Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-09-20 06:21:56 +00:00
Code Issues Projects Releases Packages Wiki Activity

rename vulcanosec -> inspec

Browse source
This commit is contained in:
Dominik Richter 2015-10-26 04:04:18 +01:00
parent ecc731dab1
commit b58a4b3f43
118 changed files with 436 additions and 426 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
README.md
View file

@ -1,4 +1,4 @@
# Vulcano CLI
# Inspec CLI
Test your Server, VM, or workstation.
@ -17,7 +17,7 @@ end
Run this file locally:
```bash
vulcano exec test.rb
inspec exec test.rb
```
## Installation
@ -28,20 +28,20 @@ To simply run it without installation, you must install [bundler](http://bundler
```bash
bundle install
bundle exec bin/vulcano help
bundle exec bin/inspec help
```
To install it as a gem locally, run:
```bash
gem build vulcano.gemspec
gem install vulcano-*.gem
gem build inspec.gemspec
gem install inspec-*.gem
```
You should now be able to run:
```bash
vulcano --help
inspec --help
```
## Usage
@ -52,16 +52,16 @@ Run tests against different targets:
```bash
# run test locally
vulcano exec test.rb
inspec exec test.rb
# run test on remote host on SSH
vulcano exec test.rb -t ssh://user@hostname
inspec exec test.rb -t ssh://user@hostname
# run test on remote windows host on WinRM
vulcano exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
# run test on docker container
vulcano exec test.rb -t docker://container_id
inspec exec test.rb -t docker://container_id
```
### detect
@ -70,7 +70,7 @@ Verify your configuration and detect
```bash
id=$( docker run -dti ubuntu:14.04 /bin/bash )
vulcano detect -t docker://$id
inspec detect -t docker://$id
```
Which will provide you with:
@ -87,12 +87,12 @@ application called Gordon and save it in `gordon_config.rb`:
```ruby
require 'yaml'
class GordonConfig < Vulcano.resource
class GordonConfig < Inspec.resource
name 'gordon_config'
def initialize
@path = '/etc/gordon/config.yaml'
@config = vulcano.file(@path).content
@config = inspec.file(@path).content
@params = YAML.load(@config)
end

20
bin/vulcano → bin/inspec
View file

@ -6,9 +6,9 @@
require 'thor'
require 'json'
require_relative '../lib/vulcano'
require_relative '../lib/inspec'
class VulcanoCLI < Thor
class InspecCLI < Thor
def self.target_options
option :target, aliases: :t, type: :string, default: nil,
desc: 'Simple targeting option using URIs, e.g. ssh://user:pass@host:port'
@ -44,7 +44,7 @@ class VulcanoCLI < Thor
option :output, aliases: :o, type: :string,
desc: 'Save the created profile to a path'
def json(path)
profile = Vulcano::Profile.from_path(path, options)
profile = Inspec::Profile.from_path(path, options)
dst = options[:output].to_s
if dst.empty?
puts JSON.pretty_generate(profile.info)
@ -63,7 +63,7 @@ class VulcanoCLI < Thor
def check(path)
o = options.dup
o[:logger] = Logger.new(STDOUT)
profile = Vulcano::Profile.from_path(path, o)
profile = Inspec::Profile.from_path(path, o)
exit 1 unless profile.check
end
@ -73,7 +73,7 @@ class VulcanoCLI < Thor
target_options
option :format, type: :string, default: 'progress'
def exec(*tests)
runner = Vulcano::Runner.new(options)
runner = Inspec::Runner.new(options)
runner.add_tests(tests)
runner.run
rescue RuntimeError => e
@ -83,7 +83,7 @@ class VulcanoCLI < Thor
desc 'detect', 'detect the target OS'
target_options
def detect
runner = Vulcano::Runner.new(options)
runner = Inspec::Runner.new(options)
rel = File.join(File.dirname(__FILE__), *%w{.. lib utils detect.rb})
detect_util = File.expand_path(rel)
runner.add_tests([detect_util])
@ -95,15 +95,15 @@ class VulcanoCLI < Thor
desc 'shell', 'open an interactive debugging shell'
target_options
def shell_func
runner = Vulcano::Runner.new(options)
Vulcano::Shell.new(runner).start
runner = Inspec::Runner.new(options)
Inspec::Shell.new(runner).start
rescue RuntimeError => e
puts e.message
end
desc 'version', 'prints the version of this tool'
def version
puts Vulcano::VERSION
puts Inspec::VERSION
end
end
VulcanoCLI.start(ARGV)
InspecCLI.start(ARGV)

2
examples/test-kitchen/Gemfile
View file

@ -1,7 +1,7 @@
# encoding: utf-8
source 'https://rubygems.org'
gem 'vulcano', path: '../../.'
gem 'inspec', path: '../../.'
gem 'train', git: 'git@github.com:chef/train.git'
group :test do

12
vulcano.gemspec → inspec.gemspec
View file

@ -1,15 +1,15 @@
# coding: utf-8
lib = File.expand_path('../lib', __FILE__)
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require 'vulcano/version'
require 'inspec/version'
Gem::Specification.new do |spec|
spec.name = 'vulcano'
spec.version = Vulcano::VERSION
spec.name = 'inspec'
spec.version = Inspec::VERSION
spec.authors = ['Dominik Richter']
spec.email = ['dominik@vulcanosec.com']
spec.summary = 'Validate Vulcano compliance checks.'
spec.description = 'Validate Vulcano compliance checks.'
spec.email = ['dominik.richter@gmail.com']
spec.summary = 'Validate Inspec compliance checks.'
spec.description = 'Validate Inspec compliance checks.'
spec.homepage = 'https://github.com/...'
spec.license = 'Proprietary'

14
lib/vulcano.rb → lib/inspec.rb
View file

@ -10,11 +10,11 @@ Encoding.default_internal = Encoding::UTF_8
libdir = File.dirname(__FILE__)
$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
require 'vulcano/version'
require 'vulcano/profile'
require 'vulcano/resource'
require 'vulcano/rspec_json_formatter'
require 'vulcano/rule'
require 'vulcano/runner'
require 'vulcano/shell'
require 'inspec/version'
require 'inspec/profile'
require 'inspec/resource'
require 'inspec/rspec_json_formatter'
require 'inspec/rule'
require 'inspec/runner'
require 'inspec/shell'
require 'matchers/matchers'

4
lib/vulcano/backend.rb → lib/inspec/backend.rb
View file

@ -6,7 +6,7 @@
require 'train'
module Vulcano
module Inspec
module Backend
# Create the transport backend with aggregated resources.
#
@ -29,7 +29,7 @@ module Vulcano
define_method :backend do
connection
end
Vulcano::Resource.registry.each do |id, r|
Inspec::Resource.registry.each do |id, r|
define_method id.to_sym do |*args|
r.new(self, id.to_s, *args)
end

35
lib/vulcano/dsl.rb → lib/inspec/dsl.rb
View file

@ -4,13 +4,13 @@
# author: Dominik Richter
# author: Christoph Hartmann
module Vulcano::DSL
module Inspec::DSL
def require_rules(id, &block)
::Vulcano::DSL.load_spec_files_for_profile self, id, false, &block
::Inspec::DSL.load_spec_files_for_profile self, id, false, &block
end
def include_rules(id, &block)
::Vulcano::DSL.load_spec_files_for_profile self, id, true, &block
::Inspec::DSL.load_spec_files_for_profile self, id, true, &block
end
# Register a given rule with RSpec and
@ -18,18 +18,18 @@ module Vulcano::DSL
# else is merged in.
def self.execute_rule(r, profile_id)
checks = r.instance_variable_get(:@checks)
fid = VulcanoBaseRule.full_id(r, profile_id)
fid = InspecBaseRule.full_id(r, profile_id)
checks.each do |m, a, b|
# check if the resource is skippable and skipped
if a.is_a?(Array) && !a.empty? &&
a[0].respond_to?(:resource_skipped) &&
!a[0].resource_skipped.nil?
cres = ::Vulcano::Rule.__send__(m, *a) do
cres = ::Inspec::Rule.__send__(m, *a) do
it a[0].resource_skipped
end
else
# execute the method
cres = ::Vulcano::Rule.__send__(m, *a, &b)
cres = ::Inspec::Rule.__send__(m, *a, &b)
end
if m == 'describe'
set_rspec_ids(cres, fid)
@ -42,7 +42,7 @@ module Vulcano::DSL
# merge two rules completely; all defined
# fields from src will be overwritten in dst
def self.merge_rules(dst, src)
VulcanoBaseRule.merge dst, src
InspecBaseRule.merge dst, src
end
# Attach an ID attribute to the
@ -61,7 +61,7 @@ module Vulcano::DSL
raw = File.read(file)
# TODO: error-handling
ctx = Vulcano::ProfileContext.new(profile_id, rule_registry, only_ifs)
ctx = Inspec::ProfileContext.new(profile_id, rule_registry, only_ifs)
ctx.instance_eval(raw, file, 1)
end
@ -79,7 +79,7 @@ module Vulcano::DSL
# interpret the block and create a set of rules from it
block_registry = {}
if block_given?
ctx = Vulcano::ProfileContext.new(profile_id, block_registry, only_ifs)
ctx = Inspec::ProfileContext.new(profile_id, block_registry, only_ifs)
ctx.instance_eval(&block)
end
@ -110,7 +110,7 @@ module Vulcano::DSL
end
def self.get_spec_files_for_profile(id)
base_path = '/etc/vulcanosec/tests'
base_path = '/etc/inspec/tests'
path = File.join(base_path, id)
# find all files to be included
files = []
@ -126,28 +126,25 @@ module Vulcano::DSL
end
end
module Vulcano::GlobalDSL
module Inspec::GlobalDSL
def __register_rule(r)
# make sure the profile id is attached to the rule
::Vulcano::DSL.execute_rule(r, __profile_id)
::Inspec::DSL.execute_rule(r, __profile_id)
end
def __unregister_rule(_id)
end
end
module Vulcano::DSLHelper
module Inspec::DSLHelper
def self.bind_dsl(scope)
# rubocop:disable Lint/NestedMethodDefinition
(class << scope; self; end).class_exec do
include Vulcano::DSL
include Vulcano::GlobalDSL
def __profile_id
ENV['VULCANOSEC_PROFILE_ID']
end
include Inspec::DSL
include Inspec::GlobalDSL
end
# rubocop:enable all
end
end
::Vulcano::DSLHelper.bind_dsl(self)
::Inspec::DSLHelper.bind_dsl(self)

2
lib/vulcano/log.rb → lib/inspec/log.rb
View file

@ -5,7 +5,7 @@
require 'rainbow/ext/string'
module Vulcano
module Inspec
class Log
def initialize(opts = {})
@quiet = opts[:quiet] || false

2
lib/vulcano/metadata.rb → lib/inspec/metadata.rb
View file

@ -5,7 +5,7 @@
require 'logger'
module Vulcano
module Inspec
# Extract metadata.rb information
class Metadata
attr_reader :params

4
lib/vulcano/plugins.rb → lib/inspec/plugins.rb
View file

@ -2,8 +2,8 @@
# author: Dominik Richter
# author: Christoph Hartmann
module Vulcano
module Inspec
module Plugins
autoload :Resource, 'vulcano/plugins/resource'
autoload :Resource, 'inspec/plugins/resource'
end
end

10
lib/vulcano/plugins/resource.rb → lib/inspec/plugins/resource.rb
View file

@ -2,19 +2,19 @@
# author: Dominik Richter
# author: Christoph Hartmann
module Vulcano
module Inspec
module Plugins
class Resource
def self.name(name = nil)
return if name.nil?
