Commit graph

93 commits

Author SHA1 Message Date
Adam Leff
21ba43d6a5 http resource: properly execute tests on remote target (#2209)
Currently, the http resource always executes locally, even when scanning
a remote machine with `--target` which leads to undesireable behavior.

This change adds the ability to remotely execute tests with curl. This
behavior is currently opt-in with the `enable_remote_worker` flag, but
will become the default behavior in InSpec 2.0. Deprecation warnings
are emitted if the user is scanning a remote target but has not opted
in to the new behavior.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-04 22:44:09 +02:00
Jerry Aldrich III
19c72e8a60 Fix docs/reference/resources/host rendering (#2193)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-04 12:34:02 -07:00
hannah-radish
9cfc86d2ab Resource documentation update (#2207)
Light formatting changes, change order of example and matchers, slight
color changes

Signed-off-by: hannah-radish <hmaddy@chef.io>
2017-10-03 17:35:10 -04:00
dromazmj
7fc7942ab1 firewalld resource: inspect the status and configuration of firewalld (#2074)
* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resourec - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource firewalld

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications to new resource - firewalld

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Changing firewalld_command method to prepend the command with 'firewall-cmd' to reduce code reuse.

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications made
	* installed? method now tells by checking if firewall-cmd is a command on the system
	* The firewalld_command method now strips the stdout of the return
	* added another test for testing multiple active zones

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing rake lint issue

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing match and returning boolean for seeing if firewalld is running

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing lint issues

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Empty commit to rerun.  Accidentally updated branch.

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Rerunning test, accidentally updated branch. needs sign off commit

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
2017-09-27 14:05:35 +02:00
dromazmj
b23a58b573 etc_hosts_allow and etc_hosts_deny resources: test the content of the tcpwrappers configuration files (#2073)
* New Resource-combined etc_hosts_allow etc_hosts_deny

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
2017-09-25 13:49:04 -04:00
Matt Ray
e23249d635 windows_hotfix resource: test whether a Windows HotFix is installed (#2178)
* Add hotfix resource for Windows

Signed-off-by: Matt Ray <matthewhray@gmail.com>

* Renamed hotfix to windows_hotfix

Added additional unit test checking for KB that is not present on a box

Signed-off-by: Matt Ray <matthewhray@gmail.com>

* Integration test to spot-check for hotfixes

Queries the Windows operating system via Powershell for a list of all
installed hotfixes and spot-checks every 10th one with the
windows_hotfix resource. Checking hundreds is time-consuming. Also
checks to ensure a non-installed hotfix is not present.

Signed-off-by: Matt Ray <matthewhray@gmail.com>
2017-09-25 19:09:22 +02:00
Thomas Cate
fca83c6bb2 add example for checking last permissions octet (#2152)
* add example for checking last permissions octet

Signed-off-by: Thomas Cate <tcate@chef.io>

* Correctly describe the last permissions bit for file resource

Signed-off-by: Thomas Cate <tcate@chef.io>
2017-09-25 09:52:04 -04:00
Jennifer Burns
ec18dce62b auditd resource: test active auditd configuration against the audit daemon (#2133)
* Added auditd resource and documentation.

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Added unit tests for auditd resource and updated auditd_rules_test to match new entries in auditctl

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Removed all legacy code for audit < 2.3. Removed parens to create consistency.

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated method names and removed unnecessary content based on review

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-09-18 21:47:18 +02:00
Adam Leff
7a3706a023 Add clarifying docs for mysql_conf resource (#2138)
The docs did not include examples for querying settings set within a named section.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 08:16:35 -04:00
Rony Xavier
7d2da0c199 nginx resource: audit the nginx binary and how it was compiled (#1958)
* nginx base resource

Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Rony Xavier <rx294@gmail.com>
2017-09-13 08:15:09 -04:00
dromazmj
70548ab754 etc_fstab resource: test contents of the /etc/fstab file (#2064)
* Adding support for fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to docs of new resource etc_fstab

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications to new resource etc_fstab

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
2017-09-11 15:55:03 +02:00
Dominik Richter
19ab22f5e2 add nginx_conf accessors for http, servers, and locations (#2119)
* wip: extend nginx_conf for http+servers+locations

... well `http` entries really, but we couldnt just call it `https`.

the goal is to `nginx_conf.http` / `nginx_conf.servers` / `nginx_conf.locations` and then also have these calls cascaded down to simplify the access to these fields. the current pattern is rather tedious since we need to check for nil everywhere.

