Commit graph

3846 commits

Author SHA1 Message Date
Dominik Richter
508a6889d1 align npm resource with info handling
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
fc9764aa36 lazy eval login.defs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
3508219428 lazy eval limits.conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
6a6c1fd7c8 lazy eval inetd conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
075313b10e cache gem package results
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
bfad1e1509 lazy eval auditd conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Christoph Hartmann
341a4ba98d improvement: simplify readability of nil checks 2015-09-22 02:27:01 +02:00
Christoph Hartmann
db81929dd7 minor style improvement 2015-09-22 02:27:01 +02:00
Christoph Hartmann
c081cfac82 improve reliability of method_missing 2015-09-22 02:27:01 +02:00
Christoph Hartmann
05dd53b5b4 improvement: skip package resource if not supported on OS 2015-09-22 02:27:00 +02:00
Dominik Richter
9608e2e29b bugfix: specinfra selinux label handling
as specinfra doesnt work with respond_to?, just call the method and catch the error.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:00 +02:00
Christoph Hartmann
a88304d030 remove method missing for yum resource 2015-09-22 02:27:00 +02:00
Dominik Richter
6c29580de0 enforce file content encoding to utf8
this is also in line with specinfra compatibility

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:00 +02:00
Christoph Hartmann
046f3fe9e4 fix robocop issues 2015-09-22 02:27:00 +02:00
Dominik Richter
c06fe38981 bugfix: dont strip specinfra file content output
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:00 +02:00
Christoph Hartmann
8113df6d44 bugfix: fix sysv implementation 2015-09-22 02:27:00 +02:00
Dominik Richter
61e7559489 fix bsd stat detection
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:00 +02:00
Christoph Hartmann
2e46e0781a bugfix: fix initctl matcher to detect enabled services 2015-09-22 02:27:00 +02:00
Dominik Richter
13ce808a90 bugfix: specinfra is missing methods for freebsd
Add getter for user/group/mode for freebsd, as specinfra will execute these calls but not return anything.
2015-09-22 02:27:00 +02:00
Christoph Hartmann
7806951051 add fedora support 2015-09-22 02:27:00 +02:00
Dominik Richter
a1a0e10c5a extend linux file with bsd stat
TODO: we must start separating between the different UNIXes and maybe call this something better than LinuxFile, but for now: since most of the things will stay the same, add the bsd stat command as an alternative to the linux stat command and parse its output.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:00 +02:00
Dominik Richter
82f89aa1db bugfix: dont fail on specinfra selinux_label on freebsd
the call shouldnt be made, but in case it is, dont just fail mit NoMethodError

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:00 +02:00
Christoph Hartmann
2484623220 add comments 2015-09-22 02:26:59 +02:00
Christoph Hartmann
d2e110e183 add debian support and improve regex 2015-09-22 02:26:59 +02:00
Christoph Hartmann
7239c7ced5 add service implementation for systemv 2015-09-22 02:26:59 +02:00
Christoph Hartmann
eb8c9411c7 remove comments 2015-09-22 02:26:59 +02:00
Christoph Hartmann
05e95477e3 add support for macos in service resource 2015-09-22 02:26:59 +02:00
Christoph Hartmann
6b07372bb9 bugfix: handle nil for service info 2015-09-22 02:26:59 +02:00
Christoph Hartmann
1b5e6fa7af select init system by os version for now 2015-09-22 02:26:59 +02:00
Christoph Hartmann
4479001763 add upstart implementation for service resource 2015-09-22 02:26:59 +02:00
Christoph Hartmann
b8d0edecfb add systemd implementation for service 2015-09-22 02:26:59 +02:00
Christoph Hartmann
204e6f5021 skip resource, if os is not supported 2015-09-22 02:26:59 +02:00
Christoph Hartmann
9da4e7674e use volcano.os 2015-09-22 02:26:59 +02:00
Christoph Hartmann
9aa0b1cf4a rename service_info to info 2015-09-22 02:26:59 +02:00
Christoph Hartmann
21040b9b03 implement service resource for windows 2015-09-22 02:26:59 +02:00
Dominik Richter
f18381a7d3 return nil for specinfra content on directories
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:26:59 +02:00
Dominik Richter
7137a9625b expose backend file path
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:26:58 +02:00
Dominik Richter
d16f76c9ce pull in selinux label on local backend runner
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:26:58 +02:00
Dominik Richter
b13a1b574d let specinfra support empty block device content 2015-09-22 02:26:58 +02:00
Dominik Richter
7f19111b1b bugfix: catch lstat errors on local backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:25:52 +02:00
Dominik Richter
ef9b299319 api: specinfra reports nil on non-existent files
Check the responses and make sure we dont blindly return eg: size=0 or group="" or user="" for files that dont exist.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:25:52 +02:00
Dominik Richter
4aef4821cc bugfix: target_type check for pipe
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:25:52 +02:00
Dominik Richter
b8ae2ee7a3 api: specinfra content returns nil on block_device
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
d2ade9f247 bugfix: nil content on specinfra empty files
Only return nil for no content on specinfra files if the file actually has any content. ie. when we were not able to read the content then provide the answer of nil. if the file has no content, return an empty string. this leaves the error case where empty files cannot be read, which will not be signaled via content from specinfra.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
d8dea86e6e api: return nil for md5/sha256/content empty
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
e0b89e6ae2 bugfix: return nil on file content read errors
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
2c00423c3e read symlink destination file types
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
6f4f0b570c inject specinfra backend helper into file
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
5f472d9735 use lstat for local backend to read symlinks
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
3e16407454 rename file link_target -> link_path
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
60f9e643aa api: specinfra mtime returns unix seconds
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
04a8cfddf4 ignore exit code on linux stat
For now: Since stat throws exit code 1 on selinux label checks if no selinux label (or system) is present, it would signal us to disregard results. However, the results are actually complete and can be fully used, with selinux_label becoming "?".

