Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 21:23:29 +00:00
Code Issues Projects Releases Packages Wiki Activity
1849 commits 453 branches 1898 tags 74 MiB
Commit graph

971 commits

Author SHA1 Message Date
Christoph Hartmann
96d02ba4a2 add inspec profile as example 2016-02-14 21:27:40 +01:00
Christoph Hartmann
b967af3c89 rename generate to init 2016-02-14 21:26:37 +01:00
Christoph Hartmann
f281f9c351 implement generate cli command 2016-02-14 19:38:58 +01:00
Dominik Richter
36cbafc438 add runlevel helper object to services 2016-02-14 18:23:58 +01:00
Dominik Richter
0934948a1a support runlevels for system V + service matching 
Bugfix: there were services that would get matched because of the way the regex was constructed, i.e. if the user inserted `.` or `*` or anything regexy. Even if the service only had part of the name you were interested in, it would match (e.g. `sshd` would find `my_sshdaemon`).

Apart from this, runlevels are now detected for SystemV. This is exposed in `#info`
 2016-02-13 02:11:51 +01:00
Dominik Richter
2426d30870 bugfix: verify the resolver type first 2016-02-11 15:40:35 +01:00
Dominik Richter
137bee74ca add content resolver to dir helper 2016-02-10 23:46:55 +01:00
Dominik Richter
3efd0961f0 make sure archive resolvers return one file only 2016-02-10 22:49:51 +01:00
Dominik Richter
19a0a18db1 sync archive+tar+zip helpers to new dir-resolver 2016-02-10 22:30:13 +01:00
Dominik Richter
6bd757c585 improve documentation on target resolvers 2016-02-10 20:36:54 +01:00
Dominik Richter
d272024b01 rework resolver connection 
I.e. we want to get access to the actual directory handler, with full exposure of the underlying directory resolver. e.g. Get the InspecProfileDirectory handler (which provides access to tests, metadata, libraries), but be able to get all data with that alone (e.g. an ArchiveHelper for ZIP which reads all files/folders from zip)
 2016-02-10 20:36:43 +01:00
Dominik Richter
293b1a4c25 unify all directory resolvers 2016-02-10 12:20:28 +01:00
Dominik Richter
2d92e164c2 create plugin interface for directory resolvers 2016-02-10 11:15:08 +01:00
Stephan Renatus
ac2584f51d iptables: strip lines if iptables -S output 
As it turns out, some of the lines on CentOS 6 had a trailing space in it.