Vulcano::Plugins::Resource.__register(name, self)
Inspec::Plugins::Resource.__register(name, self)
end
def self.__register(name, obj)
# rubocop:disable Lint/NestedMethodDefinition
cl = Class.new(obj) do
# add some common methods
include Vulcano::Plugins::ResourceCommon
include Inspec::Plugins::ResourceCommon
def initialize(backend, name, *args)
# attach the backend to this instance
@__backend_runner__ = backend
@ -23,14 +23,14 @@ module Vulcano
super(*args)
end
def vulcano
def inspec
@__backend_runner__
end
end
# rubocop:enable Lint/NestedMethodDefinition
# add the resource to the registry by name
Vulcano::Resource.registry[name] = cl
Inspec::Resource.registry[name] = cl
end
# Define methods which are available to all resources

4
lib/vulcano/profile.rb → lib/inspec/profile.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
# author: Christoph Hartmann
require 'vulcano/metadata'
require 'inspec/metadata'
module Vulcano
module Inspec
class Profile
def self.from_path(path, options = nil)
opt = options.dup || {}

18
lib/vulcano/profile_context.rb → lib/inspec/profile_context.rb
View file

@ -2,11 +2,11 @@
# author: Dominik Richter
# author: Christoph Hartmann
require 'vulcano/rule'
require 'vulcano/dsl'
require 'inspec/rule'
require 'inspec/dsl'
require 'rspec/core/dsl'
module Vulcano
module Inspec
class ProfileContext
attr_reader :rules, :only_ifs
def initialize(profile_id, backend, profile_registry = {}, only_ifs = [])
@ -31,13 +31,13 @@ module Vulcano
end
def unregister_rule(id)
full_id = Vulcano::Rule.full_id(@profile_id, id)
full_id = Inspec::Rule.full_id(@profile_id, id)
@rules[full_id] = nil
end
def register_rule(r)
# get the full ID
full_id = Vulcano::Rule.full_id(@profile_id, r)
full_id = Inspec::Rule.full_id(@profile_id, r)
if full_id.nil?
# TODO: error
return
@ -48,7 +48,7 @@ module Vulcano
if existing.nil?
@rules[full_id] = r
else
Vulcano::Rule.merge(existing, r)
Inspec::Rule.merge(existing, r)
end
end
@ -62,7 +62,7 @@ module Vulcano
# @return [InnerDSLModule]
def create_inner_dsl(backend)
Module.new do
Vulcano::Resource.registry.each do |id, r|
Inspec::Resource.registry.each do |id, r|
define_method id.to_sym do |*args|
r.new(backend, id.to_s, *args)
end
@ -76,7 +76,7 @@ module Vulcano
# @param dsl [InnerDSLModule] which contains all resources
# @return [OuterDSLClass]
def create_outer_dsl(dsl)
rule_class = Class.new(Vulcano::Rule) do
rule_class = Class.new(Inspec::Rule) do
include RSpec::Core::DSL
include dsl
end
@ -127,7 +127,7 @@ module Vulcano
# rubocop:disable Lint/NestedMethodDefinition
Class.new(outer_dsl) do
include Vulcano::DSL
include Inspec::DSL
define_method :__register_rule do |*args|
profile_context_owner.register_rule(*args)

6
lib/vulcano/resource.rb → lib/inspec/resource.rb
View file

@ -4,9 +4,9 @@
# author: Dominik Richter
# author: Christoph Hartmann
require 'vulcano/plugins'
require 'inspec/plugins'
module Vulcano
module Inspec
class Resource
def self.registry
@registry ||= {}
@ -17,7 +17,7 @@ module Vulcano
if version != 1
fail 'Only resource version 1 is supported!'
end
Vulcano::Plugins::Resource
Inspec::Plugins::Resource
end
end

0
lib/vulcano/rspec_json_formatter.rb → lib/inspec/rspec_json_formatter.rb
View file

2
lib/vulcano/rule.rb → lib/inspec/rule.rb
View file

@ -7,7 +7,7 @@
require 'rspec/expectations'
require 'method_source'
module Vulcano
module Inspec
class ExpectationTarget
attr_reader :calls, :value, :block
def initialize(value, &block)

16
lib/vulcano/runner.rb → lib/inspec/runner.rb
View file

@ -5,15 +5,15 @@
# author: Christoph Hartmann
require 'uri'
require 'vulcano/backend'
require 'vulcano/profile_context'
require 'vulcano/targets'
require 'inspec/backend'
require 'inspec/profile_context'
require 'inspec/targets'
# spec requirements
require 'rspec'
require 'rspec/its'
require 'vulcano/rspec_json_formatter'
require 'inspec/rspec_json_formatter'
module Vulcano
module Inspec
class Runner
attr_reader :tests, :backend, :rules
def initialize(conf = {})
@ -39,13 +39,13 @@ module Vulcano
end
def configure_transport
@backend = Vulcano::Backend.create(@conf)
@backend = Inspec::Backend.create(@conf)
end
def add_tests(tests)
# retrieve the raw ruby code of all tests
items = tests.map do |test|
Vulcano::Targets.resolve(test)
Inspec::Targets.resolve(test)
end
# add all tests (raw) to the runtime
@ -55,7 +55,7 @@ module Vulcano
end
def create_context
Vulcano::ProfileContext.new(@profile_id, @backend)
Inspec::ProfileContext.new(@profile_id, @backend)
end
def add_content(content, source, line = nil)

6
lib/vulcano/shell.rb → lib/inspec/shell.rb
View file

@ -2,7 +2,7 @@
# author: Dominik Richter
# author: Christoph Hartmann
module Vulcano
module Inspec
class Shell
def initialize(runner)
@runner = runner
@ -38,7 +38,7 @@ module Vulcano
end
def intro
puts 'Welcome to the interactive Vulcano Shell'
puts 'Welcome to the interactive Inspec Shell'
puts "To find out how to use it, type: #{mark 'usage'}"
puts
end
@ -47,7 +47,7 @@ module Vulcano
ctx = @runner.backend
puts <<EOF
Welcome to the interactive Vulcano Shell.
Welcome to the interactive Inspec Shell.
You can use resources in this environment to test the target machine.
For example:

9
lib/inspec/targets.rb Normal file
View file

@ -0,0 +1,9 @@
# encoding: utf-8
# author: Dominik Richter
# author: Christoph Hartmann
require 'inspec/targets/core'
require 'inspec/targets/file'
require 'inspec/targets/folder'
require 'inspec/targets/url'
require 'inspec/targets/dir'

2
lib/vulcano/targets/core.rb → lib/inspec/targets/core.rb
View file

@ -4,7 +4,7 @@
require 'utils/modulator'
module Vulcano
module Inspec
module Targets
extend Modulator

2
lib/vulcano/targets/dir.rb → lib/inspec/targets/dir.rb
View file

@ -2,7 +2,7 @@
# author: Dominik Richter
# author: Christoph Hartmann
module Vulcano::Targets
module Inspec::Targets
module DirsHelper
class ProfileDir
def handles?(paths)

4
lib/vulcano/targets/file.rb → lib/inspec/targets/file.rb
View file

@ -2,7 +2,7 @@
# author: Dominik Richter
# author: Christoph Hartmann
module Vulcano::Targets
module Inspec::Targets
class FileHelper
def handles?(target)
File.file?(target) and target.end_with?('.rb')
@ -16,5 +16,5 @@ module Vulcano::Targets
end
end
Vulcano::Targets.add_module('file', FileHelper.new)
Inspec::Targets.add_module('file', FileHelper.new)
end

10
lib/vulcano/targets/folder.rb → lib/inspec/targets/folder.rb
View file

@ -2,10 +2,10 @@
# author: Dominik Richter
# author: Christoph Hartmann
require 'vulcano/targets/dir'
require 'vulcano/targets/file'
require 'inspec/targets/dir'
require 'inspec/targets/file'
module Vulcano::Targets
module Inspec::Targets
class FolderHelper
def handles?(target)
File.directory?(target)
@ -23,7 +23,7 @@ module Vulcano::Targets
end
# get all test file contents
file_handler = Vulcano::Targets.modules['file']
file_handler = Inspec::Targets.modules['file']
raw_files = helper.get_filenames(files)
raw_files.map do |f|
file_handler.resolve(File.join(target, f))
@ -31,5 +31,5 @@ module Vulcano::Targets
end
end
Vulcano::Targets.add_module('folder', FolderHelper.new)
Inspec::Targets.add_module('folder', FolderHelper.new)
end

2
lib/vulcano/targets/tar.rb → lib/inspec/targets/tar.rb
View file

@ -5,7 +5,7 @@
require 'rubygems/package'
require 'zlib'
module Vulcano::Targets
module Inspec::Targets
class TarHelper
def structure(input)
files = []

8
lib/vulcano/targets/url.rb → lib/inspec/targets/url.rb
View file

@ -5,9 +5,9 @@
require 'uri'
require 'tempfile'
require 'open-uri'
require 'vulcano/targets/zip'
require 'inspec/targets/zip'
module Vulcano::Targets
module Inspec::Targets
class UrlHelper
def handles?(target)
uri = URI.parse(target)
@ -24,7 +24,7 @@ module Vulcano::Targets
end
def resolve_zip(url)
zipfile = Tempfile.new('vulcano-dl-')
zipfile = Tempfile.new('inspec-dl-')
zipfile.binmode
zipfile.write(open(url).read)
zipfile.rewind
@ -35,5 +35,5 @@ module Vulcano::Targets
end
end
Vulcano::Targets.add_module('url', UrlHelper.new)
Inspec::Targets.add_module('url', UrlHelper.new)
end

6
lib/vulcano/targets/zip.rb → lib/inspec/targets/zip.rb
View file

@ -3,9 +3,9 @@
# author: Christoph Hartmann
require 'zip'
require 'vulcano/targets/dir'
require 'inspec/targets/dir'
module Vulcano::Targets
module Inspec::Targets
class ZipHelper
def content(input, _filter)
content = []
@ -39,7 +39,7 @@ module Vulcano::Targets
end
# get all file contents
# @TODO
_file_handler = Vulcano::Targets.modules['file']
_file_handler = Inspec::Targets.modules['file']
test_files = helper.get_filenames(files)
content(path, test_files)
end

2
lib/vulcano/version.rb → lib/inspec/version.rb
View file

@ -2,6 +2,6 @@
# author: Dominik Richter
# author: Christoph Hartmann
module Vulcano
module Inspec
VERSION = '0.8.0'
end

6
lib/resources/apache_conf.rb
View file

@ -7,7 +7,7 @@
require 'utils/simpleconfig'
require 'utils/find_files'
class ApacheConf < Vulcano.resource(1)
class ApacheConf < Inspec.resource(1)
name 'apache_conf'
include FindFiles
@ -49,7 +49,7 @@ class ApacheConf < Vulcano.resource(1)
@params = {}
# skip if the main configuration file doesn't exist
file = vulcano.file(@conf_path)
file = inspec.file(@conf_path)
if !file.file?
return skip_resource "Can't find file \"#{@conf_path}\""
end
@ -104,7 +104,7 @@ class ApacheConf < Vulcano.resource(1)
end
def read_file(path)
@files_contents[path] ||= vulcano.file(path).content
@files_contents[path] ||= inspec.file(path).content
end
def to_s

6
lib/resources/apt.rb
View file

@ -28,13 +28,13 @@
require 'uri'
class AptRepository < Vulcano.resource(1)
class AptRepository < Inspec.resource(1)
name 'apt'
def initialize(ppa_name)
@deb_url = nil
# check if the os is ubuntu or debian
if vulcano.os.debian?
if inspec.os.debian?