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:29 +02:00
Dominik Richter
526518fabd api: set specinfra product_version + file_version to nil
whenever the label is empty (typically on all *nix systems) set it to nil instead of ""

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:29 +02:00
Dominik Richter
55bd535599 api: specinfra set selinux label to nil
Whenever the selinux label is empty, set it to nil instead of '?' or ''.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:29 +02:00
Dominik Richter
534a9ce57a bugfix: always return file stat 2015-09-22 02:17:29 +02:00
Dominik Richter
c86a68950a improvement: add optimized local file module
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:29 +02:00
Christoph Hartmann
6e76dd689e bugfix: set host for ssh config in specinfra 2015-09-22 02:17:28 +02:00
Dominik Richter
8f45afffcd move up specinfra property detection
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:28 +02:00
Dominik Richter
48b25e893d bugfix: specinfra re-detect backend os
By default it uses the currently running OS on initialization, instead of the OS configured via backend. Force its reinitialization by resetting all properties.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:28 +02:00
Christoph Hartmann
dfb330e7e8 use backend os detection in resources 2015-09-22 02:17:28 +02:00
Christoph Hartmann
7b5bbc8a5f patch specinfra os detection 2015-09-22 02:17:28 +02:00
Christoph Hartmann
1bf94016a7 rename Command to Cmd 2015-09-22 02:17:28 +02:00
Christoph Hartmann
43d49a348f bugfix: require specinfra backend 2015-09-22 02:17:28 +02:00
Dominik Richter
54b37b0b96 unify reporting on concurrent tests
Take control of the rspec runner loop and make sure all of our concurrent tests are executed in one reporting chain. It goes: Start reporting, concurrently run container+test+kill, stop and publish reporting.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:28 +02:00
Dominik Richter
c6f896cad3 run full docker test in parallel
With just one more issue left: the formatter is going to report multiple time, including spitting out errors multiple times. Also need to remove some of the custom formatting around the current state of containers.

As a bonus: This further improved testing speed (30% on the current environment) and will allow us to grow the supported platforms for tests easily.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:27 +02:00
Dominik Richter
37ad8f9531 run test setup concurrently + only once
Instead of having RSpec re-run its world multiple times, run it only once with all tests.