* add test for new nginx accessors

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add docs for nginx-conf

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* fix all incorrect NGINX spellings in docs

* prevent edge-cases where nginx params are nil

for location, http, and servers

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* more descriptive to_s for nginx servers

as suggested by @adamleff, thank you!

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add more descriptive to_s for nginx location

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-09-06 08:19:04 -04:00
Clinton Wolfe
f284962450 File Resource: add be_setgid, be_setuid, be_sticky matchers (#2104)
* Provisioner script to setup resource tests for setgid/setuid/sticky bit tests.  This appears to be the correct mechanism per docker_run, but I don't see any other provisioner scripts, so I suspect there is a different Chef-internal mechanism at play here.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* TDD Red for setgid/setuid/sticky File matchers

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add documentation for file resource sgid, sticky, and suid matchers

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add matchers to File for setgid, setuid, and sticky by aliasing existing predicates; TDD green

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop prefers alias to alias_method.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Lint before pushing, of course

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Correct spelling of setgid and setuid matchers in docs

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add be_setgid, be_setuid, be_sticky matcher integration tests for File.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Revert "Provisioner script to setup resource tests for setgid/setuid/sticky bit tests.  This appears to be the correct mechanism per docker_run, but I don't see any other provisioner scripts, so I suspect there is a different Chef-internal mechanism at play here."

This reverts commit 42e672f3b1.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Revert "TDD Red for setgid/setuid/sticky File matchers"

This reverts commit a4f891fc7e.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-09-03 20:43:13 +02:00
Adam Leff
1a651f1741 Correct docs for the file resource (#2115)
The current docs refer to a method called `link_target` which does not
exist. `link_path` provides the functionality.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-31 16:51:33 -04:00
dromazmj
cb5b475bb1 etc_hosts resource: test the contents of the /etc/hosts file (#2065)
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
2017-08-31 09:51:39 -04:00
Jonathan Morley
3e7d47505c Add support for XML files (#2107)
* Add support for XML files

Signed-off-by: Morley, Jonathan <jmorley@cvent.com>

* Use REXML instead of nokogiri

Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
2017-08-31 09:56:14 +02:00
Jennifer Burns
2cef15aec3 aide_conf resource: test configuration of the AIDE file integrity tool (#2063)
* Added aide_conf resource and subsequent files

* Updated to match on all selection lines

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Changed to use CommentParser and fixed typo

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Fix typo in test file

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated to address PR feedback

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-08-25 22:13:43 +02:00
Adam Leff
367d42fb3a Properly handle held packages on dpkg-flavored OS (#2087)
* check the proper field for dpkg installation state fixes #2006

Signed-off-by: Mathieu Sauve-Frankel <msf@kisoku.net>

* Properly handle held packages on dpkg-flavored OS

InSpec was looking at the wrong field in `dpkg -s` output to determine
whether a package was installed or not. An installed, held package was
incorrectly reported as uninstalled.

This adds the proper unit tests and also adds a `be_held` matcher.

Thanks to @kisoku for the initial work in #2007.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-18 17:29:23 +02:00
Kimberly Garmoe
baa0951b06 Kg/resource names (#2060)
* Changes resources/filename to match resource name

Signed-off-by: kgarmoe <kgarmoe@chef.io>

* Deletes original resource files.

Signed-off-by: kgarmoe <kgarmoe@chef.io>
2017-08-15 13:41:04 -04:00
Adam Leff
c280e9a816 Fix host resolution on Darwin, use dig wherever possible (#1986)
* Fix host resolution on Darwin, use dig wherever possible

The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN
or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to
fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would
not function properly when resolving hostnames on Darwin. The logic has been
changed to use `dig` short output and query for both v6 and v4 addresses.

Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's
available to keep behavior similar between Darwin and Linux whenever possible.
This has the added benefit of providing v6 and v4 resolution if possible where
`getent hosts` only returns v6 if v6 records exist.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 10:45:30 -04:00
Christoph Hartmann
3255054390 simplify kernel module docs (#1987)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-07-05 09:57:47 -04:00
Aaron Lippold
cc7ed38d09 kernel_module resource: added blacklisting, enabled, disabled, docs and unit tests (#1798)
* Fix up methods, add command mock, do string matching in ruby instead of command

Fixes #1643
Fixes #1673

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-05 11:41:44 +02:00
Aaron Lippold
224935e9cf New postgres_hba_conf resource (#1964)
* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Corrections

* updated to parse auth-options

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* updated `conf_path` instance var to `conf_file` for consistancy.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* pg_hba_conf - updated the parse_line method
added test and doc files

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated few bugs on pg_hba_conf
updated test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made updates based on the reccomendations

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Update Gemfile.lock

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated doc file for postgres_hba_conf resource to use
'cmp' matcher instead of 'eq'

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made requested changes, except for SimpleConfig - will address that later.

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:13:51 +02:00
Aaron Lippold
57864f1488 New postgres_ident_conf resource (#1963)
* Initial commit of pg_ident_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Initial commit of pg_ident_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Small updates to organization of code

Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Rony Xaiver <rx294@nyu.edu>

* updated `conf_path` instance var to `conf_file` since we are returning
a file.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Updated few bugs on pg_ident_conf
added test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added OS check

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock file

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* added windows mock file

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Changed resource name from pg_ident_conf to postgres_ident_conf

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Completed corrections reccomended on PR

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* removed copyright information

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:01:40 +02:00
Christoph Hartmann
0839be50d6 oracle_session and mssql_session improvement (#1857)
* improve database parsing
* support sqlcli
* ensure headers are downcast
* externalize database helper
* use password as argument
* feedback from @adamleff
* inline docs update + linting
* stay backwards compatible
* implement tests
2017-06-29 11:01:32 -04:00
Jerry Aldrich III
cc6f1e90ca Add rpm_dbpath support to the package resource (#1960)
Signed-off-by: Jerry Aldrich III <jerry@chef.io>
2017-06-28 03:21:15 -07:00
Sean Walberg
a0ebc43132 Update iptables docs (#1968)
* Update iptables docs

* Correct nomenclature and be a bit more specific for existing exampls
* Provide an example of allowing a specified port in.

* Update iptables.md.erb
2017-06-28 03:17:24 -07:00
Aaron Lippold
3bb98fa1e8 Fixes the postgres_conf parsing of complex paramerters (#1938)
Fixes #1671

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-23 08:31:27 -07:00
Richard Shade
1fbd4b57a2 Mysql socket (#1933)
* showing how to shellout in docs

Signed-off-by: Richard Shade <rshade@rightscale.com>

* adding basic example

Signed-off-by: Richard Shade <rshade@rightscale.com>

* cleanup

Signed-off-by: Richard Shade <rshade@rightscale.com>

* adding in mysql socket, as this doesn't work with non-default installs

Signed-off-by: Richard Shade <rshade@rightscale.com>

* updating per peer review to make socket not a req, and adding port

Signed-off-by: Richard Shade <rshade@rightscale.com>

* updating docs

Signed-off-by: Richard Shade <rshade@rightscale.com>
2017-06-23 08:28:15 -07:00
Justin Schuhmann
a69cd1efee Adds support for iis_app InSpec testing (#1905)
Signed-off-by: Justin Schuhmann <jmschu02@gmail.com>
2017-06-15 11:13:07 +02:00
Adam Leff
12a495c631 Add TCP reachability support on Linux for host resource (#1915)
* Add TCP reachability support on Linux for host resource

This enhances the `host` resource on Linux targets by using netcat
(if installed) to perform TCP reachability checks.