@deb_url = determine_ppa_url(ppa_name)
else
# this resource is only supported on ubuntu and debian
@ -70,7 +70,7 @@ class AptRepository < Vulcano.resource(1)
return @repo_cache if defined?(@repo_cache)
# load all lists
cmd = vulcano.command("find /etc/apt/ -name \*.list -exec sh -c 'cat {} || echo -n' \\;")
cmd = inspec.command("find /etc/apt/ -name \*.list -exec sh -c 'cat {} || echo -n' \\;")
# @see https://help.ubuntu.com/community/Repositories/CommandLine#Explanation_of_the_Repository_Format
@repo_cache = cmd.stdout.chomp.split("\n").each_with_object([]) do |raw_line, lines|

4
lib/resources/audit_policy.rb
View file

@ -30,7 +30,7 @@
# its('Other Account Logon Events') { should_not eq 'No Auditing' }
# end
class AuditPolicy < Vulcano.resource(1)
class AuditPolicy < Inspec.resource(1)
name 'audit_policy'
def method_missing(method)
@ -39,7 +39,7 @@ class AuditPolicy < Vulcano.resource(1)
# expected result:
# Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
# WIN-MB8NINQ388J,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,
result ||= vulcano.command("Auditpol /get /subcategory:'#{key}' /r").stdout
result ||= inspec.command("Auditpol /get /subcategory:'#{key}' /r").stdout
# find line
target = nil

4
lib/resources/auditd_conf.rb
View file

@ -13,7 +13,7 @@ require 'utils/simpleconfig'
# its("admin_space_left_action") { should eq "halt" }
# end
class AuditDaemonConf < Vulcano.resource(1)
class AuditDaemonConf < Inspec.resource(1)
name 'auditd_conf'
def initialize(path = nil)
@ -34,7 +34,7 @@ class AuditDaemonConf < Vulcano.resource(1)
return @params if defined?(@params)
# read the file
file = vulcano.file(@conf_path)
file = inspec.file(@conf_path)
if !file.file?
skip_resource "Can't find file '#{@conf_path}'"
return @params = {}

6
lib/resources/auditd_rules.rb
View file

@ -12,11 +12,11 @@
# its("LIST_RULES") {should contain_match(/^exit,always watch=\/etc\/localtime perm=wa key=time-change/)}
# end
class AuditDaemonRules < Vulcano.resource(1)
class AuditDaemonRules < Inspec.resource(1)
name 'auditd_rules'
def initialize
@content = vulcano.command('/sbin/auditctl -l').stdout.chomp
@content = inspec.command('/sbin/auditctl -l').stdout.chomp
@opts = {
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
@ -37,7 +37,7 @@ class AuditDaemonRules < Vulcano.resource(1)
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
multiple_values: false,
}
@status_content ||= vulcano.command('/sbin/auditctl -s').stdout.chomp
@status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp
@status_params = SimpleConfig.new(@status_content, @status_opts).params
status = @status_params['AUDIT_STATUS']

4
lib/resources/bond.rb
View file

@ -10,14 +10,14 @@ require 'resources/file'
# it { should have_interface 'eth0' }
# end
module Vulcano::Resources
module Inspec::Resources
class Bond < File
name 'bond'
def initialize(bond)
@bond = bond
@path = "/proc/net/bonding/#{bond}"
@file = vulcano.file(@path)
@file = inspec.file(@path)
@content = nil
@params = {}
@loaded = false

23
lib/resources/bridge.rb
View file

@ -8,17 +8,17 @@
# it { should have_interface 'eth0' }
# end
class Bridge < Vulcano.resource(1)
class Bridge < Inspec.resource(1)
name 'bridge'
def initialize(bridge_name)
@bridge_name = bridge_name
@bridge_provider = nil
if vulcano.os.linux?
@bridge_provider = LinuxBridge.new(vulcano)
elsif vulcano.os.windows?
@bridge_provider = WindowsBridge.new(vulcano)
if inspec.os.linux?
@bridge_provider = LinuxBridge.new(inspec)
elsif inspec.os.windows?
@bridge_provider = WindowsBridge.new(inspec)
else
return skip_resource 'The `bridge` resource is not supported on your OS yet.'
end
@ -29,7 +29,7 @@ class Bridge < Vulcano.resource(1)
end
def has_interface?(interface)
return skip_resource 'The `bridge` resource does not provide interface detection for Windows yet' if vulcano.os.windows?
return skip_resource 'The `bridge` resource does not provide interface detection for Windows yet' if inspec.os.windows?
bridge_info.nil? ? false : bridge_info[:interfaces].include?(interface)
end
@ -50,8 +50,9 @@ class Bridge < Vulcano.resource(1)
end
class BridgeDetection
def initialize(vulcano)
@vulcano = vulcano
attr_reader :inspec
def initialize(inspec)
@inspec = inspec
end
end
@ -63,11 +64,11 @@ end
class LinuxBridge < BridgeDetection
def bridge_info(bridge_name)
# read bridge information
bridge = @vulcano.file("/sys/class/net/#{bridge_name}/bridge").directory?
bridge = inspec.file("/sys/class/net/#{bridge_name}/bridge").directory?
return nil unless bridge
# load interface names
interfaces = @vulcano.command("ls -1 /sys/class/net/#{bridge_name}/brif/")
interfaces = inspec.command("ls -1 /sys/class/net/#{bridge_name}/brif/")
interfaces = interfaces.stdout.chomp.split("\n")
{
name: bridge_name,
@ -84,7 +85,7 @@ end
class WindowsBridge < BridgeDetection
def bridge_info(bridge_name)
# find all bridge adapters
cmd = @vulcano.command('Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json')
cmd = inspec.command('Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json')
# filter network interface
begin

6
lib/resources/command.rb
View file

@ -12,14 +12,14 @@
# its(:exit_status) { should eq 0 }
# end
class Cmd < Vulcano.resource(1)
class Cmd < Inspec.resource(1)
name 'command'
def initialize(cmd)
@command = cmd
end
def result
@result ||= vulcano.backend.run_command(@command)
@result ||= inspec.backend.run_command(@command)
end
def stdout
@ -35,7 +35,7 @@ class Cmd < Vulcano.resource(1)
end
def exist?
res = vulcano.backend.run_command("type \"#{@command}\" > /dev/null")
res = inspec.backend.run_command("type \"#{@command}\" > /dev/null")
res.exit_status.to_i == 0
end

2
lib/resources/directory.rb
View file

@ -4,7 +4,7 @@
require 'resources/file'
module Vulcano::Resources
module Inspec::Resources
class Directory < File
name 'directory'
end

6
lib/resources/etc_group.rb
View file

@ -24,7 +24,7 @@
require 'utils/convert'
require 'utils/parser'
class EtcGroup < Vulcano.resource(1)
class EtcGroup < Inspec.resource(1)
include Converter
include ContentParser
@ -37,7 +37,7 @@ class EtcGroup < Vulcano.resource(1)
# skip resource if it is not supported on current OS
return skip_resource 'The `etc_group` resource is not supported on your OS.' \
unless %w{ubuntu debian redhat fedora arch darwin freebsd}.include?(vulcano.os[:family])
unless %w{ubuntu debian redhat fedora arch darwin freebsd}.include?(inspec.os[:family])
end
def groups(filter = nil)
@ -90,7 +90,7 @@ class EtcGroup < Vulcano.resource(1)
private
def parse_group(path)
@content = vulcano.file(path).content
@content = inspec.file(path).content
# iterate over each line and filter comments
@content.split("\n").each_with_object([]) do |line, lines|
grp_info = parse_group_line(line)

12
lib/resources/file.rb
View file

@ -4,14 +4,14 @@
# author: Christoph Hartmann
# license: All rights reserved
module Vulcano::Resources
class File < Vulcano.resource(1)
module Inspec::Resources
class File < Inspec.resource(1)
name 'file'
attr_reader :path
def initialize(path)
@path = path
@file = vulcano.backend.file(@path)
@file = inspec.backend.file(@path)
end
%w{
@ -79,16 +79,16 @@ module Vulcano::Resources
# check permissions on linux
def check_user_access(user, file, flag)
if vulcano.os.linux? == true
if inspec.os.linux? == true
# use sh on linux
perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{file}\" #{user}"
elsif vulcano.os[:family] == 'freebsd'
elsif inspec.os[:family] == 'freebsd'
# use sudo on freebsd
perm_cmd = "sudo -u #{user} test -#{flag} #{file}"
end
if !perm_cmd.nil?
cmd = vulcano.command(perm_cmd)
cmd = inspec.command(perm_cmd)
cmd.exit_status == 0 ? true : false
else
return skip_resource 'The `file` resource does not support `by_user` on your OS.'

4
lib/resources/gem.rb
View file

@ -6,7 +6,7 @@
# describe gem('rubocop') do
# it { should be_installed }
# end
class GemPackage < Vulcano.resource(1)
class GemPackage < Inspec.resource(1)
name 'gem'
def initialize(package_name)
@ -16,7 +16,7 @@ class GemPackage < Vulcano.resource(1)
def info
return @info if defined?(@info)
cmd = vulcano.command("gem list --local -a -q \^#{@package_name}\$")
cmd = inspec.command("gem list --local -a -q \^#{@package_name}\$")
@info = {
installed: cmd.exit_status == 0,
type: 'gem',

19
lib/resources/group.rb
View file

@ -13,7 +13,7 @@
# it { should have_gid 0 }
# end
class Group < Vulcano.resource(1)
class Group < Inspec.resource(1)
name 'group'
def initialize(groupname, domain = nil)
@ -25,10 +25,10 @@ class Group < Vulcano.resource(1)
# select group manager
@group_provider = nil
if vulcano.os.unix?