Which leaves us with one more thing to solve: we want to start tests as soon as the container is up and they are set up. At the moment, the containers come up and are set up concurrently, including test registry, but the tests themselves are in simple sequence.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:27 +02:00
Dominik Richter
eb2e18b75d remove leftover includes
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:27 +02:00
Dominik Richter
945dee74cc Merge pull request #10 from chef/oneget
add oneget resource
2015-09-22 02:17:27 +02:00
Christoph Hartmann
33f9dd8e87 add oneget resource 2015-09-22 02:17:21 +02:00
Christoph Hartmann
d0d9a66e4a move user default settings to backend 2015-09-22 02:15:43 +02:00
Dominik Richter
3e02e622c5 bugfix: linux file stat parameters and mount
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:43 +02:00
Christoph Hartmann
51fff9104b bugfix: use instance variable, include winrm 2015-09-22 02:15:43 +02:00
Christoph Hartmann
b03db74798 improvement: set default user at a later stage to support user@target 2015-09-22 02:15:43 +02:00
Dominik Richter
2db06783fb update find_files for all other resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:43 +02:00
Dominik Richter
165c08799f bugfix: deep merge mysql conf parameters
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:43 +02:00
Dominik Richter
4852842bf6 feature: add hash utility for deep_merge
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
58fa9bc6c7 update mysql_conf to work with new find_files
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
1345c1d017 update findfiles to work with new backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
f1cc7cbf9b lint utils
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
753e7775ef lint detect
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
486c5fde1c fix code complexity lint
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
0d5ee00ac5 reduce branch size complexity mysql (lint)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
470c2ef920 wrap up core resource linting
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
903b9642e4 lint resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
74da29c3ed lint vulcano lib files
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
07cb7efe36 lint targets
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
46b300f409 finish linting backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
e5686ea4e2 lint backends
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
cfbd5ccfc0 lint plugins
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
6e01505414 lint
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:41 +02:00
Dominik Richter
67b5ecc06e bugfix: force PTY on SSH connection
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:41 +02:00
Christoph Hartmann
1570e8e7af Merge pull request #4 from chef/docker
Start Docker + SSH backends
2015-09-22 02:15:41 +02:00
Dominik Richter
1359152fc6 add ssh channels to get command stdout/stderr/status
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:41 +02:00
Dominik Richter
0a13817639 feature: add ssh backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:41 +02:00
Dominik Richter
e3373679ec feature: add docker container backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:41 +02:00
Christoph Hartmann
238f1b2016 add pip resource to verify gem packages 2015-09-22 02:15:41 +02:00
Christoph Hartmann
bdb859b730 add npm resource to verify gem packages 2015-09-22 02:15:41 +02:00
Dominik Richter
275039dead more rubocop
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:41 +02:00
Christoph Hartmann
0171b2e2f2 add gem resource to verify gem packages 2015-09-22 02:15:41 +02:00
Christoph Hartmann
77815154eb add the be_installed matcher 2015-09-22 02:15:41 +02:00
Christoph Hartmann
9783751741 implement package resource 2015-09-22 02:15:41 +02:00
Dominik Richter
a6c47a2e39 rubocop
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:40 +02:00
Dominik Richter
dcdf8ea0e2 init linux_file owner class
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:40 +02:00
Dominik Richter
a9bd476cb5 feature: configure specinfra backend
via target or backend config; set the backend to: specinfra+exec, specinfra+ssh, specinfra+winrm, specinfra+docker etc.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:40 +02:00
Dominik Richter
03e6402f5c use LinuxFile to get type information in specinfra backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:40 +02:00
Dominik Richter
13bc7f4015 move linux file handling to separate class
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:40 +02:00
Dominik Richter
686134e06b bugfix: url handler crashing on handles?
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:42:26 +02:00
Dominik Richter
0125bcace8 add call tracing to mock backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:42:26 +02:00
Dominik Richter
0abef702fc initialize @stat in local backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:42:26 +02:00
Dominik Richter
ecad431bc6 move mock_command into mock, out of helper
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
17386740c7 dont redefine classmethod on initialize
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
f1c454aae3 typo fix on @commands
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
cb5f2d4409 bugfix: inherit base methods
Don't redefine methods that aren't there yet. yes: ruby parses top down at at that point we don't have these methods yet anyway, so don't :send them to the class

