | sed -r 's/^S[0-9]+//'; done | sort | uniq
|
||||
enabled_services_cmd = @vulcano.command('find /etc/rc*.d -name S*')
|
||||
enabled_services_cmd = inspec.command('find /etc/rc*.d -name S*')
|
||||
enabled_services = enabled_services_cmd.stdout.split("\n").select { |line|
|
||||
/(^.*#{service_name}.*)/.match(line)
|
||||
}
|
||||
|
@ -207,10 +213,10 @@ class SysV < ServiceManager
|
|||
|
||||
# on debian service is located /usr/sbin/service, on centos it is located here /sbin/service
|
||||
service_cmd = 'service'
|
||||
service_cmd = '/usr/sbin/service' if @vulcano.os[:family] == 'debian'
|
||||
service_cmd = '/sbin/service' if @vulcano.os[:family] == 'centos'
|
||||
service_cmd = '/usr/sbin/service' if inspec.os[:family] == 'debian'
|
||||
service_cmd = '/sbin/service' if inspec.os[:family] == 'centos'
|
||||
|
||||
cmd = @vulcano.command("#{service_cmd} #{service_name} status")
|
||||
cmd = inspec.command("#{service_cmd} #{service_name} status")
|
||||
cmd.exit_status == 0 ? (running = true) : (running = false)
|
||||
{
|
||||
name: service_name,
|
||||
|
@ -233,7 +239,7 @@ class BSDInit < ServiceManager
|
|||
# service SERVICE status returns the following result if not activated:
|
||||
# Cannot 'status' sshd. Set sshd_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.
|
||||
# gather all enabled services
|
||||
cmd = @vulcano.command('service -e')
|
||||
cmd = inspec.command('service -e')
|
||||
return nil if cmd.exit_status != 0
|
||||
|
||||
# search for the service
|
||||
|
@ -243,7 +249,7 @@ class BSDInit < ServiceManager
|
|||
|
||||
# check if the service is running
|
||||
# if the service is not available or not running, we always get an error code
|
||||
cmd = @vulcano.command("service #{service_name} onestatus")
|
||||
cmd = inspec.command("service #{service_name} onestatus")
|
||||
cmd.exit_status == 0 ? (running = true) : (running = false)
|
||||
|
||||
{
|
||||
|
@ -262,7 +268,7 @@ end
|
|||
class LaunchCtl < ServiceManager
|
||||
def info(service_name)
|
||||
# get the status of upstart service
|
||||
cmd = @vulcano.command('launchctl list')
|
||||
cmd = inspec.command('launchctl list')
|
||||
return nil if cmd.exit_status != 0
|
||||
|
||||
# search for the service
|
||||
|
@ -324,7 +330,7 @@ class WindowsSrv < ServiceManager
|
|||
# - 6: Pause Pending
|
||||
# - 7: Paused
|
||||
def info(service_name)
|
||||
cmd = @vulcano.command("New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Service -Value (Get-Service -Name #{service_name}| Select-Object -Property Name, DisplayName, Status) -PassThru | Add-Member -MemberType NoteProperty -Name WMI -Value (Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -eq '#{service_name}' -or $_.DisplayName -eq '#{service_name}'} | Select-Object -Property StartMode) -PassThru | ConvertTo-Json")
|
||||
cmd = inspec.command("New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Service -Value (Get-Service -Name #{service_name}| Select-Object -Property Name, DisplayName, Status) -PassThru | Add-Member -MemberType NoteProperty -Name WMI -Value (Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -eq '#{service_name}' -or $_.DisplayName -eq '#{service_name}'} | Select-Object -Property StartMode) -PassThru | ConvertTo-Json")
|
||||
|
||||
# cannot rely on exit code for now, successful command returns exit code 1
|
||||
# return nil if cmd.exit_status != 0
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
require 'utils/simpleconfig'
|
||||
|
||||
class SshConf < Vulcano.resource(1)
|
||||
class SshConf < Inspec.resource(1)
|
||||
name 'ssh_config'
|
||||
|
||||
def initialize(conf_path = nil, type = nil)
|
||||
|
@ -41,7 +41,7 @@ class SshConf < Vulcano.resource(1)
|
|||
|
||||
def read_content
|
||||
return @content if defined?(@content)
|
||||
file = vulcano.file(@conf_path)
|
||||
file = inspec.file(@conf_path)
|
||||
if !file.file?