@group_provider = UnixGroup.new(vulcano)
elsif vulcano.os.windows?
@group_provider = WindowsGroup.new(vulcano)
if inspec.os.unix?
@group_provider = UnixGroup.new(inspec)
elsif inspec.os.windows?
@group_provider = WindowsGroup.new(inspec)
else
return skip_resource 'The `group` resource is not supported on your OS yet.'
end
@ -82,15 +82,16 @@ class Group < Vulcano.resource(1)
end
class GroupInfo
def initialize(vulcano)
@vulcano = vulcano
attr_reader :inspec
def initialize(inspec)
@inspec = inspec
end
end
# implements generic unix groups via /etc/group
class UnixGroup < GroupInfo
def group_info(group, _domain = nil)
@vulcano.etc_group.where(name: group).entries.map { |grp|
inspec.etc_group.where(name: group).entries.map { |grp|
{
name: grp['name'],
gid: grp['gid'],
@ -101,7 +102,7 @@ end
class WindowsGroup < GroupInfo
def group_info(compare_group, compare_domain = nil)
cmd = @vulcano.command('Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json')
cmd = inspec.command('Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json')
# cannot rely on exit code for now, successful command returns exit code 1
# return nil if cmd.exit_status != 0, try to parse json

4
lib/resources/group_policy.rb
View file

@ -15,13 +15,13 @@ def gpo(policy_path, policy_name)
end
# Group Policy
class GroupPolicy < Vulcano.resource(1)
class GroupPolicy < Inspec.resource(1)
name 'group_policy'
def get_registry_value(entry)
keys = entry['registry_information'][0]
cmd = "(Get-Item 'Registry::#{keys['path']}').GetValue('#{keys['key']}')"
command_result ||= vulcano.command(cmd)
command_result ||= inspec.command(cmd)
val = { exit_code: command_result.exit_status.to_i, data: command_result.stdout }
val
end

23
lib/resources/host.rb
View file

@ -24,7 +24,7 @@
# it { should be_resolvable.by('dns') }
# end
class Host < Vulcano.resource(1)
class Host < Inspec.resource(1)
name 'host'
def initialize(hostname, params = {})
@ -33,10 +33,10 @@ class Host < Vulcano.resource(1)
@proto = params[:proto] || nil
@host_provider = nil
if vulcano.os.linux?
@host_provider = LinuxHostProvider.new(vulcano)
elsif vulcano.os.windows?
@host_provider = WindowsHostProvider.new(vulcano)
if inspec.os.linux?
@host_provider = LinuxHostProvider.new(inspec)
elsif inspec.os.windows?
@host_provider = WindowsHostProvider.new(inspec)
else
return skip_resource 'The `host` resource is not supported on your OS yet.'
end
@ -76,8 +76,9 @@ class Host < Vulcano.resource(1)
end
class HostProvider
def initialize(vulcano)
@vulcano = vulcano
attr_reader :inspec
def initialize(inspec)
@inspec = inspec
end
end
@ -86,13 +87,13 @@ class LinuxHostProvider < HostProvider
def ping(hostname, _port = nil, _proto = nil)
# fall back to ping, but we can only test ICMP packages with ping
# therefore we have to skip the test, if we do not have everything on the node to run the test
ping = @vulcano.command("ping -w 1 -c 1 #{hostname}")
ping = inspec.command("ping -w 1 -c 1 #{hostname}")
ping.exit_status.to_i != 0 ? false : true
end
def resolve(hostname)
# TODO: we rely on getent hosts for now, but it prefers to return IPv6, only then IPv4
cmd = @vulcano.command("getent hosts #{hostname}")
cmd = inspec.command("getent hosts #{hostname}")
return nil if cmd.exit_status.to_i != 0
# extract ip adress
@ -117,7 +118,7 @@ class WindowsHostProvider < HostProvider
request += '| Select-Object -Property ComputerName, RemoteAddress, RemotePort, SourceAddress, PingSucceeded | ConvertTo-Json'
p request
request += '| Select-Object -Property ComputerName, PingSucceeded | ConvertTo-Json'
cmd = @vulcano.command(request)
cmd = inspec.command(request)
begin
ping = JSON.parse(cmd.stdout)
@ -129,7 +130,7 @@ class WindowsHostProvider < HostProvider
end
def resolve(hostname)
cmd = @vulcano.command("Resolve-DnsName Type A #{hostname} | ConvertTo-Json")
cmd = inspec.command("Resolve-DnsName Type A #{hostname} | ConvertTo-Json")
begin
resolv = JSON.parse(cmd.stdout)
rescue JSON::ParserError => _e

4
lib/resources/inetd_conf.rb
View file

@ -14,7 +14,7 @@ require 'utils/simpleconfig'
# its('exec') { should eq nil }
# end
class InetdConf < Vulcano.resource(1)
class InetdConf < Inspec.resource(1)
name 'inetd_config'
def initialize(path = nil)
@ -29,7 +29,7 @@ class InetdConf < Vulcano.resource(1)
return @params if defined?(@params)
# read the file
file = vulcano.file(@conf_path)
file = inspec.file(@conf_path)
if !file.file?
skip_resource "Can't find file \"#{@conf_path}\""
return @params = {}

19
lib/resources/interface.rb
View file

@ -11,17 +11,17 @@
require 'utils/convert'
class NetworkInterface < Vulcano.resource(1)
class NetworkInterface < Inspec.resource(1)
name 'interface'
def initialize(iface)
@iface = iface
@interface_provider = nil
if vulcano.os.linux?
@interface_provider = LinuxInterface.new(vulcano)
elsif vulcano.os.windows?
@interface_provider = WindowsInterface.new(vulcano)
if inspec.os.linux?
@interface_provider = LinuxInterface.new(inspec)
elsif inspec.os.windows?
@interface_provider = WindowsInterface.new(inspec)
else
return skip_resource 'The `interface` resource is not supported on your OS yet.'
end
@ -54,15 +54,16 @@ end
class InterfaceInfo
include Converter
def initialize(vulcano)
@vulcano = vulcano
attr_reader :inspec
def initialize(inspec)
@inspec = inspec
end
end
class LinuxInterface < InterfaceInfo
def interface_info(iface)
# will return "[mtu]\n1500\n[type]\n1"
cmd = @vulcano.command("find /sys/class/net/#{iface}/ -type f -maxdepth 1 -exec sh -c 'echo \"[$(basename {})]\"; cat {} || echo -n' \\;")
cmd = inspec.command("find /sys/class/net/#{iface}/ -type f -maxdepth 1 -exec sh -c 'echo \"[$(basename {})]\"; cat {} || echo -n' \\;")
return nil if cmd.exit_status.to_i != 0
# parse values, we only recieve values, therefore we threat them as keys
@ -96,7 +97,7 @@ end
class WindowsInterface < InterfaceInfo
def interface_info(iface)
# gather all network interfaces
cmd = @vulcano.command('Get-NetAdapter | Select-Object -Property Name, InterfaceDescription, Status, State, MacAddress, LinkSpeed, ReceiveLinkSpeed, TransmitLinkSpeed, Virtual | ConvertTo-Json')
cmd = inspec.command('Get-NetAdapter | Select-Object -Property Name, InterfaceDescription, Status, State, MacAddress, LinkSpeed, ReceiveLinkSpeed, TransmitLinkSpeed, Virtual | ConvertTo-Json')
# filter network interface
begin

6
lib/resources/iptables.rb
View file

@ -21,7 +21,7 @@
# @see http://ipset.netfilter.org/iptables.man.html
# @see http://ipset.netfilter.org/iptables.man.html
# @see https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
class IpTables < Vulcano.resource(1)
class IpTables < Inspec.resource(1)
name 'iptables'
def initialize(params = {})
@ -29,7 +29,7 @@ class IpTables < Vulcano.resource(1)
@chain = params[:chain] || nil
# we're done if we are on linux
return if vulcano.os.linux?
return if inspec.os.linux?
# ensures, all calls are aborted for non-supported os
@iptables_cache = []
@ -52,7 +52,7 @@ class IpTables < Vulcano.resource(1)
# construct iptables command to read all rules
@table.nil? ? table_cmd = '' : table_cmd = " -t #{@table} "
@chain.nil? ? chain_cmd = '' : chain_cmd = " #{@chain}"
cmd = vulcano.command(format('iptables %s -S %s', table_cmd, chain_cmd).strip)
cmd = inspec.command(format('iptables %s -S %s', table_cmd, chain_cmd).strip)
return [] if cmd.exit_status.to_i != 0
# split rules, returns array or rules

4
lib/resources/json.rb
View file

@ -7,7 +7,7 @@
# describe json('policyfile.lock.json') do
# its('cookbook_locks.omnibus.version') { should eq('2.2.0') }
# end
class JsonConfig < Vulcano.resource(1)
class JsonConfig < Inspec.resource(1)
name 'json'
# make params readable
@ -15,7 +15,7 @@ class JsonConfig < Vulcano.resource(1)
def initialize(path)
@path = path
@file_content = vulcano.file(@path).content
@file_content = inspec.file(@path).content
@params = parse(@file_content)
end

8
lib/resources/kernel_module.rb
View file

@ -8,24 +8,24 @@
# describe kernel_module('bridge') do
# it { should be_loaded }
# end
class KernelModule < Vulcano.resource(1)
class KernelModule < Inspec.resource(1)
name 'kernel_module'
def initialize(modulename = nil)
@module = modulename
# this resource is only supported on Linux
return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !vulcano.os.linux?
return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
end
def loaded?