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
32a6f01d1f simplify mock backend association
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
ea91af6da1 lint
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
93a3bc8e58 dont reference backend in local command
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
1d1220983a feature: local backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Christoph Hartmann
a7efec310b implement yum resource 2015-09-22 01:10:56 +02:00
Christoph Hartmann
7e9eb2920d add usage header for audit resource 2015-09-21 14:12:34 +02:00
Christoph Hartmann
62d0b217f9 optimize comments for audit_policy resource 2015-09-21 14:09:43 +02:00
Christoph Hartmann
e57e5f3fd6 bugfix: use new volcano backend for registry key 2015-09-21 14:09:10 +02:00
Christoph Hartmann
92ff33cbba improvement: use separate object to hold filter state, optimize users output 2015-09-21 14:07:58 +02:00
Christoph Hartmann
d40ab9a9ad bugfix: set default path for inetd_conf 2015-09-21 14:06:01 +02:00
Christoph Hartmann
0d7d01efbd bugfix: set default path for limits.conf 2015-09-21 14:04:02 +02:00
Christoph Hartmann
797d24c14a add login_def resource unit test 2015-09-21 14:01:51 +02:00
Christoph Hartmann
9358ac3035 rename env.rb to os_env.rb 2015-09-21 13:58:47 +02:00
Christoph Hartmann
672f03a0dd improve output of ntp resource for single value arrays 2015-09-21 13:58:03 +02:00
Christoph Hartmann
7295e4c16f improve handling on uid data view 2015-09-21 13:56:08 +02:00
Christoph Hartmann
852e5ae627 improvement: remove class variables from security policy implementation 2015-09-21 13:52:49 +02:00
Christoph Hartmann
53eb3b6990 bugfix: escape string before regex, fix regular expression to identify key 2015-09-21 13:52:33 +02:00
Christoph Hartmann
e9e24a6bd5 use new volcano backend for security policy 2015-09-21 13:51:27 +02:00
Christoph Hartmann
f0ac64cf31 improvement: extend mock to support simulated cmds 2015-09-21 13:43:09 +02:00
Christoph Hartmann
cdf15b9dd1 bugfix: support multiple values in ssh config like 'HostKey', improve readability by extracting the first value from array, if we have only one value 2015-09-21 13:43:09 +02:00
Christoph Hartmann
0e8651bf26 fix rubocop issues 2015-09-05 16:07:54 +02:00
Christoph Hartmann
36c9de7529 more rubocop fixes 2015-09-04 09:59:30 +02:00
Christoph Hartmann
91ea24d538 replace :: with . syntax 2015-09-04 09:15:20 +02:00
Christoph Hartmann
bbbb8380ca replace raise with fail 2015-09-03 23:24:42 +02:00
Christoph Hartmann
556bb5a0f0 remove empty lines 2015-09-03 23:20:53 +02:00
Christoph Hartmann
1773d20178 use single quotes 2015-09-03 23:18:28 +02:00
Christoph Hartmann
5c137a7ab1 remove redundant return 2015-09-03 20:45:37 +02:00
Christoph Hartmann
349d5bf9f1 harmonize method definition style 2015-09-03 20:43:58 +02:00
Christoph Hartmann
7bdcc00e94 add utf-8 header 2015-09-03 20:36:46 +02:00
Christoph Hartmann
5612752b82 use single quotes 2015-09-03 20:35:23 +02:00
Christoph Hartmann
a895d19f03 simplify mock file loading method 2015-09-03 17:53:38 +02:00
Christoph Hartmann
a206d0ef09 (re)add debug for mock backend 2015-09-03 17:51:08 +02:00
Christoph Hartmann
7db6941219 feature: add bond resource implementation 2015-09-03 17:34:11 +02:00
Christoph Hartmann
ceb68f94cf feature: extend mock framework to support file mappings 2015-09-03 17:34:11 +02:00
Dominik Richter
c9fcb2913a complete all file tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 16:17:52 +02:00
Dominik Richter
29a143a67f remove file ctime
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 15:43:30 +02:00
Dominik Richter
708fa8485d bugfix: reset specinfra backends between runs manually
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 15:32:33 +02:00
Dominik Richter
f54fa6537a use string for backend conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 14:56:08 +02:00
Dominik Richter
f618fa391b bugfix: specinfra file type detection
mask & tmask returns non-zero values, if some bits fit the file-type. this leads to overlapping results. make sure the mask result has the full mask present, then use it.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 14:14:57 +02:00
Dominik Richter
841198993d runner conf must use string-keys
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 13:43:32 +02:00
Dominik Richter
18701752a7 improvement: make runner config map work with keys and string
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 12:56:40 +02:00
Dominik Richter
199cb84ab3 not implemented only throws on missing methods
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 17:30:49 +02:00
Dominik Richter
951f63c6c8 feature: configurable formatter for test exec
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 16:44:14 +02:00
Dominik Richter
1c2ab098f5 specify methods all backends must implement
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 11:53:25 +02:00
Dominik Richter
05b4167971 start backend and file tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 04:55:22 +02:00
Dominik Richter
32964c1e4e tests for backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 04:19:23 +02:00
Dominik Richter
e08787d14e move file interface + helpers to backend plugin
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 00:50:52 +02:00
Dominik Richter
f60b7580d5 complete specinfra file backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-01 11:48:50 +02:00
Dominik Richter
a64597594e minor bugfixes
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-01 11:11:34 +02:00
Dominik Richter
04db46f116 add aliases for target and backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 19:49:39 -07:00
Dominik Richter
601abe2579 rename backend reference @vulcano -> vulcano
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 19:33:15 -07:00
Dominik Richter
b2e031c056 start serverspec migration
This project is inspired by Serverspec and all the wonderful contributions that went into it. Thank you all so much! We have used Serverspec as our audit base and have now a slightly different perspective. We hope to continue the spirit on this path. Hopefully both projects will find their way together.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:36:05 -07:00
Dominik Richter
d292ed6ea5 migrate directory resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:24:34 -07:00
Dominik Richter
e5daa52064 fix ssh config path
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:18:37 -07:00
Dominik Richter
1bbe67682e start migrating file resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:14:17 -07:00
Dominik Richter
50a5803427 rename is_file? -> file?
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:13:53 -07:00
Dominik Richter
431c27d4ab migrate all specinfra backends
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:13:07 -07:00
Dominik Richter
40784c7c8e safeguard against empty backends
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 16:31:36 -07:00
Dominik Richter
de27b3d8e9 move mock backend to new plugin structure
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 16:14:28 -07:00
Dominik Richter
a8ed53c337 move backend to new plugin structure
use the same structure as for resources