|
||||
return skip_resource "Can't find file \"#{@conf_path}\""
|
||||
end
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
require 'utils/parser'
|
||||
require 'utils/convert'
|
||||
|
||||
class User < Vulcano.resource(1)
|
||||
class User < Inspec.resource(1)
|
||||
name 'user'
|
||||
|
||||
def initialize(user)
|
||||
|
@ -46,15 +46,15 @@ class User < Vulcano.resource(1)
|
|||
|
||||
# select package manager
|
||||
@user_provider = nil
|
||||
case vulcano.os[:family]
|
||||
case inspec.os[:family]
|
||||
when 'ubuntu', 'debian', 'redhat', 'fedora', 'centos', 'arch', 'opensuse'
|
||||
@user_provider = LinuxUser.new(vulcano)
|
||||
@user_provider = LinuxUser.new(inspec)
|
||||
when 'windows'
|
||||
@user_provider = WindowsUser.new(vulcano)
|
||||
@user_provider = WindowsUser.new(inspec)
|
||||
when 'darwin'
|
||||
@user_provider = DarwinUser.new(vulcano)
|
||||
@user_provider = DarwinUser.new(inspec)
|
||||
when 'freebsd'
|
||||
@user_provider = FreeBSDUser.new(vulcano)
|
||||
@user_provider = FreeBSDUser.new(inspec)
|
||||
else
|
||||
return skip_resource 'The `user` resource is not supported on your OS yet.'
|
||||
end
|
||||
|
@ -166,8 +166,9 @@ end
|
|||
class UserInfo
|
||||
include Converter
|
||||
|
||||
def initialize(vulcano)
|
||||
@vulcano = vulcano
|
||||
attr_reader :inspec
|
||||
def initialize(inspec)
|
||||
@inspec = inspec
|
||||
end
|
||||
|
||||
def credentials(_username)
|
||||
|
@ -189,7 +190,7 @@ class UnixUser < UserInfo
|
|||
|
||||
# extracts the identity
|
||||
def identity(username)
|
||||
cmd = @vulcano.command("id #{username}")
|
||||
cmd = inspec.command("id #{username}")
|
||||
return nil if cmd.exit_status != 0
|
||||
|
||||
# parse words
|
||||
|
@ -215,7 +216,7 @@ class LinuxUser < UnixUser
|
|||
include ContentParser
|
||||
|
||||
def meta_info(username)
|
||||
cmd = @vulcano.command("getent passwd #{username}")
|
||||
cmd = inspec.command("getent passwd #{username}")
|
||||
return nil if cmd.exit_status != 0
|
||||
# returns: root:x:0:0:root:/root:/bin/bash
|
||||
passwd = parse_passwd_line(cmd.stdout.chomp)
|
||||
|
@ -226,7 +227,7 @@ class LinuxUser < UnixUser
|
|||
end
|
||||
|
||||
def credentials(username)
|
||||
cmd = @vulcano.command("chage -l #{username}")
|
||||
cmd = inspec.command("chage -l #{username}")
|
||||
return nil if cmd.exit_status != 0
|
||||
|
||||
params = SimpleConfig.new(
|
||||
|
@ -251,7 +252,7 @@ end
|
|||
# @see http://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user
|
||||
class DarwinUser < UnixUser
|
||||
def meta_info(username)
|
||||
cmd = @vulcano.command("dscl -q . -read /Users/#{username} NFSHomeDirectory PrimaryGroupID RecordName UniqueID UserShell")
|
||||
cmd = inspec.command("dscl -q . -read /Users/#{username} NFSHomeDirectory PrimaryGroupID RecordName UniqueID UserShell")
|
||||
return nil if cmd.exit_status != 0
|
||||
|
||||
params = SimpleConfig.new(
|
||||
|
@ -280,7 +281,7 @@ class FreeBSDUser < UnixUser
|
|||
include ContentParser
|
||||
|
||||
def meta_info(username)
|
||||
cmd = @vulcano.command("pw usershow #{username} -7")
|
||||
cmd = inspec.command("pw usershow #{username} -7")
|
||||
return nil if cmd.exit_status != 0
|
||||