# default lsmod command
lsmod_cmd = 'lsmod'
# special care for CentOS 5 and sudo
lsmod_cmd = '/sbin/lsmod' if vulcano.os[:family] == 'centos' && vulcano.os[:release].to_i == 5
lsmod_cmd = '/sbin/lsmod' if inspec.os[:family] == 'centos' && inspec.os[:release].to_i == 5
# get list of all modules
cmd = vulcano.command(lsmod_cmd)
cmd = inspec.command(lsmod_cmd)
return false if cmd.exit_status != 0
# check if module is loaded

6
lib/resources/kernel_parameter.rb
View file

@ -6,18 +6,18 @@
# describe kernel_parameter('net.ipv4.conf.all.forwarding') do
# its(:value) { should eq 0 }
# end
class KernelParameter < Vulcano.resource(1)
class KernelParameter < Inspec.resource(1)
name 'kernel_parameter'
def initialize(parameter = nil)
@parameter = parameter
# this resource is only supported on Linux
return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !vulcano.os.linux?
return skip_resource 'The `kernel_parameter` resource is not supported on your OS.' if !inspec.os.linux?
end
def value
cmd = vulcano.command("/sbin/sysctl -q -n #{@parameter}")
cmd = inspec.command("/sbin/sysctl -q -n #{@parameter}")
return nil if cmd.exit_status != 0
# remove whitespace
cmd = cmd.stdout.chomp.strip

4
lib/resources/limits_conf.rb
View file

@ -12,7 +12,7 @@ require 'utils/simpleconfig'
# its('*') { should include ['hard','core','0'] }
# end
class LimitsConf < Vulcano.resource(1)
class LimitsConf < Inspec.resource(1)
name 'limits_conf'
def initialize(path = nil)
@ -27,7 +27,7 @@ class LimitsConf < Vulcano.resource(1)
return @params if defined?(@params)
# read the file
file = vulcano.file(@conf_path)
file = inspec.file(@conf_path)
if !file.file?
skip_resource "Can't find file \"#{@conf_path}\""
return @params = {}

4
lib/resources/login_def.rb
View file

@ -18,7 +18,7 @@ require 'utils/simpleconfig'
# }
# end
class LoginDef < Vulcano.resource(1)
class LoginDef < Inspec.resource(1)
name 'login_defs'
def initialize(path = nil)
@ -33,7 +33,7 @@ class LoginDef < Vulcano.resource(1)
return @params if defined?(@params)
# read the file
file = vulcano.file(@conf_path)
file = inspec.file(@conf_path)
if !file.file?
skip_resource "Can't find file \"#{@conf_path}\""
return @params = {}

4
lib/resources/mysql.rb
View file

@ -4,13 +4,13 @@
# author: Christoph Hartmann
# license: All rights reserved
class Mysql < Vulcano.resource(1)
class Mysql < Inspec.resource(1)
name 'mysql'
attr_reader :package, :service, :conf_dir, :conf_path, :data_dir, :log_dir, :log_path, :log_group, :log_dir_group
def initialize
# set OS-dependent filenames and paths
case vulcano.os[:family]
case inspec.os[:family]
when 'ubuntu', 'debian'
init_ubuntu
when 'redhat', 'fedora'

8
lib/resources/mysql_conf.rb
View file

@ -26,7 +26,7 @@ class MysqlConfEntry
end
end
class MysqlConf < Vulcano.resource(1)
class MysqlConf < Inspec.resource(1)
name 'mysql_conf'
include FindFiles
@ -62,11 +62,11 @@ class MysqlConf < Vulcano.resource(1)
@params = {}
# skip if the main configuration file doesn't exist
if !vulcano.file(@conf_path).file?
if !inspec.file(@conf_path).file?
return skip_resource "Can't find file \"#{@conf_path}\""
end
raw_conf = read_file(@conf_path)
if raw_conf.empty? && vulcano.file(@conf_path).size > 0
if raw_conf.empty? && inspec.file(@conf_path).size > 0
return skip_resource("Can't read file \"#{@conf_path}\"")
end
@ -107,7 +107,7 @@ class MysqlConf < Vulcano.resource(1)
end
def read_file(path)
@files_contents[path] ||= vulcano.file(path).content
@files_contents[path] ||= inspec.file(path).content
end
def to_s

6
lib/resources/mysql_session.rb
View file

@ -4,7 +4,7 @@
# author: Christoph Hartmann
# license: All rights reserved
class MysqlSession < Vulcano.resource(1)
class MysqlSession < Inspec.resource(1)
name 'mysql_session'
def initialize(user, pass)
@ -20,7 +20,7 @@ class MysqlSession < Vulcano.resource(1)
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
# run the query
cmd = vulcano.command("mysql -u#{@user} -p#{@pass} #{db} -s -e \"#{escaped_query}\"")
cmd = inspec.command("mysql -u#{@user} -p#{@pass} #{db} -s -e \"#{escaped_query}\"")
out = cmd.stdout + "\n" + cmd.stderr
if out =~ /Can't connect to .* MySQL server/ or
out.downcase =~ /^error/
@ -40,7 +40,7 @@ class MysqlSession < Vulcano.resource(1)
def init_fallback
# support debian mysql administration login
debian = vulcano.command('test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf').stdout
debian = inspec.command('test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf').stdout
return if debian.empty?
user = debian.match(/^\s*user\s*=\s*([^ ]*)\s*$/)

4
lib/resources/npm.rb
View file

@ -6,7 +6,7 @@
# describe npm('bower') do
# it { should be_installed }
# end
class NpmPackage < Vulcano.resource(1)
class NpmPackage < Inspec.resource(1)
name 'npm'
def initialize(package_name)
@ -17,7 +17,7 @@ class NpmPackage < Vulcano.resource(1)
def info
return @info if defined?(@info)
cmd = vulcano.command("npm ls -g --json #{@package_name}")
cmd = inspec.command("npm ls -g --json #{@package_name}")
@info = {
name: @package_name,
type: 'npm',

8
lib/resources/ntp_conf.rb
View file

@ -13,7 +13,7 @@ require 'utils/simpleconfig'
# its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
# end
class NtpConf < Vulcano.resource(1)
class NtpConf < Inspec.resource(1)
name 'ntp_conf'
def initialize(path = nil)
@ -36,13 +36,13 @@ class NtpConf < Vulcano.resource(1)
def read_params
return @params if defined?(@params)
if !vulcano.file(@conf_path).file?
if !inspec.file(@conf_path).file?
skip_resource "Can't find file \"#{@conf_path}\""
return @params = {}
end
content = vulcano.file(@conf_path).content
if content.empty? && vulcano.file(@conf_path).size > 0
content = inspec.file(@conf_path).content
if content.empty? && inspec.file(@conf_path).size > 0
skip_resource "Can't read file \"#{@conf_path}\""
return @params = {}
end

6
lib/resources/oneget.rb
View file

@ -9,14 +9,14 @@
# describe oneget('zoomit') do
# it { should be_installed }
# end
class OneGetPackage < Vulcano.resource(1)
class OneGetPackage < Inspec.resource(1)
name 'oneget'
def initialize(package_name)
@package_name = package_name
# verify that this resource is only supported on Windows
return skip_resource 'The `oneget` resource is not supported on your OS.' if vulcano.os[:family] != 'windows'
return skip_resource 'The `oneget` resource is not supported on your OS.' if inspec.os[:family] != 'windows'
end
def info
@ -26,7 +26,7 @@ class OneGetPackage < Vulcano.resource(1)
@info[:type] = 'oneget'
@info[:installed] = false
cmd = vulcano.command("Get-Package -Name '#{@package_name}' | ConvertTo-Json")
cmd = inspec.command("Get-Package -Name '#{@package_name}' | ConvertTo-Json")
# cannot rely on exit code for now, successful command returns exit code 1
# return nil if cmd.exit_status != 0
# try to parse json

6
lib/resources/os.rb
View file

@ -2,18 +2,18 @@
# author: Dominik Richter
# author: Christoph Hartmann
class OS < Vulcano.resource(1)
class OS < Inspec.resource(1)
name 'os'
# reuse helper methods from backend
%w{redhat? debian? suse? bsd? solaris? linux? unix? windows?}.each do |os_family|
define_method((os_family).to_sym) do
vulcano.backend.os.send(os_family)
inspec.backend.os.send(os_family)
end
end
def [](name)
vulcano.backend.os[name]
inspec.backend.os[name]
end
def to_s

4
lib/resources/os_env.rb
View file

@ -11,13 +11,13 @@
# its(:split) { should_not include('.') }
# end
class OsEnv < Vulcano.resource(1)
class OsEnv < Inspec.resource(1)
name 'os_env'
attr_reader :content
def initialize(env)
@osenv = env
@command_result = vulcano.command("su - root -c 'echo $#{env}'")
@command_result = inspec.command("su - root -c 'echo $#{env}'")
@content = @command_result.stdout.chomp
end

29
lib/resources/package.rb
View file

@ -8,7 +8,7 @@
# describe package('nginx') do
# it { should be_installed }
# end
class Package < Vulcano.resource(1)
class Package < Inspec.resource(1)
name 'package'
def initialize(package_name = nil)
@ -18,17 +18,17 @@ class Package < Vulcano.resource(1)
# select package manager
@pkgman = nil
case vulcano.os[:family]
case inspec.os[:family]
when 'ubuntu', 'debian'
@pkgman = Deb.new(vulcano)
@pkgman = Deb.new(inspec)
when 'redhat', 'fedora', 'centos', 'opensuse'
@pkgman = Rpm.new(vulcano)
@pkgman = Rpm.new(inspec)
when 'arch'
@pkgman = Pacman.new(vulcano)
@pkgman = Pacman.new(inspec)
when 'darwin'
@pkgman = Brew.new(vulcano)
@pkgman = Brew.new(inspec)
when 'windows'
@pkgman = WindowsPkg.new(vulcano)
@pkgman = WindowsPkg.new(inspec)
else
return skip_resource 'The `package` resource is not supported on your OS yet.'
end
@ -60,15 +60,16 @@ class Package < Vulcano.resource(1)
end
class PkgManagement
def initialize(vulcano)
@vulcano = vulcano
attr_reader :inspec
def initialize(inspec)
@inspec = inspec
end
end
# Debian / Ubuntu
class Deb < PkgManagement
def info(package_name)
cmd = @vulcano.command("dpkg -s #{package_name}")
cmd = inspec.command("dpkg -s #{package_name}")
return nil if cmd.exit_status.to_i != 0
params = SimpleConfig.new(
@ -88,7 +89,7 @@ end
# RHEL family
class Rpm < PkgManagement
def info(package_name)
cmd = @vulcano.command("rpm -qia #{package_name}")
cmd = inspec.command("rpm -qia #{package_name}")
# CentOS does not return an error code if the package is not installed,
# therefore we need to check for emptyness
return nil if cmd.exit_status.to_i != 0 || cmd.stdout.chomp.empty?