Fixes #420.
 2016-02-10 09:57:32 +01:00
Stephan Renatus
cdad6e63c3 iptables: some simplifications 2016-02-10 09:57:32 +01:00
Dominik Richter
d55aeddbdf 0.11.0 2016-02-09 17:54:38 +01:00
Christoph Hartmann
0f14ebb1d1 simplify value extraction for apache resource without any magic 2016-02-09 17:35:33 +01:00
Christoph Hartmann
a3eda1fcee implement method missing for apache_conf resource 2016-02-09 17:35:33 +01:00
Christoph Hartmann
796af68a69 Fix supermarket cli registration 2016-02-09 15:22:29 +01:00
Dominik Richter
971d651551 change version constraints 
Move to a more mathematical representation of version numbers comparisons. The existing one is semantically correct, but may lead to slight confusion.
 2016-02-09 11:51:52 +01:00
Stephan Renatus
e5b88fc486 auditd_rules: suppress warning for centos 5; improve docs wording 2016-02-09 11:51:52 +01:00
Stephan Renatus
405b3e3fa4 rubocop fixes 2016-02-09 11:51:52 +01:00
Stephan Renatus
4b6eced92a auditd_rules: access by key, tests + documentation 2016-02-09 11:51:52 +01:00
Stephan Renatus
cd5f47ed33 auditd_rules: unit tests, meet the real world 2016-02-09 11:51:52 +01:00
Stephan Renatus
664561aa80 auditd_rules: status querying (old/new) and unit tests 
TODO: unit tests for the legacy format
 2016-02-09 11:51:52 +01:00
Stephan Renatus
57db5a9414 unit test FilterArray, make retrieved values unique 2016-02-09 11:51:52 +01:00
Stephan Renatus
5270f21da9 move FilterArray to utils, add retrieving values 2016-02-09 11:51:52 +01:00
Stephan Renatus
4afb22565e auditd_rules: teach old dog new tricks 2016-02-09 11:51:52 +01:00
Stephan Renatus
2afc29e48f auditd_rules: stash legacy behaviour away 2016-02-09 11:51:52 +01:00
Dominik Richter
0421b6dc1a exit early 2016-02-09 11:04:50 +01:00
Dominik Richter
c966e94835 typos 2016-02-09 11:04:34 +01:00
Dominik Richter
e56321f6c7 semantics: rename CLI plugins registry -> subcommands 
Basically make sure everyone understands these are only subcommands. we might consider adding plugins for options or existing commands instead of new subcommands. this just ensures everyone knows what registry is for
 2016-02-09 01:20:38 +01:00
Dominik Richter
7ccf0fa364 avoid automatic plugin loading throughout the library 
only load plugins through the binary, never through the library. This avoids issue we have in accidentally loading plugins in tests and integration work. They should only be loaded when users request them.
 2016-02-09 00:55:02 +01:00
Dominik Richter
1ae0bc2e60 clarify the role of the plugin API at the moment 2016-02-09 00:25:25 +01:00
Christoph Hartmann
b33129fbf5 implement supermarket extension 2016-02-08 20:06:07 +01:00
Dominik Richter
dc028a3877 fix loading order of plugins 2016-02-07 23:47:10 +01:00
Christoph Hartmann
c6c9d0278c 0.10.1 2016-02-05 18:52:44 +01:00
Dominik Richter
bb264897f4 wrap basecli in inspec module 
Take care of a rare error which has Inspec undefined
 2016-02-05 18:25:40 +01:00
Christoph Hartmann
be7aa8f0c4 0.10.0 2016-02-05 17:18:07 +01:00
Christoph Hartmann
b7a88dbd7a fix linting and unit test 2016-02-05 16:57:51 +01:00
Christoph Hartmann
f826c07af5 minor improvements 2016-02-05 14:55:12 +01:00
Christoph Hartmann
7e88f56917 move plugin to bundles 2016-02-05 14:48:55 +01:00
Christoph Hartmann
a55a4869d9 extract base cli class 2016-02-05 14:20:32 +01:00
Christoph Hartmann
7494854c60 implement profile upload 2016-02-05 14:18:05 +01:00
Christoph Hartmann
368f6ed56a refactor compliance plugin 2016-02-05 14:18:05 +01:00
Christoph Hartmann
2cb3d6f90f bugfix: rescue url error in url target helper 2016-02-05 14:15:57 +01:00
Christoph Hartmann
6c1b9fff9d do not try to load a profile if we have no token available 2016-02-05 14:15:57 +01:00
Christoph Hartmann
7f57b12258 refactor cli 2016-02-05 14:15:57 +01:00
Christoph Hartmann
823e30e9cf re-introduce compliance exec 2016-02-05 14:14:34 +01:00
Christoph Hartmann
0958327f06 improve url target helper, match github url with trailing / 2016-02-05 14:14:34 +01:00
Christoph Hartmann
6cf8ecf304 add target helper for compliance plugin, extract API methods from CLI 2016-02-05 14:14:34 +01:00
Christoph Hartmann
0b59dab9ea initial version of compliance plugin 2016-02-05 14:13:22 +01:00
Christoph Hartmann
bab7eb1986 improve styling 2016-02-05 14:06:55 +01:00
Christoph Hartmann
589db0bcd0 add registry for cli plugins 2016-02-05 14:06:55 +01:00
Stephan Renatus
f63a8ad1d5 upstart_service: add version fallback, fix regexp 
before this regexp change, a service called "running" (hello integration
tests) would always be "running" ;)
 2016-02-05 13:49:18 +01:00
Christoph Hartmann
e6ff20f91e add metadata warnings in structured hash 2016-02-04 18:46:11 +01:00
Christoph Hartmann
d7cb5a9ae0 adapt unit tests 2016-02-04 18:05:40 +01:00
Christoph Hartmann
ea63a39b40 improve code style 2016-02-04 17:01:38 +01:00
Christoph Hartmann
14a3100e41 simplify result value from profile check 2016-02-04 16:47:33 +01:00
Christoph Hartmann
7e19c5eec6 fix ignore errors option use in archive method 2016-02-04 16:41:59 +01:00
Christoph Hartmann
1796c3271b generate hash output for check and use it in inspec cli 2016-02-04 16:41:14 +01:00
Christoph Hartmann
6b7e5818fb expose source location in rule 2016-02-04 16:38:57 +01:00
Christoph Hartmann
d50b634879 bugfix: fix control tests 2016-02-04 16:38:57 +01:00
Christoph Hartmann
826d059b19 optimize json logger for line delimited JSON 2016-02-04 16:38:57 +01:00
Christoph Hartmann
907a4e1f33 add json stream logger for inspec check 2016-02-04 16:38:57 +01:00
Dominik Richter
ecb78e3a19 establish plugin loading dock 2016-02-04 14:43:51 +01:00
Stephan Renatus
e8c7452acf Inspec::Profile: document that it always reads with ignore_supports 2016-02-03 16:47:52 +01:00
Stephan Renatus
828d6ad443 Inspec::Profile fix @metadata 2016-02-03 16:47:49 +01:00
Stephan Renatus
cc60fa1e23 tar/zip: return empty-string if an entry is empty; zip: return ref 2016-02-03 14:38:46 +01:00
Stephan Renatus
1510f330a9 read and return metadata from archives, too 
Note that this adds `ref: some/where/in/tarball/file` to the file
contents hash; it wasn't there before but it may be useful for error
reporting nonetheless.
 2016-02-03 14:38:46 +01:00
Stephan Renatus
f335865377 WIP: kill all the checks that fail with tarballs. 
current output:

    $ inspec check test/unit/mock/profiles/complete-profile.tgz
    I, [2016-02-03T10:22:21.377650 #13207]  INFO -- : Checking profile in test/unit/mock/profiles/complete-profile.tgz
    I, [2016-02-03T10:22:21.377745 #13207]  INFO -- : Found 1 rules.
    I, [2016-02-03T10:22:21.377771 #13207]  INFO -- : Rule definitions OK.
 2016-02-03 14:38:46 +01:00
Stephan Renatus
889be88543 remove stray require 2016-02-03 14:04:55 +01:00
Stephan Renatus
79d171fb2c rubocop 2016-02-03 14:04:55 +01:00
Stephan Renatus
45f0cbff03 inspec/rspec: decouple reporting and formatting 
If reporting is requested, register a "reporting formatter", i.e.,
Inspec::RSpecReporter, that does the same things JsonFormatter does, but
suppresses output.

When the report is then requested, it returns the output hash that
JsonFormatter aggregates.
 2016-02-03 14:04:55 +01:00
Stephan Renatus
6789e089d7 Inspec::Runner: provide a report 2016-02-03 14:04:55 +01:00
Stephan Renatus
ff682532cf fix warning in #find_files[_or_error] 2016-02-01 16:32:47 +01:00
Dominik Richter
34bc94d13f mock resource operating systems for tests 2016-01-29 21:55:08 +01:00
Dominik Richter
4c1b6f7509 remove os check exposure in file resource 2016-01-29 21:55:08 +01:00
Christoph Hartmann
9cfc69cf15 0.9.11 2016-01-29 18:34:12 +01:00
Stephan Renatus
6fbd28c2bb runit_service: fix resource, improve integration tests 
Turns out using `/usr/bin/yes` to imitate a daemon process is a TERRIBLE idea.
 2016-01-29 17:03:05 +01:00
Christoph Hartmann
317b0cae9d lint check in user resource 2016-01-28 21:11:13 +01:00
Christoph Hartmann
6ccfbe5e95 bugfix: use freebsd netstat parser instead of linux netstat parser for solaris 2016-01-28 21:08:52 +01:00
Christoph Hartmann
35899ebce6 optimize style in user resource 2016-01-28 18:30:39 +01:00
Christoph Hartmann
202190ea56 fix user resource unit test 2016-01-28 18:30:39 +01:00
Christoph Hartmann
ef3dbbb35c improvement: make port parsing on solaris more reliable 2016-01-28 18:30:38 +01:00
Christoph Hartmann
678ee2b473 parse port information on solaris 10 and 11 via netstat 2016-01-28 18:30:38 +01:00
Christoph Hartmann
59f3214817 use id -a for solaris 2016-01-28 18:30:38 +01:00
Christoph Hartmann
bd1e5e4085 service resource for solaris 10 and 11 2016-01-28 18:30:38 +01:00
Christoph Hartmann
913191fb9e package resource for solaris 10 and 11 2016-01-28 18:30:38 +01:00
Christoph Hartmann
dd59dd9a5a use os.linux and os.windows where possible 2016-01-28 18:30:38 +01:00
Christoph Hartmann
a5f526b368 use freebsd file permission checks for solaris 2016-01-28 18:30:38 +01:00
Christoph Hartmann
2fd6aea357 extend etc_group support for all unix systems 2016-01-28 18:30:38 +01:00
Christoph Hartmann
058ec27d64 0.9.10 2016-01-25 17:45:43 +01:00
Stephan Renatus
56f22a1d2a resource/postgres_session: add integration tests, change error handling 
this makes it work (tested with default-ubuntu-1404), but doesn't
improve the error handling (i.e., the skip_resource doesn't really
prevent the failure)
 2016-01-25 16:44:53 +01:00
Stephan Renatus
9821c4c754 resource/launchd_service: correctly match non-running services 2016-01-25 16:29:08 +01:00
Christoph Hartmann
5506319ad8 Merge pull request #389 from chef/dr/write-id-to-json 
bugfix: write given ID to metadata json
 2016-01-25 07:22:19 -08:00
Dominik Richter
88d2b26387 bugfix: write given ID to metadata json 
Whenever the user provides an ID under which the profile is scoped, write it out to JSON during generation.
 2016-01-25 15:48:56 +01:00
Christoph Hartmann
cc0db43813 optimize the error output for missing registry keys to nil 2016-01-25 13:55:47 +01:00
Christoph Hartmann
b30720f926 Merge pull request #380 from chef/sr/service-override 
add service overrides for picking specific service managers, add runit_service
 2016-01-21 13:35:23 +01:00
Stephan Renatus
ef77e01229 service resources: fix service_ctl default/override handling 2016-01-21 11:35:34 +01:00