# returns: root:*:0:0:Charlie &:/root:/bin/csh
|
||||
passwd = parse_passwd_line(cmd.stdout.chomp)
|
||||
|
@ -338,7 +339,7 @@ class WindowsUser < UserInfo
|
|||
ConvertTo-Json
|
||||
EOH
|
||||
|
||||
cmd = @vulcano.script(script)
|
||||
cmd = inspec.script(script)
|
||||
|
||||
# cannot rely on exit code for now, successful command returns exit code 1
|
||||
# return nil if cmd.exit_status != 0, try to parse json
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
# "Installed": false,
|
||||
# "InstallState": 0
|
||||
# }
|
||||
class WindowsFeature < Vulcano.resource(1)
|
||||
class WindowsFeature < Inspec.resource(1)
|
||||
name 'windows_feature'
|
||||
|
||||
def initialize(feature)
|
||||
|
@ -35,7 +35,7 @@ class WindowsFeature < Vulcano.resource(1)
|
|||
@cache = nil
|
||||
|
||||
# verify that this resource is only supported on Windows
|
||||
return skip_resource 'The `windows_feature` resource is not supported on your OS.' if vulcano.os[:family] != 'windows'
|
||||
return skip_resource 'The `windows_feature` resource is not supported on your OS.' if inspec.os[:family] != 'windows'
|
||||
end
|
||||
|
||||
# returns true if the package is installed
|
||||
|
@ -47,7 +47,7 @@ class WindowsFeature < Vulcano.resource(1)
|
|||
def info
|
||||
return @cache if !@cache.nil?
|
||||
features_cmd = "Get-WindowsFeature | Where-Object {$_.Name -eq '#{@feature}' -or $_.DisplayName -eq '#{@feature}'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json"
|
||||
cmd = vulcano.command(features_cmd)
|
||||
cmd = inspec.command(features_cmd)
|
||||
|
||||
@cache = {
|
||||
name: @feature,
|
||||
|
|
|
@ -30,7 +30,7 @@ require 'resources/file'
|
|||
# it { should be_enabled }
|
||||
# end
|
||||
|
||||
class Yum < Vulcano.resource(1)
|
||||
class Yum < Inspec.resource(1)
|
||||
name 'yum'
|
||||
|
||||
# returns all repositories
|
||||
|
@ -43,7 +43,7 @@ class Yum < Vulcano.resource(1)
|
|||
return @cache if defined?(@cache)
|
||||
# parse the repository data from yum
|
||||
# we cannot use -C, because this is not reliable and may lead to errors
|
||||
@command_result = vulcano.command('yum -v repolist all')
|
||||
@command_result = inspec.command('yum -v repolist all')
|
||||
@content = @command_result.stdout
|
||||
@cache = []
|
||||
repo = {}
|
||||
|
|
|
@ -24,7 +24,7 @@ module FindFiles
|
|||
cmd += " -maxdepth #{depth.to_i}" if depth.to_i > 0
|
||||
cmd += " -type #{type}" unless type.nil?
|
||||
|
||||
result = vulcano.run_command(cmd)
|
||||
result = inspec.run_command(cmd)
|
||||
exit_status = result.exit_status
|
||||
|
||||
return [nil, exit_status] unless exit_status == 0
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
# encoding: utf-8
|
||||
# author: Dominik Richter
|
||||
# author: Christoph Hartmann
|
||||
|
||||
require 'vulcano/targets/core'
|
||||
require 'vulcano/targets/file'
|
||||
require 'vulcano/targets/folder'
|
||||
require 'vulcano/targets/url'
|
||||
require 'vulcano/targets/dir'
|
|
@ -2,7 +2,7 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require_relative 'docker_run'
|
||||
require_relative '../lib/vulcano'
|
||||
require_relative '../lib/inspec'
|
||||
|
||||
tests = ARGV
|
||||
if tests.empty?