@ -109,7 +110,7 @@ end
# MacOS / Darwin implementation
class Brew < PkgManagement
def info(package_name)
cmd = @vulcano.command("brew info --json=v1 #{package_name}")
cmd = inspec.command("brew info --json=v1 #{package_name}")
return nil if cmd.exit_status.to_i != 0
# parse data
pkg = JSON.parse(cmd.stdout)[0]
@ -125,7 +126,7 @@ end
# Arch Linux
class Pacman < PkgManagement
def info(package_name)
cmd = @vulcano.command("pacman -Qi #{package_name}")
cmd = inspec.command("pacman -Qi #{package_name}")
return nil if cmd.exit_status.to_i != 0
params = SimpleConfig.new(
@ -150,7 +151,7 @@ end
class WindowsPkg < PkgManagement
def info(package_name)
# Find the package
cmd = @vulcano.command("Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -eq '#{package_name}'} | Select-Object -Property Name,Version,Vendor,PackageCode,Caption,Description | ConvertTo-Json")
cmd = inspec.command("Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -eq '#{package_name}'} | Select-Object -Property Name,Version,Vendor,PackageCode,Caption,Description | ConvertTo-Json")
begin
package = JSON.parse(cmd.stdout)

8
lib/resources/parse_config.rb
View file

@ -13,7 +13,7 @@
# }
# describe parse_config(audit, options ) do
class PConfig < Vulcano.resource(1)
class PConfig < Inspec.resource(1)
name 'parse_config'
def initialize(content = nil, useropts = {})
@ -35,11 +35,11 @@ class PConfig < Vulcano.resource(1)
@conf_path = conf_path
# read the file
if !vulcano.file(conf_path).file?
if !inspec.file(conf_path).file?
return skip_resource "Can't find file \"#{conf_path}\""
end
@content = read_file(conf_path)
if @content.empty? && vulcano.file(conf_path).size > 0
if @content.empty? && inspec.file(conf_path).size > 0
return skip_resource "Can't read file \"#{conf_path}\""
end
@ -47,7 +47,7 @@ class PConfig < Vulcano.resource(1)
end
def read_file(path)
@files_contents[path] ||= vulcano.file(path).content
@files_contents[path] ||= inspec.file(path).content
end
def read_content

4
lib/resources/passwd.rb
View file

@ -27,7 +27,7 @@
require 'utils/parser'
class Passwd < Vulcano.resource(1)
class Passwd < Inspec.resource(1)
name 'passwd'
include ContentParser
@ -37,7 +37,7 @@ class Passwd < Vulcano.resource(1)
def initialize(path = nil)
@path = path || '/etc/passwd'
@content = vulcano.file(@path).content
@content = inspec.file(@path).content
@parsed = parse_passwd(@content)
end

8
lib/resources/pip.rb
View file

@ -7,7 +7,7 @@
# it { should be_installed }
# end
#
class PipPackage < Vulcano.resource(1)
class PipPackage < Inspec.resource(1)
name 'pip'
def initialize(package_name)
@ -19,7 +19,7 @@ class PipPackage < Vulcano.resource(1)
@info = {}
@info[:type] = 'pip'
cmd = vulcano.command("#{pip_cmd} show #{@package_name}")
cmd = inspec.command("#{pip_cmd} show #{@package_name}")
return @info if cmd.exit_status != 0
params = SimpleConfig.new(
@ -50,11 +50,11 @@ class PipPackage < Vulcano.resource(1)
def pip_cmd
# Pip is not on the default path for Windows, therefore we do some logic
# to find the binary on Windows
family = vulcano.os[:family]
family = inspec.os[:family]
case family
when 'windows'
# we need to detect the pip command on Windows
cmd = vulcano.command('New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru | Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru | ConvertTo-Json')
cmd = inspec.command('New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru | Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru | ConvertTo-Json')
begin
paths = JSON.parse(cmd.stdout)
# use pip if it on system path

25
lib/resources/port.rb
View file

@ -15,7 +15,7 @@
#
# TODO: currently we return local ip only
# TODO: improve handling of same port on multiple interfaces
class Port < Vulcano.resource(1)
class Port < Inspec.resource(1)
name 'port'
def initialize(port)
@ -23,15 +23,15 @@ class Port < Vulcano.resource(1)
@port_manager = nil
@cache = nil
case vulcano.os[:family]
case inspec.os[:family]
when 'ubuntu', 'debian', 'redhat', 'fedora', 'arch'
@port_manager = LinuxPorts.new(vulcano)
@port_manager = LinuxPorts.new(inspec)
when 'darwin'
@port_manager = DarwinPorts.new(vulcano)
@port_manager = DarwinPorts.new(inspec)
when 'windows'
@port_manager = WindowsPorts.new(vulcano)
@port_manager = WindowsPorts.new(inspec)
when 'freebsd'
@port_manager = FreeBsdPorts.new(vulcano)
@port_manager = FreeBsdPorts.new(inspec)
else
return skip_resource 'The `port` resource is not supported on your OS yet.'
end
@ -82,8 +82,9 @@ end
# }],
# }]
class PortsInfo
def initialize(vulcano)
@vulcano = vulcano
attr_reader :inspec
def initialize(inspec)
@inspec = inspec
end
end
@ -95,7 +96,7 @@ end
class WindowsPorts < PortsInfo
def info
# get all port information
cmd = @vulcano.command('Get-NetTCPConnection | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json')
cmd = inspec.command('Get-NetTCPConnection | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json')
begin
ports = JSON.parse(cmd.stdout)
@ -121,7 +122,7 @@ end
class DarwinPorts < PortsInfo
def info
# collects UDP and TCP information
cmd = @vulcano.command('lsof -nP -iTCP -iUDP -sTCP:LISTEN')
cmd = inspec.command('lsof -nP -iTCP -iUDP -sTCP:LISTEN')
return nil if cmd.exit_status.to_i != 0
ports = []
@ -160,7 +161,7 @@ end
# extract port information from netstat
class LinuxPorts < PortsInfo
def info
cmd = @vulcano.command('netstat -tulpen')
cmd = inspec.command('netstat -tulpen')
return nil if cmd.exit_status.to_i != 0
ports = []
@ -224,7 +225,7 @@ end
# extracts information from sockstat
class FreeBsdPorts < PortsInfo
def info
cmd = @vulcano.command('sockstat -46l')
cmd = inspec.command('sockstat -46l')
return nil if cmd.exit_status.to_i != 0
ports = []

6
lib/resources/postgres.rb
View file

@ -4,16 +4,16 @@
# author: Christoph Hartmann
# license: All rights reserved
class Postgres < Vulcano.resource(1)
class Postgres < Inspec.resource(1)
name 'postgres'
attr_reader :service, :data_dir, :conf_dir, :conf_path
def initialize
case vulcano.os[:family]
case inspec.os[:family]
when 'ubuntu', 'debian'
@service = 'postgresql'
@data_dir = '/var/lib/postgresql'
@version = vulcano.command('ls /etc/postgresql/').stdout.chomp
@version = inspec.command('ls /etc/postgresql/').stdout.chomp
@conf_dir = "/etc/postgresql/#{@version}/main"
@conf_path = File.join @conf_dir, 'postgresql.conf'

8
lib/resources/postgres_conf.rb
View file

@ -8,7 +8,7 @@ require 'utils/simpleconfig'
require 'utils/find_files'
require 'resources/postgres'
class PostgresConf < Vulcano.resource(1)
class PostgresConf < Inspec.resource(1)
name 'postgres_conf'
include FindFiles
@ -40,11 +40,11 @@ class PostgresConf < Vulcano.resource(1)
@params = {}
# skip if the main configuration file doesn't exist
if !vulcano.file(@conf_path).file?
if !inspec.file(@conf_path).file?
return skip_resource "Can't find file \"#{@conf_path}\""
end
raw_conf = read_file(@conf_path)
if raw_conf.empty? && vulcano.file(@conf_path).size > 0
if raw_conf.empty? && inspec.file(@conf_path).size > 0
return skip_resource("Can't read file \"#{@conf_path}\"")
end
@ -78,7 +78,7 @@ class PostgresConf < Vulcano.resource(1)
end
def read_file(path)
@files_contents[path] ||= vulcano.file(path).content
@files_contents[path] ||= inspec.file(path).content
end
def to_s

2
lib/resources/postgres_session.rb
View file

@ -35,7 +35,7 @@ class PostgresSession
# that does this securely
escaped_query = query.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
# run the query
cmd = vulcano.command("PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -c \"#{escaped_query}\"")
cmd = inspec.command("PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -c \"#{escaped_query}\"")
out = cmd.stdout + "\n" + cmd.stderr
if out =~ /could not connect to .*/ or
out.downcase =~ /^error/

4
lib/resources/processes.rb
View file

@ -4,7 +4,7 @@
# author: Christoph Hartmann
# license: All rights reserved
class Processes < Vulcano.resource(1)
class Processes < Inspec.resource(1)
name 'processes'
attr_reader :list
@ -29,7 +29,7 @@ class Processes < Vulcano.resource(1)
def ps_aux
# get all running processes
cmd = vulcano.command('ps aux')
cmd = inspec.command('ps aux')
all = cmd.stdout.split("\n")[1..-1]
lines = all.map do |line|

4
lib/resources/registry_key.rb
View file

@ -10,7 +10,7 @@ require 'json'
# its('Start') { should eq 2 }
# end
class RegistryKey < Vulcano.resource(1)
class RegistryKey < Inspec.resource(1)
name 'registry_key'
attr_accessor :reg_key
@ -24,7 +24,7 @@ class RegistryKey < Vulcano.resource(1)
def registry_value(path, key)
cmd = "(Get-Item 'Registry::#{path}').GetValue('#{key}')"
command_result ||= vulcano.command(cmd)
command_result ||= inspec.command(cmd)
val = { exit_code: command_result.exit_status.to_i, data: command_result.stdout }
val
end

2
lib/resources/script.rb
View file

@ -9,7 +9,7 @@ class Script < Cmd
attr_accessor :command
def initialize(script)
case vulcano.os[:family]
case inspec.os[:family]
when 'windows'
# encodes a script as base64 to run as powershell encodedCommand
# this comes with performance issues: @see https://gist.github.com/fnichol/7b20596b950e65fb96f9

8
lib/resources/security_policy.rb
View file

@ -13,7 +13,7 @@
# All local GPO parameters can be examined via Registry, but not all security
# parameters. Therefore we need a combination of Registry and secedit output
class SecurityPolicy < Vulcano.resource(1)
class SecurityPolicy < Inspec.resource(1)
name 'security_policy'
def initialize
@ -25,11 +25,11 @@ class SecurityPolicy < Vulcano.resource(1)
# load security content
def load
# export the security policy
vulcano.command('secedit /export /cfg win_secpol.cfg')
inspec.command('secedit /export /cfg win_secpol.cfg')
# store file content
command_result ||= vulcano.command('type win_secpol.cfg')
command_result ||= inspec.command('type win_secpol.cfg')
# delete temp file
vulcano.command('del win_secpol.cfg')
inspec.command('del win_secpol.cfg')
@exit_status = command_result.exit_status.to_i
@policy = command_result.stdout

66
lib/resources/service.rb
View file

@ -19,7 +19,7 @@
# Ubuntu < 15.04 : upstart
#
# TODO: extend the logic to detect the running init system, independently of OS
class Service < Vulcano.resource(1)
class Service < Inspec.resource(1)
name 'service'
def initialize(service_name)
@ -30,7 +30,7 @@ class Service < Vulcano.resource(1)
end
def select_package_manager # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
family = vulcano.os[:family]
family = inspec.os[:family]
case family
# Ubuntu
@ -42,34 +42,34 @@ class Service < Vulcano.resource(1)
# Upstart runs with PID 1 as /sbin/init.
# Systemd runs with PID 1 as /lib/systemd/systemd.
when 'ubuntu'
version = vulcano.os[:release].to_f
version = inspec.os[:release].to_f
if version < 15.04
@service_mgmt = Upstart.new(vulcano)
@service_mgmt = Upstart.new(inspec)
else
@service_mgmt = Systemd.new(vulcano)
@service_mgmt = Systemd.new(inspec)
end
when 'debian'
version = vulcano.os[:release].to_i
version = inspec.os[:release].to_i
if version > 7
@service_mgmt = Systemd.new(vulcano)
@service_mgmt = Systemd.new(inspec)
else
@service_mgmt = SysV.new(vulcano)
@service_mgmt = SysV.new(inspec)
end
when 'redhat', 'fedora', 'centos'
version = vulcano.os[:release].to_i
version = inspec.os[:release].to_i
if (%w{ redhat centos }.include?(family) && version >= 7) || (family == 'fedora' && version >= 15)
@service_mgmt = Systemd.new(vulcano)
@service_mgmt = Systemd.new(inspec)
else
@service_mgmt = SysV.new(vulcano)
@service_mgmt = SysV.new(inspec)
end
when 'darwin'
@service_mgmt = LaunchCtl.new(vulcano)
@service_mgmt = LaunchCtl.new(inspec)
when 'windows'
@service_mgmt = WindowsSrv.new(vulcano)
@service_mgmt = WindowsSrv.new(inspec)
when 'freebsd'
@service_mgmt = BSDInit.new(vulcano)
@service_mgmt = BSDInit.new(inspec)
when 'arch', 'opensuse'
@service_mgmt = Systemd.new(vulcano)
@service_mgmt = Systemd.new(inspec)
end
return skip_resource 'The `service` resource is not supported on your OS yet.' if @service_mgmt.nil?
