Commit graph

192 commits

Author SHA1 Message Date
Christoph Hartmann
9c7d06c167 use simple config for security policy resource 2016-09-12 12:20:57 +02:00
Christoph Hartmann
a2143b8249 identify enabled/disabled accounts for windows 2016-09-12 11:40:25 +02:00
Christoph Hartmann
e61f71143d add unit tests 2016-09-09 12:43:03 +02:00
Christoph Hartmann
73f93c2756 fix powershell based unit tests 2016-09-05 13:36:48 +02:00
Jeremy J. Miller
d5b2e4bf53 removed testing artifact 2016-09-02 22:04:06 -04:00
Jeremy J. Miller
c0d105671e better description for tests 2016-09-02 22:00:12 -04:00
Jeremy J. Miller
1b92d15d8f added unit tests 2016-09-02 21:55:28 -04:00
Christoph Hartmann
efb2e08a16 add tests for users with sid on windows 2016-08-26 09:40:24 +02:00
Christoph Hartmann
956d3b7292 add unit test for new package resource 2016-08-24 14:40:26 +02:00
Anirudh Gupta
4041f1898e can check windows service startup mode now 2016-08-24 02:01:10 +05:30
Christoph Hartmann
c23263f3d0 handle xinetd config with only one entry 2016-08-16 17:23:22 +02:00
Victoria Jeffrey
6f198f539b cleanup 2016-08-16 10:01:10 +02:00
Victoria Jeffrey
cf771ab967 ssh_config parse should be case insensitive 2016-08-16 10:01:10 +02:00
Alex Pop
353dcf10ec make netstat default for getting ports and get only listening ones 2016-08-12 16:02:56 +01:00
Steven Danna
13ebea48e1 Allow port to be specified as a string
This allows the user to write:

   describe port(22) do
     it { should be_listening }
   end

as well as

   describe port('22') do
     it { should be_listening }
   end

without hitting an error.