|
||||
|
@ -41,7 +41,7 @@ class DockerTester
|
|||
def test_container(container, report)
|
||||
puts "--> run test on docker #{container.id}"
|
||||
opts = { 'target' => "docker://#{container.id}" }
|
||||
runner = Vulcano::Runner.new(opts)
|
||||
runner = Inspec::Runner.new(opts)
|
||||
runner.add_tests(@tests)
|
||||
tests = runner.tests.ordered_example_groups
|
||||
tests.map { |g| g.run(report) }
|
||||
|
|
|
@ -10,11 +10,11 @@ SimpleCov.start do
|
|||
add_filter '/test/'
|
||||
add_group 'Resources', 'lib/resources'
|
||||
add_group 'Matchers', 'lib/matchers'
|
||||
add_group 'Backends', 'lib/vulcano/backend'
|
||||
add_group 'Backends', 'lib/inspec/backend'
|
||||
end
|
||||
|
||||
require 'vulcano/resource'
|
||||
require 'vulcano/backend'
|
||||
require 'inspec/resource'
|
||||
require 'inspec/backend'
|
||||
|
||||
class MockLoader
|
||||
# pass the os identifier to emulate a specific operating system
|
||||
|
@ -47,7 +47,7 @@ class MockLoader
|
|||
scriptpath = ::File.realpath(::File.dirname(__FILE__))
|
||||
|
||||
# create mock backend
|
||||
@backend = Vulcano::Backend.create({ backend: :mock })
|
||||
@backend = Inspec::Backend.create({ backend: :mock })
|
||||
mock = @backend.backend
|
||||
|
||||
# set os emulation
|
||||
|
@ -188,7 +188,7 @@ class MockLoader
|
|||
# loads a resource class and instantiates the class with the given arguments
|
||||
def load_resource(resource, *args)
|
||||
# initialize resource with backend and parameters
|
||||
@resource_class = Vulcano::Resource.registry[resource]
|
||||
@resource_class = Inspec::Resource.registry[resource]
|
||||
@resource = @resource_class.new(backend, resource, *args)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,11 +3,11 @@
|
|||
# author: Christoph Hartmann
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/profile_context'
|
||||
require 'inspec/profile_context'
|
||||
|
||||
describe Vulcano::ProfileContext do
|
||||
describe Inspec::ProfileContext do
|
||||
let(:backend) { MockLoader.new.backend }
|
||||
let(:profile) { Vulcano::ProfileContext.new(nil, backend) }
|
||||
let(:profile) { Inspec::ProfileContext.new(nil, backend) }
|
||||
|
||||
it 'must be able to load empty content' do
|
||||
profile.load('', 'dummy', 1).must_be_nil
|
||||
|
@ -34,7 +34,7 @@ describe Vulcano::ProfileContext do
|
|||
load('describe true do; it { should_eq true }; end')
|
||||
.must_output ''
|
||||
profile.rules.keys.must_equal ['unknown:1']
|
||||
profile.rules.values[0].must_be_kind_of Vulcano::Rule
|
||||
profile.rules.values[0].must_be_kind_of Inspec::Rule
|
||||
end
|
||||
|
||||
it 'does not provide the expect keyword in the global DLS' do
|
||||
|
@ -44,7 +44,7 @@ describe Vulcano::ProfileContext do
|
|||
it 'provides the rule keyword in the global DSL' do
|
||||
profile.load('rule 1')
|
||||
profile.rules.keys.must_equal [1]
|
||||
profile.rules.values[0].must_be_kind_of Vulcano::Rule
|
||||
profile.rules.values[0].must_be_kind_of Inspec::Rule
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -105,7 +105,7 @@ describe Vulcano::ProfileContext do
|
|||
end
|
||||
|
||||
it 'registers the check with the provided proc' do
|
||||
check[2].must_be_kind_of Vulcano::ExpectationTarget
|
||||
check[2].must_be_kind_of Inspec::ExpectationTarget
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::AptRepo' do
|
||||
describe 'Inspec::Resources::AptRepo' do
|
||||
|
||||
it 'check apt on ubuntu' do
|
||||
resource = MockLoader.new(:ubuntu1504).load_resource('apt', 'http://archive.ubuntu.com/ubuntu/')
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::AuditPolicy' do
|
||||
describe 'Inspec::Resources::AuditPolicy' do
|
||||
it 'check audit policy parsing' do
|
||||
resource = MockLoader.new(:windows).load_resource('audit_policy')
|
||||
_(resource.send('User Account Management')).must_equal 'Success'
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::AuditDaemonConf' do
|
||||
describe 'Inspec::Resources::AuditDaemonConf' do
|
||||
it 'check audit daemon config parsing' do
|
||||
resource = MockLoader.new(:windows).load_resource('auditd_conf')
|
||||
_(resource.space_left_action).must_equal 'SYSLOG'
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::AuditDaemonRules' do
|
||||
describe 'Inspec::Resources::AuditDaemonRules' do
|
||||