Signed-off-by: Adam Leff <adam@leff.co>

* documentation updates

Signed-off-by: Adam Leff <adam@leff.co>

* Appease rubocop

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 18:18:51 +02:00
Takaaki Furukawa
4f34e3eb83 Add support for virtualization resource (#1803)
* Add support for virtualization resource

Signed-off-by: Takaaki Furukawa <takaaki.frkw@gmail.com>

* Add some methods and documentation

Signed-off-by: Takaaki Furukawa <takaaki.frkw@gmail.com>

* Refactor collect_data_linux method

Signed-off-by: Takaaki Furukawa <takaaki.frkw@gmail.com>

* Remove unnecessary hash from virtualization resource and update examples

Signed-off-by: Takaaki Furukawa <takaaki.frkw@gmail.com>
2017-06-07 14:10:29 +02:00
Juan Carlos Castillo Cano
1c98ff13f6 Support special cases for crontab resource
Signed-off-by: Juan Carlos Castillo Cano <jccastillocano@gmail.com>
2017-06-06 15:12:12 +02:00
username-is-already-taken2
9d9baeb09f Added windows support to the processes resource
Signed-off-by: username-is-already-taken2 <digitalgaz@hotmail.com>
2017-06-05 23:41:02 +01:00
Nathan L Smith
0f96c88d88 Add docs for http resource options
Signed-off-by: Nathan L Smith <smith@chef.io>
2017-05-30 11:33:59 -05:00
Adam Leff
333c7f15aa Updating docs to show the interface name is required
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-29 15:20:50 -04:00
Adam Leff
9182ba8574 Update interface resource docs
The `interface` resource currently refers to methods that don't
yet exist. Fixing the docs for now and will add the features
later.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-29 15:20:50 -04:00
Adam Leff
a5e5cc0dec Merge pull request #1714 from aaronlippold/postgres-session-update
updated the psql command so that it does not print the headers and ex…
2017-05-11 14:34:05 -04:00
Aaron Lippold
684d81d4c2 psql doesn't print headers + extra output + cconfigurable host + docs
Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-05-11 08:58:55 -04:00
Pete Higgins
489f6ff365 Fix typo s/oe/or/.
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
2017-05-10 18:11:16 -07:00
Nolan Davidson
8f0756812c Add support for Windows auth in mssql_resourcet
This adds supports for connecting to MS SQL instances using Window
authentication rather than SQL authentication.  By leaving either the
user or password parameters blank causes the sqlcmd to leave off the -U
and -P params.  This will cause sqlcmd to authenticate as the current
Windows user.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-09 17:17:07 +02:00
Dominik Richter
00682eb2d2 Merge pull request #1751 from nsdavidson/add-oracle-session
Add an oracle_session resource
2017-05-09 13:21:53 +02:00
seph
af0bceef48 Adopting PR 1570 - fixing processes resource doc
As originally proposed in #1570, the documentation of
the `processes` resource could be clearer in its ability
to accept a regular expression. The original doc-only PR
was missing a DCO sign-off and had one required change
before it was able to be merged. The PR unfortunately
became stale.

Adopting the PR and merging under the obvious-fix /
doc-only-fix rule.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-09 12:24:00 +02:00
Nolan Davidson
ba6745444e Renaming oracle_session to oracledb_session
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-05 13:11:07 -04:00
Nolan Davidson
fbe7b8ddf8 Refactor to options hash and add unit tests
Switched the oracle_session resource to take an option hash and allow
for configuring hostname, DB_SID, and sqlplus binary path.

Added unit tests.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-05 09:29:38 -04:00
Nolan Davidson
9cd69ce4af Add an oracle_session resource
This adds an oracle_session resource similar to the existing resource
for MySQL and MSSQL.  It assumes the sqlplus tool is installed and in
the path of the user InSpec connects as.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-02 10:50:20 -04:00
Adam Leff
bc2458bf5a
Fix YAML resource documentation
The `yaml` resource documentation was missing many clues that users
need to successfully use the resource.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-01 16:16:00 -05:00
Adam Leff
5c63210390 Merge pull request #1726 from chef/dr/ports-doc-cmp
use cmp in port docs instead of eq
2017-04-26 18:22:27 -04:00
Dominik Richter
84a59cab50 use cmp in port docs instead of eq
Fixes https://github.com/chef/inspec/issues/438

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-27 00:17:34 +02:00
Dominik Richter
1dafe50bd9 rename SimpleConfig / parse_config / parse_config_file options
See https://github.com/chef/inspec/issues/1709
Fixes https://github.com/chef/inspec/issues/1709

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 23:18:40 +02:00