@ -105,8 +105,9 @@ class Service < Vulcano.resource(1)
end
class ServiceManager
def initialize(vulcano)
@vulcano = vulcano
attr_reader :inspec
def initialize(inspec)
@inspec = inspec
end
end
@ -114,7 +115,7 @@ end
# @see: http://www.freedesktop.org/software/systemd/man/systemd-system.conf.html
class Systemd < ServiceManager
def info(service_name)
cmd = @vulcano.command("systemctl show --all #{service_name}")
cmd = inspec.command("systemctl show --all #{service_name}")
return nil if cmd.exit_status.to_i != 0
# parse data
@ -148,7 +149,7 @@ end
class Upstart < ServiceManager
def info(service_name)
# get the status of upstart service
cmd = @vulcano.command("initctl status #{service_name}")
cmd = inspec.command("initctl status #{service_name}")
return nil if cmd.exit_status != 0
# @see: http://upstart.ubuntu.com/cookbook/#job-states
@ -161,12 +162,17 @@ class Upstart < ServiceManager
# $ initctl show-config $job | grep -q "^ start on" && echo enabled || echo disabled
# Ubuntu 10.04 show-config is not supported
# @see http://manpages.ubuntu.com/manpages/maverick/man8/initctl.8.html
config = @vulcano.command("initctl show-config #{service_name}")
config = inspec.command("initctl show-config #{service_name}")
match_enabled = /^\s*start on/.match(config.stdout)
!match_enabled.nil? ? (enabled = true) : (enabled = false)
# implement fallback for Ubuntu 10.04
enabled = true if @vulcano.os[:family] == 'ubuntu' && @vulcano.os[:release].to_f >= 10.04 && @vulcano.os[:release].to_f < 12.04 && cmd.exit_status == 0
if inspec.os[:family] == 'ubuntu' &&
inspec.os[:release].to_f >= 10.04 &&
inspec.os[:release].to_f < 12.04 &&
cmd.exit_status == 0
enabled = true
end
{
name: service_name,
@ -183,7 +189,7 @@ class SysV < ServiceManager
def info(service_name)
# check if service is installed
# read all available services via ls /etc/init.d/
srvlist = @vulcano.command('ls -1 /etc/init.d/')
srvlist = inspec.command('ls -1 /etc/init.d/')
return nil if srvlist.exit_status != 0
# check if the service is in list
@ -195,7 +201,7 @@ class SysV < ServiceManager
# read all enabled services from runlevel
# on rhel via: 'chkconfig --list', is not installed by default
# bash: for i in `find /etc/rc*.d -name S*`; do basename $i | sed -r 's/^S[0-9]+//'; done | sort | uniq
enabled_services_cmd = @vulcano.command('find /etc/rc*.d -name S*')
enabled_services_cmd = inspec.command('find /etc/rc*.d -name S*')
enabled_services = enabled_services_cmd.stdout.split("\n").select { |line|
/(^.*#{service_name}.*)/.match(line)
}
@ -207,10 +213,10 @@ class SysV < ServiceManager
# on debian service is located /usr/sbin/service, on centos it is located here /sbin/service
service_cmd = 'service'
service_cmd = '/usr/sbin/service' if @vulcano.os[:family] == 'debian'
service_cmd = '/sbin/service' if @vulcano.os[:family] == 'centos'
service_cmd = '/usr/sbin/service' if inspec.os[:family] == 'debian'
service_cmd = '/sbin/service' if inspec.os[:family] == 'centos'
cmd = @vulcano.command("#{service_cmd} #{service_name} status")
cmd = inspec.command("#{service_cmd} #{service_name} status")
cmd.exit_status == 0 ? (running = true) : (running = false)
{
name: service_name,
@ -233,7 +239,7 @@ class BSDInit < ServiceManager
# service SERVICE status returns the following result if not activated:
# Cannot 'status' sshd. Set sshd_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.
# gather all enabled services
cmd = @vulcano.command('service -e')
cmd = inspec.command('service -e')
return nil if cmd.exit_status != 0
# search for the service
@ -243,7 +249,7 @@ class BSDInit < ServiceManager
# check if the service is running
# if the service is not available or not running, we always get an error code
cmd = @vulcano.command("service #{service_name} onestatus")
cmd = inspec.command("service #{service_name} onestatus")
cmd.exit_status == 0 ? (running = true) : (running = false)
{
@ -262,7 +268,7 @@ end
class LaunchCtl < ServiceManager
def info(service_name)
# get the status of upstart service
cmd = @vulcano.command('launchctl list')
cmd = inspec.command('launchctl list')
return nil if cmd.exit_status != 0
# search for the service
@ -324,7 +330,7 @@ class WindowsSrv < ServiceManager
# - 6: Pause Pending
# - 7: Paused
def info(service_name)
cmd = @vulcano.command("New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Service -Value (Get-Service -Name #{service_name}| Select-Object -Property Name, DisplayName, Status) -PassThru | Add-Member -MemberType NoteProperty -Name WMI -Value (Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -eq '#{service_name}' -or $_.DisplayName -eq '#{service_name}'} | Select-Object -Property StartMode) -PassThru | ConvertTo-Json")
cmd = inspec.command("New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Service -Value (Get-Service -Name #{service_name}| Select-Object -Property Name, DisplayName, Status) -PassThru | Add-Member -MemberType NoteProperty -Name WMI -Value (Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -eq '#{service_name}' -or $_.DisplayName -eq '#{service_name}'} | Select-Object -Property StartMode) -PassThru | ConvertTo-Json")
# cannot rely on exit code for now, successful command returns exit code 1
# return nil if cmd.exit_status != 0

4
lib/resources/ssh_conf.rb
View file

@ -6,7 +6,7 @@
require 'utils/simpleconfig'
class SshConf < Vulcano.resource(1)
class SshConf < Inspec.resource(1)
name 'ssh_config'
def initialize(conf_path = nil, type = nil)
@ -41,7 +41,7 @@ class SshConf < Vulcano.resource(1)
def read_content
return @content if defined?(@content)
file = vulcano.file(@conf_path)
file = inspec.file(@conf_path)
if !file.file?
return skip_resource "Can't find file \"#{@conf_path}\""
end

29
lib/resources/user.rb
View file

@ -38,7 +38,7 @@
require 'utils/parser'
require 'utils/convert'
class User < Vulcano.resource(1)
class User < Inspec.resource(1)
name 'user'
def initialize(user)
@ -46,15 +46,15 @@ class User < Vulcano.resource(1)
# select package manager
@user_provider = nil
case vulcano.os[:family]
case inspec.os[:family]
when 'ubuntu', 'debian', 'redhat', 'fedora', 'centos', 'arch', 'opensuse'
@user_provider = LinuxUser.new(vulcano)
@user_provider = LinuxUser.new(inspec)
when 'windows'
@user_provider = WindowsUser.new(vulcano)
@user_provider = WindowsUser.new(inspec)
when 'darwin'
@user_provider = DarwinUser.new(vulcano)
@user_provider = DarwinUser.new(inspec)
when 'freebsd'
@user_provider = FreeBSDUser.new(vulcano)
@user_provider = FreeBSDUser.new(inspec)
else
return skip_resource 'The `user` resource is not supported on your OS yet.'
end
@ -166,8 +166,9 @@ end
class UserInfo
include Converter
def initialize(vulcano)
@vulcano = vulcano
attr_reader :inspec
def initialize(inspec)
@inspec = inspec
end
def credentials(_username)
@ -189,7 +190,7 @@ class UnixUser < UserInfo
# extracts the identity
def identity(username)
cmd = @vulcano.command("id #{username}")
cmd = inspec.command("id #{username}")
return nil if cmd.exit_status != 0
# parse words
@ -215,7 +216,7 @@ class LinuxUser < UnixUser
include ContentParser
def meta_info(username)
cmd = @vulcano.command("getent passwd #{username}")
cmd = inspec.command("getent passwd #{username}")
return nil if cmd.exit_status != 0
# returns: root:x:0:0:root:/root:/bin/bash
passwd = parse_passwd_line(cmd.stdout.chomp)
@ -226,7 +227,7 @@ class LinuxUser < UnixUser
end
def credentials(username)
cmd = @vulcano.command("chage -l #{username}")
cmd = inspec.command("chage -l #{username}")
return nil if cmd.exit_status != 0
params = SimpleConfig.new(
@ -251,7 +252,7 @@ end
# @see http://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user
class DarwinUser < UnixUser
def meta_info(username)
cmd = @vulcano.command("dscl -q . -read /Users/#{username} NFSHomeDirectory PrimaryGroupID RecordName UniqueID UserShell")
cmd = inspec.command("dscl -q . -read /Users/#{username} NFSHomeDirectory PrimaryGroupID RecordName UniqueID UserShell")
return nil if cmd.exit_status != 0
params = SimpleConfig.new(
@ -280,7 +281,7 @@ class FreeBSDUser < UnixUser
include ContentParser
def meta_info(username)
cmd = @vulcano.command("pw usershow #{username} -7")
cmd = inspec.command("pw usershow #{username} -7")
return nil if cmd.exit_status != 0
# returns: root:*:0:0:Charlie &:/root:/bin/csh
passwd = parse_passwd_line(cmd.stdout.chomp)
@ -338,7 +339,7 @@ class WindowsUser < UserInfo
ConvertTo-Json
EOH
cmd = @vulcano.script(script)
cmd = inspec.script(script)
# cannot rely on exit code for now, successful command returns exit code 1
# return nil if cmd.exit_status != 0, try to parse json

6
lib/resources/windows_feature.rb
View file

@ -27,7 +27,7 @@
# "Installed": false,
# "InstallState": 0
# }
class WindowsFeature < Vulcano.resource(1)
class WindowsFeature < Inspec.resource(1)
name 'windows_feature'
def initialize(feature)
@ -35,7 +35,7 @@ class WindowsFeature < Vulcano.resource(1)
@cache = nil
# verify that this resource is only supported on Windows
return skip_resource 'The `windows_feature` resource is not supported on your OS.' if vulcano.os[:family] != 'windows'
return skip_resource 'The `windows_feature` resource is not supported on your OS.' if inspec.os[:family] != 'windows'
end
# returns true if the package is installed
@ -47,7 +47,7 @@ class WindowsFeature < Vulcano.resource(1)
def info
return @cache if !@cache.nil?
features_cmd = "Get-WindowsFeature | Where-Object {$_.Name -eq '#{@feature}' -or $_.DisplayName -eq '#{@feature}'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json"
cmd = vulcano.command(features_cmd)
cmd = inspec.command(features_cmd)
@cache = {
name: @feature,

4
lib/resources/yum.rb
View file

@ -30,7 +30,7 @@ require 'resources/file'
# it { should be_enabled }
# end
class Yum < Vulcano.resource(1)
class Yum < Inspec.resource(1)
name 'yum'
# returns all repositories
@ -43,7 +43,7 @@ class Yum < Vulcano.resource(1)
return @cache if defined?(@cache)
# parse the repository data from yum
# we cannot use -C, because this is not reliable and may lead to errors
@command_result = vulcano.command('yum -v repolist all')
@command_result = inspec.command('yum -v repolist all')
@content = @command_result.stdout
@cache = []
repo = {}

2
lib/utils/find_files.rb
View file

@ -24,7 +24,7 @@ module FindFiles
cmd += " -maxdepth #{depth.to_i}" if depth.to_i > 0
cmd += " -type #{type}" unless type.nil?
result = vulcano.run_command(cmd)
result = inspec.run_command(cmd)
exit_status = result.exit_status
return [nil, exit_status] unless exit_status == 0

9
lib/vulcano/targets.rb
View file

@ -1,9 +0,0 @@
# encoding: utf-8
# author: Dominik Richter
# author: Christoph Hartmann
require 'vulcano/targets/core'
require 'vulcano/targets/file'
require 'vulcano/targets/folder'
require 'vulcano/targets/url'
require 'vulcano/targets/dir'

4
test/docker_test.rb
View file

@ -2,7 +2,7 @@
# author: Dominik Richter
require_relative 'docker_run'
require_relative '../lib/vulcano'
require_relative '../lib/inspec'
tests = ARGV
if tests.empty?
@ -41,7 +41,7 @@ class DockerTester
def test_container(container, report)
puts "--> run test on docker #{container.id}"
opts = { 'target' => "docker://#{container.id}" }
runner = Vulcano::Runner.new(opts)
runner = Inspec::Runner.new(opts)
runner.add_tests(@tests)
tests = runner.tests.ordered_example_groups
tests.map { |g| g.run(report) }

10
test/helper.rb
View file

@ -10,11 +10,11 @@ SimpleCov.start do
add_filter '/test/'
add_group 'Resources', 'lib/resources'
add_group 'Matchers', 'lib/matchers'
add_group 'Backends', 'lib/vulcano/backend'
add_group 'Backends', 'lib/inspec/backend'
end
require 'vulcano/resource'
require 'vulcano/backend'
require 'inspec/resource'
require 'inspec/backend'
class MockLoader
# pass the os identifier to emulate a specific operating system
@ -47,7 +47,7 @@ class MockLoader
scriptpath = ::File.realpath(::File.dirname(__FILE__))
# create mock backend
@backend = Vulcano::Backend.create({ backend: :mock })
@backend = Inspec::Backend.create({ backend: :mock })
mock = @backend.backend
# set os emulation
@ -188,7 +188,7 @@ class MockLoader
# loads a resource class and instantiates the class with the given arguments
def load_resource(resource, *args)
# initialize resource with backend and parameters
@resource_class = Vulcano::Resource.registry[resource]
@resource_class = Inspec::Resource.registry[resource]
@resource = @resource_class.new(backend, resource, *args)
end
end

12
test/unit/profile_context_test.rb
View file

@ -3,11 +3,11 @@
# author: Christoph Hartmann
require 'helper'
require 'vulcano/profile_context'
require 'inspec/profile_context'
describe Vulcano::ProfileContext do
describe Inspec::ProfileContext do
let(:backend) { MockLoader.new.backend }
let(:profile) { Vulcano::ProfileContext.new(nil, backend) }
let(:profile) { Inspec::ProfileContext.new(nil, backend) }
it 'must be able to load empty content' do
profile.load('', 'dummy', 1).must_be_nil
@ -34,7 +34,7 @@ describe Vulcano::ProfileContext do
load('describe true do; it { should_eq true }; end')
.must_output ''
profile.rules.keys.must_equal ['unknown:1']
profile.rules.values[0].must_be_kind_of Vulcano::Rule
profile.rules.values[0].must_be_kind_of Inspec::Rule
end
it 'does not provide the expect keyword in the global DLS' do
@ -44,7 +44,7 @@ describe Vulcano::ProfileContext do
it 'provides the rule keyword in the global DSL' do
profile.load('rule 1')
profile.rules.keys.must_equal [1]
profile.rules.values[0].must_be_kind_of Vulcano::Rule
profile.rules.values[0].must_be_kind_of Inspec::Rule
end
end
@ -105,7 +105,7 @@ describe Vulcano::ProfileContext do
end
it 'registers the check with the provided proc' do
check[2].must_be_kind_of Vulcano::ExpectationTarget
check[2].must_be_kind_of Inspec::ExpectationTarget
end
end

4
test/unit/resources/apt_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::AptRepo' do
describe 'Inspec::Resources::AptRepo' do
it 'check apt on ubuntu' do
resource = MockLoader.new(:ubuntu1504).load_resource('apt', 'http://archive.ubuntu.com/ubuntu/')

4
test/unit/resources/audit_policy_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::AuditPolicy' do
describe 'Inspec::Resources::AuditPolicy' do
it 'check audit policy parsing' do
resource = MockLoader.new(:windows).load_resource('audit_policy')
_(resource.send('User Account Management')).must_equal 'Success'

4
test/unit/resources/auditd_conf_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::AuditDaemonConf' do
describe 'Inspec::Resources::AuditDaemonConf' do
it 'check audit daemon config parsing' do
resource = MockLoader.new(:windows).load_resource('auditd_conf')
_(resource.space_left_action).must_equal 'SYSLOG'

4
test/unit/resources/auditd_rules_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::AuditDaemonRules' do
describe 'Inspec::Resources::AuditDaemonRules' do
it 'check audit policy parsing' do
resource = MockLoader.new(:windows).load_resource('auditd_rules')
_(resource.send('LIST_RULES')).must_equal [

4
test/unit/resources/bond_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::Bond' do
describe 'Inspec::Resources::Bond' do
it 'check linux bond on ubuntu' do
resource = MockLoader.new(:ubuntu1404).load_resource('bond', 'bond0')

4
test/unit/resources/bridge_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::Bridge' do
describe 'Inspec::Resources::Bridge' do
it 'check linux bridge on ubuntu' do
resource = MockLoader.new(:ubuntu1404).load_resource('bridge', 'br0')

4
test/unit/resources/csv_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::CSV' do
describe 'Inspec::Resources::CSV' do
it 'verify csv parsing' do
resource = load_resource('csv', 'example.csv')
_(resource.params).wont_equal nil

4
test/unit/resources/etc_group_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::EtcGroup' do
describe 'Inspec::Resources::EtcGroup' do
let(:resource) { load_resource('etc_group') }
it 'verify /etc/group config parsing' do

4
test/unit/resources/gem_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::Gem' do
describe 'Inspec::Resources::Gem' do
it 'verify gem package detail parsing' do
resource = load_resource('gem', 'rubocop')
pkg = {

4
test/unit/resources/group_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::Group' do
describe 'Inspec::Resources::Group' do
# ubuntu 14.04
it 'verify group on ubuntu' do

4
test/unit/resources/host_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::Host' do
describe 'Inspec::Resources::Host' do
it 'check host on ubuntu' do
resource = MockLoader.new(:ubuntu1404).load_resource('host', 'example.com')

4
test/unit/resources/inetd_conf_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::InetdConf' do
describe 'Inspec::Resources::InetdConf' do
it 'verify limits.conf config parsing' do
resource = load_resource('inetd_config')
_(resource.send('shell')).must_equal nil

4
test/unit/resources/interface_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::Interface' do
describe 'Inspec::Resources::Interface' do
# ubuntu 14.04
it 'verify interface on ubuntu' do

4
test/unit/resources/iptables_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::Iptables' do
describe 'Inspec::Resources::Iptables' do
# ubuntu 14.04
it 'verify iptables on ubuntu' do

4
test/unit/resources/json_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::JSON' do
describe 'Inspec::Resources::JSON' do
it 'verify json parsing' do
resource = load_resource('json', 'policyfile.lock.json')
_(resource.params).wont_equal nil

4
test/unit/resources/kernel_module_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::KernelModule' do
describe 'Inspec::Resources::KernelModule' do
it 'verify kernel_module parsing' do
resource = load_resource('kernel_module', 'bridge')
_(resource.loaded?).must_equal true

4
test/unit/resources/kernel_parameter_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::KernelParameter' do
describe 'Inspec::Resources::KernelParameter' do
it 'verify kernel_parameter parsing' do
resource = load_resource('kernel_parameter', 'net.ipv4.conf.all.forwarding')
_(resource.value).must_equal 1

4
test/unit/resources/limits_conf_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::LimitsConf' do
describe 'Inspec::Resources::LimitsConf' do
it 'verify limits.conf config parsing' do
resource = load_resource('limits_conf')
_(resource.send('*')).must_equal [['soft', 'core', '0'], ['hard', 'rss', '10000']]

4
test/unit/resources/login_def_test.rb
View file

@ -3,9 +3,9 @@
# author: Dominik Richter
require 'helper'
require 'vulcano/resource'
require 'inspec/resource'
describe 'Vulcano::Resources::LoginDef' do
describe 'Inspec::Resources::LoginDef' do
it 'verify login.def config parsing' do
resource = load_resource('login_defs')
_(resource.UMASK).must_equal '022'

2
test/unit/resources/mysql_conf_test.rb
View file

@ -4,7 +4,7 @@
require 'helper'
describe 'Vulcano::Resources::MysqlConf' do
describe 'Inspec::Resources::MysqlConf' do
it 'verify mysql.conf config parsing' do
resource = load_resource('mysql_conf', '/etc/mysql/my.cnf')
_(resource.client['port']).must_equal '3306'

Some files were not shown because too many files have changed in this diff Show more