it 'check audit policy parsing' do
|
||||
resource = MockLoader.new(:windows).load_resource('auditd_rules')
|
||||
_(resource.send('LIST_RULES')).must_equal [
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::Bond' do
|
||||
describe 'Inspec::Resources::Bond' do
|
||||
|
||||
it 'check linux bond on ubuntu' do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource('bond', 'bond0')
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::Bridge' do
|
||||
describe 'Inspec::Resources::Bridge' do
|
||||
|
||||
it 'check linux bridge on ubuntu' do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource('bridge', 'br0')
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::CSV' do
|
||||
describe 'Inspec::Resources::CSV' do
|
||||
it 'verify csv parsing' do
|
||||
resource = load_resource('csv', 'example.csv')
|
||||
_(resource.params).wont_equal nil
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::EtcGroup' do
|
||||
describe 'Inspec::Resources::EtcGroup' do
|
||||
let(:resource) { load_resource('etc_group') }
|
||||
|
||||
it 'verify /etc/group config parsing' do
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::Gem' do
|
||||
describe 'Inspec::Resources::Gem' do
|
||||
it 'verify gem package detail parsing' do
|
||||
resource = load_resource('gem', 'rubocop')
|
||||
pkg = {
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::Group' do
|
||||
describe 'Inspec::Resources::Group' do
|
||||
|
||||
# ubuntu 14.04
|
||||
it 'verify group on ubuntu' do
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::Host' do
|
||||
describe 'Inspec::Resources::Host' do
|
||||
|
||||
it 'check host on ubuntu' do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource('host', 'example.com')
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::InetdConf' do
|
||||
describe 'Inspec::Resources::InetdConf' do
|
||||
it 'verify limits.conf config parsing' do
|
||||
resource = load_resource('inetd_config')
|
||||
_(resource.send('shell')).must_equal nil
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::Interface' do
|
||||
describe 'Inspec::Resources::Interface' do
|
||||
|
||||
# ubuntu 14.04
|
||||
it 'verify interface on ubuntu' do
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::Iptables' do
|
||||
describe 'Inspec::Resources::Iptables' do
|
||||
|
||||
# ubuntu 14.04
|
||||
it 'verify iptables on ubuntu' do
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::JSON' do
|
||||
describe 'Inspec::Resources::JSON' do
|
||||
it 'verify json parsing' do
|
||||
resource = load_resource('json', 'policyfile.lock.json')
|
||||
_(resource.params).wont_equal nil
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::KernelModule' do
|
||||
describe 'Inspec::Resources::KernelModule' do
|
||||
it 'verify kernel_module parsing' do
|
||||
resource = load_resource('kernel_module', 'bridge')
|
||||
_(resource.loaded?).must_equal true
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::KernelParameter' do
|
||||
describe 'Inspec::Resources::KernelParameter' do
|
||||
it 'verify kernel_parameter parsing' do
|
||||
resource = load_resource('kernel_parameter', 'net.ipv4.conf.all.forwarding')
|
||||
_(resource.value).must_equal 1
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::LimitsConf' do
|
||||
describe 'Inspec::Resources::LimitsConf' do
|
||||
it 'verify limits.conf config parsing' do
|
||||
resource = load_resource('limits_conf')
|
||||
_(resource.send('*')).must_equal [['soft', 'core', '0'], ['hard', 'rss', '10000']]
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
# author: Dominik Richter
|
||||
|
||||
require 'helper'
|
||||
require 'vulcano/resource'
|
||||
require 'inspec/resource'
|
||||
|
||||
describe 'Vulcano::Resources::LoginDef' do
|
||||
describe 'Inspec::Resources::LoginDef' do
|
||||
it 'verify login.def config parsing' do
|
||||
resource = load_resource('login_defs')
|
||||
_(resource.UMASK).must_equal '022'
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
require 'helper'
|
||||
|
||||
describe 'Vulcano::Resources::MysqlConf' do
|
||||
describe 'Inspec::Resources::MysqlConf' do
|
||||
it 'verify mysql.conf config parsing' do
|
||||
resource = load_resource('mysql_conf', '/etc/mysql/my.cnf')
|
||||
_(resource.client['port']).must_equal '3306'
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue