Commit graph

4102 commits

Author SHA1 Message Date
dromazmj
7fc7942ab1 firewalld resource: inspect the status and configuration of firewalld (#2074)
* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resourec - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource firewalld

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications to new resource - firewalld

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Changing firewalld_command method to prepend the command with 'firewall-cmd' to reduce code reuse.

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications made
	* installed? method now tells by checking if firewall-cmd is a command on the system
	* The firewalld_command method now strips the stdout of the return
	* added another test for testing multiple active zones

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing rake lint issue

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing match and returning boolean for seeing if firewalld is running

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing lint issues

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Empty commit to rerun.  Accidentally updated branch.

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Rerunning test, accidentally updated branch. needs sign off commit

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
2017-09-27 14:05:35 +02:00
Chef Expeditor
2d7e0e4fa3 Update CHANGELOG.md to reflect the promotion of 1.39.1 to stable 2017-09-25 21:30:25 +00:00
Adam Leff
18175feed2 Fix version in changelog - should be 1.39.1 (#2186)
Header didn't get updated during last version bump

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-25 17:29:10 -04:00
Chef Expeditor
b4ed4c4a98 Bump version to 1.39.1 by Chef Expeditor 2017-09-25 21:21:24 +00:00
Adam Leff
1f7926db98 Bump train to 0.28 to allow for more net-ssh versions (#2185)
Train 0.27.0 has a dependency on net-ssh `~> 4.2` which causes issues
with certain Chef installs that only support 4.1.0 or 3.x versions of
net-ssh, causing gem conflicts. This bumps InSpec to use Train 0.28.0
which has a looser dependency on net-ssh and also properly addresses
a net-ssh deprecation introduced in net-ssh 4.2.0.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-25 17:21:16 -04:00
Chef Expeditor
e263582f86 Bump version to 1.39.0 by Chef Expeditor 2017-09-25 17:49:13 +00:00
dromazmj
b23a58b573 etc_hosts_allow and etc_hosts_deny resources: test the content of the tcpwrappers configuration files (#2073)
* New Resource-combined etc_hosts_allow etc_hosts_deny

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
2017-09-25 13:49:04 -04:00
Chef Expeditor
67d5d167d5 Bump version to 1.38.9 by Chef Expeditor 2017-09-25 17:09:30 +00:00
Matt Ray
e23249d635 windows_hotfix resource: test whether a Windows HotFix is installed (#2178)
* Add hotfix resource for Windows

Signed-off-by: Matt Ray <matthewhray@gmail.com>

* Renamed hotfix to windows_hotfix

Added additional unit test checking for KB that is not present on a box

Signed-off-by: Matt Ray <matthewhray@gmail.com>

* Integration test to spot-check for hotfixes

Queries the Windows operating system via Powershell for a list of all
installed hotfixes and spot-checks every 10th one with the
windows_hotfix resource. Checking hundreds is time-consuming. Also
checks to ensure a non-installed hotfix is not present.

Signed-off-by: Matt Ray <matthewhray@gmail.com>
2017-09-25 19:09:22 +02:00
Adam Leff
ec9dc3ba22 Fix latest stable version (#2182)
Changelog rollover doesn't update the version strings and there were some
changes that didn't land in the changelog but still bumped versions.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-25 12:56:04 -04:00
Chef Expeditor
9f31843643 Update CHANGELOG.md to reflect the promotion of 1.38.8 to stable 2017-09-25 16:51:26 +00:00
Adam Leff
b44e01caf8 Changelog cleanup prior to 1.38 release (#2181)
Signed-off-by: Adam Leff <adam@leff.co>
2017-09-25 12:48:51 -04:00
Chef Expeditor
6722e03c94 Bump version to 1.38.8 by Chef Expeditor 2017-09-25 15:11:57 +00:00
Adam Leff
184bd94b6e Bump train to 0.27 (#2180)
Train 0.27.0 includes a fix to properly support net-ssh 4.2 which
had a deprecation issue for the `paranoid` ssh connection option.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-25 17:11:48 +02:00
Thomas Cate
fca83c6bb2 add example for checking last permissions octet (#2152)
* add example for checking last permissions octet

Signed-off-by: Thomas Cate <tcate@chef.io>

* Correctly describe the last permissions bit for file resource

Signed-off-by: Thomas Cate <tcate@chef.io>
2017-09-25 09:52:04 -04:00
Chef Expeditor
cab161c185 Bump version to 1.38.7 by Chef Expeditor 2017-09-23 07:27:12 +00:00
Adam Leff
d029f7f58c Properly return postgres query errors on failure (#2179)
When using the `query` method in the `postgres_session` resource, if
the query fails, the `query` method attempts to call `skip_resource`
with an error message. Not only does the `skip_resource` not properly
work, but it also returns a `String` object back to the test which is
probably going to try and call the `output` method on it to run the test.

This results in an error like this:

```
  Can't read
     ∅  undefined method `output' for "output":String
```

This change returns the full psql output as a Lines object to the
user, including stderr, so they can at least get the error in their
test output and avoids undefined method errors.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-23 09:27:05 +02:00
Chef Expeditor
75e1331618 Bump version to 1.38.6 by Chef Expeditor 2017-09-23 07:17:42 +00:00
Jerry Aldrich III
3d7244fb07 Add wildcard support to Utils::FindFiles (#2159)
Wildcards are evaluated prior to applying `sudo` permissions. This
means that running `sudo find /some/path/*.conf` will fail if the user
does not have read permissions on `/some/path/` because the wildcard
cannot expand before `sudo` is applied and `*.conf` isn't a file.

The solution for this is to run the command in a subshell that has the
proper permissions (e.g. `sudo sh -c 'find /some/path/*.conf'`).

This modifies `Utils::FindFiles` to use a subshell thus allowing
wildcard support.

This fixes #2157

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-23 09:17:34 +02:00
Chef Expeditor
bdb80591e3 Bump version to 1.38.5 by Chef Expeditor 2017-09-23 07:16:31 +00:00
Jerry Aldrich III
125e0915b2 Modify DirProvider to allow special characters (#2174)
This modifies `Inspec::DirProvider` to allow special characters in the
file glob by escaping those characters via `Shellwords.shellescape`.

This fixes #2111 (`inspec check` on path with special characters)

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-23 09:16:25 +02:00
Chef Expeditor
9f06ba0b0b Bump version to 1.38.4 by Chef Expeditor 2017-09-22 12:57:56 +00:00
Dominik Richter
e2004a436f forgiving default attributes (#2177)
* forgiving default attributes

When default attributes arent specified provide one that is much more forgiving.
See this https://github.com/chef/inspec/issues/2176

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-09-22 08:57:51 -04:00
Chef Expeditor
d2a47fa9fb Bump version to 1.38.3 by Chef Expeditor 2017-09-21 19:55:27 +00:00
Adam Leff
453bb50aaa Update changelog for v1.38.2 release (#2173)
An expeditor issue caused some version strings to not get updated.
Taking the opportunity to clean it up for before today's release.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-21 15:55:18 -04:00
Chef Expeditor
42fc9d70ca Bump version to 1.38.2 by Chef Expeditor 2017-09-21 16:21:39 +00:00
Jerry Aldrich III
cbcca9f39e Modify Upstart enabled check to use config file (#2163)
This modifies the enabled check for the `service` resource to use the
service's config file instead of `initctl show-config`.

`initctl show-config` does not accurately show the state of a service if
that service's config file is modified while the service is running.

This fixes #1834.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-21 12:21:34 -04:00
Chef Expeditor
2947532601 Bump version to 1.38.1 by Chef Expeditor 2017-09-21 16:18:23 +00:00
Adam Leff
e400b8dd4c Support false for attribute value (#2168)
The logic in `Inspec::Attribute` prohibited the use of `false` (FalseClass) as
a valid attribute. If the attribute value supplied was `false`, then it would fall
back to the default value.

This change properly allows the use of `false` as a value, adds the initial tests
for Inspec::Attribute, and also uses better attr_writer semantics for writing/storing
the value.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-21 12:17:44 -04:00
Chef Expeditor
4a71140052 Bump version to 1.38.0 by Chef Expeditor 2017-09-21 16:06:05 +00:00
Adam Leff
69eedf2c60 Bump minor version to v1.38 (#2172)
Some changes since 1.37.6 warrant a minor bump.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-21 12:06:00 -04:00
Chef Expeditor
96b9527e46 Bump version to 1.37.13 by Chef Expeditor 2017-09-21 16:00:24 +00:00
Adam Leff
0b3aaee692 Update method in which Pry hooks are removed (#2170)
* Update method in which Pry hooks are removed

Pry 0.11 removed the clear_all method for removing all hooks. This change
updates the way we clear hooks for the events we care about.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-21 12:00:18 -04:00
Chef Expeditor
a614cc9598 Bump version to 1.37.12 by Chef Expeditor 2017-09-19 16:27:04 +00:00
Adam Leff
adf25ae783 Support array syntax for registry_key resource (#2160)
Users cannot query for registry keys that have periods in them because of
how rspec-its works. This change enables Array-style syntax for the
registry_key resource so users can use that as a workaround.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-19 18:26:53 +02:00
Chef Expeditor
e57977612e Bump version to 1.37.11 by Chef Expeditor 2017-09-18 19:49:26 +00:00
malovdm1
3e16a099c5 quote username and hostname in mssql_session (#2151)
Signed-off-by: Malovany, Dmytro (Ext) <dmytro.malovany@novartis.com>
2017-09-18 21:49:20 +02:00
Chef Expeditor
7ca1380ef9 Bump version to 1.37.10 by Chef Expeditor 2017-09-18 19:48:11 +00:00
Adam Leff
5297dc6ede Add deprecation warning to auditd_rules resource (#2156)
The auditd_rules resource has been replaced by the auditd resource.
We are planning on removing the auditd_rules resource in InSpec 2.0.
This change will provide a warning to any user using the old resource.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-18 21:48:04 +02:00
Chef Expeditor
c6703af02c Bump version to 1.37.9 by Chef Expeditor 2017-09-18 19:47:26 +00:00
Jennifer Burns
ec18dce62b auditd resource: test active auditd configuration against the audit daemon (#2133)
* Added auditd resource and documentation.

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Added unit tests for auditd resource and updated auditd_rules_test to match new entries in auditctl

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Removed all legacy code for audit < 2.3. Removed parens to create consistency.

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated method names and removed unnecessary content based on review

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-09-18 21:47:18 +02:00
Chef Expeditor
85c02112b5 Bump version to 1.37.8 by Chef Expeditor 2017-09-15 20:38:05 +00:00
Jerry Aldrich III
9773e1cd94 Add wildcard/multiple server support to nginx_conf resource (#2141)
* Add wildcard/multiple server support to nginx_conf

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* separate the merge function for maps in nginx_conf

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-09-15 16:37:57 -04:00
Chef Expeditor
48b0e6a667 Bump version to 1.37.7 by Chef Expeditor 2017-09-14 19:16:35 +00:00
Adam Leff
79ad513a39 Build and tag docker image via Expeditor (#2144)
* Build and tag docker image via Expeditor

In order to provide Docker images of all unstable, current, and stable
builds of InSpec, and to avoid having to manually publish Docker images
each time we release InSpec, Expeditor will now take care of this for us.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-14 15:16:29 -04:00
Chef Expeditor
25687fedad Update CHANGELOG.md to reflect the promotion of 1.37.6 to stable 2017-09-14 18:27:00 +00:00
Adam Leff
0049471cf1 Clarify changelog for #2149 (#2150)
Signed-off-by: Adam Leff <adam@leff.co>
2017-09-14 13:12:08 -04:00
Chef Expeditor
4c6877f766 Bump version to 1.37.6 by Chef Expeditor 2017-09-14 17:09:04 +00:00
Adam Leff
2c37d1a578 Bump Ruby to 2.3.5 (#2149)
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-14 13:08:55 -04:00
Adam Leff
20ad2ba65e Update PR 2131 to 2064 in Changelog (#2146)
2131 was actually a re-run of PR 2064. Updating changelog for correct attribution.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 18:04:38 -04:00