Fixes #867

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-05 14:01:08 +02:00
Christoph Hartmann
d9a1a500d0 add params and content method to parse_config 2016-08-05 12:13:56 +02:00
Steven Danna
57d7275857
Update inspec for os[:family] change in Train
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-04 13:32:35 +01:00
Dominik Richter
c2f34932ad add port resource for windows 2008
using `netstat -an`
2016-07-21 14:58:43 +02:00
Dominik Richter
c6644ebdfe check service running by ActiveState
See http://unix.stackexchange.com/questions/159174/differences-between-inactive-vs-disabled-and-active-vs-enabled-services
2016-07-06 12:57:04 +02:00
Christoph Hartmann
9bdb01f1d5 improve wmi resource 2016-06-19 23:40:45 +02:00
Dominik Richter
302a718b48 list arbitrary ports and query it
utilizing filter table to make port more flexible and useful.
2016-05-31 03:14:07 +02:00
Christoph Hartmann
e9ca7107b0 add tests for os resource 2016-05-31 00:01:26 +02:00
Anirudh Gupta
4a9d9a4757 fixed 'it' statements under file_test 2016-05-16 19:24:14 +05:30
Dominik Richter
dde4433933 use struct for processes list
we know all the fields + struct is fully compatible to the curren hash implementation
2016-05-13 11:22:56 +02:00
Alex Pop
2a9d9b5481 return empty array instead of nil to be .each friendly 2016-05-11 22:21:22 +01:00
Victoria Jeffrey
1811eb6666 Expose label for processes only on linux 2016-05-10 13:59:13 -04:00
Alex Pop
9ded3b8835 Provide service params as a mash, empty unless systemd for now 2016-05-09 14:54:09 +02:00
Dominik Richter
5d925b2851 api: make processes return integers for pid/vsz/rss 2016-05-06 16:49:21 +02:00
Alex Pop
c518b9edc2 expose systemd service properties via .info 2016-05-06 13:36:42 +02:00
Dominik Richter
fb91b788a6 use filtertable with passwd resource 2016-05-04 15:27:58 +02:00
Anirudh Gupta
d839f218bf hpux support for basic port properties 2016-05-03 14:30:59 +05:30
Alex Pop
56d856531b support basename parameter and add tests 2016-04-29 13:40:32 -04:00
Dominik Richter
048a1584b9 encapsulated filters 2016-04-28 22:46:39 +02:00
Dominik Richter
652f10ad9a use Inspec::Filter in xinetd resource 2016-04-28 22:46:39 +02:00
Anirudh Gupta
045d8c6572 added file permission by user check for hp-ux 2016-04-26 15:08:01 +05:30
Anirudh Gupta
1330e09df5 added file permission by user check for hp-ux 2016-04-26 14:53:28 +05:30
Anirudh Gupta
75534fdaa5 added hpux user and package resource support 2016-04-21 14:01:56 +05:30
Dominik Richter
9da23f9cbc remodel bash and shell wrappers 2016-04-18 11:48:42 -04:00
Dominik Richter
0631779412 configure command execution shells to sh/bash/zsh 2016-04-18 01:09:37 -04:00
Thomas Cate
0f8aff0b91 added default and per kernel checking 2016-04-17 10:46:35 -04:00
Thomas Cate
3051ead64d added tests for grub_conf resource 2016-04-17 10:46:29 -04:00
Jacob McCann
9dbf5354e5 Add 'static' value as enabled to systemd service enabled check 2016-04-13 14:44:28 -05:00
Dominik Richter
2cad553de8 add advanced passwd filters (experimental) 2016-03-31 02:03:20 +02:00
Christoph Hartmann
cd57b26bd0 wmi unit test 2016-03-20 11:53:56 +01:00
Christoph Hartmann
4c5a3ed412 add vbscript unit test 2016-03-19 19:04:31 +01:00
Christoph Hartmann
e8aa426846 add vbscript integration test 2016-03-19 19:04:31 +01:00
Christoph Hartmann
f50255486b add support for addresses in port resource 2016-03-19 11:48:14 +01:00
Christoph Hartmann
32a065239c update unit test, add integration test 2016-03-18 15:47:00 +01:00
Dominik Richter
387415859e rename internal File -> FileResource 2016-03-09 10:48:48 +01:00
Dominik Richter
e617f74bcd filter xinetd fields by regex 2016-02-26 14:46:51 +01:00
Dominik Richter
4a39275fc0 add xinetd_conf resource 2016-02-26 13:19:16 +01:00
Dominik Richter
1e096c7181 add shadow resource for /etc/shadow 2016-02-19 14:26:04 +01:00
Dominik Richter
1fa957c8ca ensure deprecated methods still work 2016-02-18 16:25:02 +01:00
Dominik Richter
83fcc35d2a expose all fields + deprecate singular accessors 2016-02-18 16:10:42 +01:00
Dominik Richter
33f58b3348 add tests for runlevel testing 2016-02-14 18:37:20 +01:00
Dominik Richter
36cbafc438 add runlevel helper object to services 2016-02-14 18:23:58 +01:00
Dominik Richter
0934948a1a support runlevels for system V + service matching
Bugfix: there were services that would get matched because of the way the regex was constructed, i.e. if the user inserted `.` or `*` or anything regexy. Even if the service only had part of the name you were interested in, it would match (e.g. `sshd` would find `my_sshdaemon`).

Apart from this, runlevels are now detected for SystemV. This is exposed in `#info`
2016-02-13 02:11:51 +01:00
Stephan Renatus
e184347c6d iptables unit test: add comment examples
this is not broken; but it should stay not broken ;)
2016-02-10 09:57:32 +01:00
Stephan Renatus
4b6eced92a auditd_rules: access by key, tests + documentation 2016-02-09 11:51:52 +01:00
Stephan Renatus
cd5f47ed33 auditd_rules: unit tests, meet the real world 2016-02-09 11:51:52 +01:00
Stephan Renatus
664561aa80 auditd_rules: status querying (old/new) and unit tests
TODO: unit tests for the legacy format
2016-02-09 11:51:52 +01:00
Stephan Renatus
4afb22565e auditd_rules: teach old dog new tricks 2016-02-09 11:51:52 +01:00
Stephan Renatus
2afc29e48f auditd_rules: stash legacy behaviour away 2016-02-09 11:51:52 +01:00
Dominik Richter
ac6d7fb76f fix unit tests for winrm 1.6.1 command scheme 2016-02-09 11:05:36 +01:00
Dominik Richter
34bc94d13f mock resource operating systems for tests 2016-01-29 21:55:08 +01:00
Christoph Hartmann
62844eee0c add unit tests 2016-01-28 18:30:38 +01:00
Stephan Renatus
b69dac698b resources/launchd_service: add test
indicating that parsing is broken for non-running enabled services
2016-01-25 16:29:08 +01:00
Stephan Renatus
7a308806aa unit tests: add systemd_service instance with overridden service_ctl 2016-01-21 11:41:48 +01:00
Stephan Renatus
5c0cdb31c9 *_service: add unit tests
NB I've just added default duplicates to one instance (i.e., there's
only one `systemd_service`), since there's no os-specific magic in them.
Also these tests only verify that the default choice is equivalent to
`service` on the tested distribution.
2016-01-20 15:54:36 +01:00
Stephan Renatus
0e410df69d add *_service overrides, allowing for different control binaries 2016-01-20 15:33:18 +01:00
Mark Harrison
f5780b69a4 Correctly detect UDP ports on linux
netstat on UDP lines doesn't display a port state (e.g. LISTEN), so make this
field optional when parsing the netstat line.
2016-01-14 22:53:38 -05:00
Christoph Hartmann
a72ba94f10 handle mount results with multiple entries 2016-01-03 00:03:24 +01:00
Christoph Hartmann
a5acb03e49 add mount resource 2016-01-03 00:03:24 +01:00
troyready
29f954f7f3 add release to el pkg version & catch missing linebreaks
Package release info (e.g. '19.el7') is often required to determine if
a system has been properly patched.

Lines like the following from rpm are messing up the version returned
by the package resource:
"...\nVersion     : 1.8.6p3                           Vendor: Red Hat, Inc.\n..."
Correcting this with a new conditional check.
2015-12-11 13:05:22 -08:00
Stephan Renatus
652d51e9dc [resource/port] add port(addr, port) variant 2015-12-08 20:33:36 +01:00
Stephan Renatus
8532dd7034 [resource/port] change attribute names to plural, indicating arrays
see discussion in #256
2015-12-08 20:33:36 +01:00
Adam Leff
c146a76679 File permission checks should return false unless file exists
Currently, #readable?, #writeable?, and #executable? will incorrectly
return true if the file does not exist.

In addition, I took the opportunity to refactor the File resource to
make it easier to write unit tests and supplied a full unit test
suite for this resource.
2015-12-08 19:57:34 +01:00
Stephan Renatus
7a1cd660c3 [resources/processes] add users, states attribute; update docs
processes('bash').user does not actually make much sense for a resource
that is a list -- different entries can belong to different users.
Analogous for processes('bash').state.

The attributes 'users' and 'states' expose the unique values
corresponding to that property of entries in the process list.

Fixes #295.
2015-12-08 13:06:27 +01:00
Stephan Renatus
79f48afa6c [resources/apache_conf]: add tests, fix bug
before, the resource would throw an exception when include_files
returned nil (i.e., [].flatten!)

added basic unit tests capturing the include_files behaviour
2015-12-07 10:50:48 +01:00
Adam Leff
e0c356dae7 Adding support for Wind River Linux
WRL is used as the OS on Cisco Nexus devices and acts like a Red
Hat variant. These changes add support for WRL.
2015-12-03 17:41:11 -05:00
Christoph Hartmann
9231833cad add unit tests for user resource that cover ldap groups 2015-11-24 18:35:10 +01:00
Christoph Hartmann
0531976a40 implement unit tests for ini resource 2015-11-24 16:46:17 +01:00
Seth Chisamore
beade346bf Add Windows support to the os_env resource
This change allows checks like:

```
describe os_env('PATH') do
  its('split') { should include('C:\wix') }
end
```
2015-11-19 15:41:00 +01:00
Christoph Hartmann
38e982709e update unit test 2015-11-17 22:28:11 +01:00
Dominik Richter
8d682973b0 extend csv tests, remove dot-resolver 2015-10-27 15:58:02 +01:00
Dominik Richter
e0874b47b1 extend yaml tests, remove dot-resolver 2015-10-27 15:58:02 +01:00
Dominik Richter
a55e240a0f extend json tests, remove dot-resolver 2015-10-27 15:58:02 +01:00
Dominik Richter
414bf6b1fa bugfix: handle empty processes result 2015-10-26 16:49:26 +01:00
Dominik Richter
6dc0a3b638 rename inetd_config -> inetd_conf
be consistent with the filename
2015-10-26 16:21:51 +01:00
Dominik Richter
b58a4b3f43 rename vulcanosec -> inspec 2015-10-26 12:34:15 +01:00
Christoph Hartmann
126ce88bce fix unit tests 2015-10-26 12:16:38 +01:00
Dominik Richter
ec0931ef9c test: group resource tests 2015-10-17 22:53:21 +02:00