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 16:11:23 -07:00
Dominik Richter
df8a668d8c combine resoure+resources -> resource.rb
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 16:08:17 -07:00
Dominik Richter
84102b89de rename contents -> content
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 02:10:36 -07:00
Dominik Richter
5a8bcf2b93 migrate file resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 00:44:16 -07:00
Dominik Richter
1d805aca2c migrate group policy
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 16:09:35 -07:00
Dominik Richter
554accdedc reimplement command resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 16:08:24 -07:00
Dominik Richter
e0459c4116 migrate all of audit
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 16:04:52 -07:00
Dominik Richter
2a8b8d3394 migrate env and apache conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 13:02:18 -07:00
Dominik Richter
dddc9daed0 migrated inetd config and etc group
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:52:59 -07:00
Dominik Richter
2103a4485b migrate limits and login defs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:47:37 -07:00
Dominik Richter
8004d6f129 migrate all mysql resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:41:48 -07:00
Dominik Richter
1a45f32f0b migrated all postgres resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:37:03 -07:00
Dominik Richter
83d846ac7f migrate ntp conf and parse_config
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:32:17 -07:00
Dominik Richter
d9d67e943a migrate passwd and processes
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:27:35 -07:00
Dominik Richter
dc0f61a0ef migrate registry_key + security_policy
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 11:52:22 -07:00
Dominik Richter
d7bcf6dfea move resource plugin to vulcano/plugins
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 11:49:21 -07:00
Dominik Richter
2c2d2d8d27 rename resources -> tests in the context of runner
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 10:13:05 -07:00
Dominik Richter
3bf8037638 move to a simpler plugin structure
This has been inspired in its calling structure by the wonderful work done in Vagrant. Kudos to all contributors!

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 10:10:03 -07:00
Dominik Richter
9e7ea1ef5d move ssh_conf to new structure
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-27 20:02:38 -07:00
Dominik Richter
90a2d45462 create new pluggable profile context
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-27 13:59:58 -07:00
Dominik Richter
a1af0ad24b start mock backend and change backend mechanics
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-27 13:59:15 -07:00
Dominik Richter
7e1f9b8a15 move resources lib
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-27 13:58:07 -07:00
Dominik Richter
38a99c065a 0.6.1
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-24 14:25:29 -07:00
Dominik Richter
22ce1d4b0d add docker backend support
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-24 10:35:03 -07:00
Christoph Hartmann
3570295007 bugfix: remove debug message 2015-08-14 01:46:43 -07:00
Christoph Hartmann
6e7d2f6bcf detect windows versions 2015-08-14 01:43:02 -07:00
Christoph Hartmann
e4de940dfe improve windows detection 2015-08-14 00:49:31 -07:00
Dominik Richter
8c82bca280 bugfix: skip resources with message
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 23:22:56 -07:00
Dominik Richter
1890ba9226 bugfix: correctly detect code line of block
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 22:51:53 -07:00
Dominik Richter
75c30d9892 bugfix: remove unnecessary only_if outer definition
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 22:36:50 -07:00
Dominik Richter
086d385fe0 add detect utility to get os info
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 17:18:17 -07:00
Dominik Richter
90ed1aed99 fix missing require winrm
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 23:45:32 -07:00
Dominik Richter
6360bf825f fix wrong variable ref
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 23:39:12 -07:00
Dominik Richter
83432ccfb4 fix typo
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 23:31:47 -07:00
Dominik Richter
1a165bc886 change the default impact to 0.5
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 23:05:26 -07:00
Dominik Richter
225b49fbd2 0.6.0
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 22:47:29 -07:00
Dominik Richter
5875864f45 move zip and tar helpers
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 22:45:42 -07:00
Dominik Richter
7a59d9ce76 feature: start github uri reader
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 22:34:37 -07:00
Christoph Hartmann
9065eaa35c add zip and tar helper 2015-08-12 21:14:48 -07:00
Dominik Richter
61794072e5 generalize folder handling
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 20:47:02 -07:00
Dominik Richter
9f0b6ebc46 add targets for chef-audit and serverspec
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 19:19:36 -07:00
Dominik Richter
6e4381f2d4 turn backend into a separate object
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 19:07:01 -07:00
Dominik Richter
9ba4fb1d00 add configurable targets and backends
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 18:48:17 -07:00
Dominik Richter
cecd86a119 improvement: unify ID generation for all tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 17:29:23 -07:00
Dominik Richter
7f67a088cb feature: --target option for scans
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 17:05:32 -07:00
Dominik Richter
be1cead58e improvement: always give a title to spec files
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 16:27:32 -07:00
Dominik Richter
5b0f5252c6 shorten anonymous describe IDs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 15:17:18 -07:00
Dominik Richter
116a9b46d8 run multiple files by aggregating results
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 15:16:50 -07:00
Dominik Richter
360da9a7ba feature: configure ssh+winrm targets on CLI-runner
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 14:19:44 -07:00
Dominik Richter
33043dd6a1 feature: run tests from cli
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 12:03:41 -07:00
Your Name
f6509b7f81 add method_source gem for getting source code
Signed-off-by: Your Name <your.name@email.com>
2015-08-10 00:01:11 +00:00
Your Name
0108ab2c75 simplify ruby source block detection
Signed-off-by: Your Name <your.name@email.com>
2015-08-09 20:31:51 +00:00
Your Name
39343367c2 feature: include rule code in json
Signed-off-by: Your Name <your.name@email.com>
2015-08-09 18:29:59 +00:00
Dominik Richter
5e8af49561 runtime bugfixes
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 23:39:43 -07:00
Dominik Richter
61f5f95147 make sure etc group values in where clause are strings
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:49:55 -07:00
Dominik Richter
b72ba08c06 trip whitespace
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:37:58 -07:00
Dominik Richter
a48d032cec double-check if data is read from conf apache/postgres/mysql
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:35:18 -07:00
Dominik Richter
df8be769af skip apache conf if file doesn't exist
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:28:32 -07:00
Dominik Richter
9621b1c9e9 skip postgres+mysql conf if file doesn't exist
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:27:34 -07:00
Dominik Richter
93065b9dda use FindFiles for postgres conf
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:17:07 -07:00
Dominik Richter
c733a577da improvement: unify FindFiles
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:11:01 -07:00
Dominik Richter
e9ee17c176 bugfix: find included files on remote host
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 19:50:49 -07:00
Dominik Richter
178ca83a4b specify inetd_conf path
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 19:34:24 -07:00
Dominik Richter
07edef95ad flatten users of groups
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 18:56:14 -07:00
Dominik Richter
3682a8279d make sure to get conditions as symbols
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 18:49:05 -07:00
Dominik Richter
e0b0b52af3 feature: etc_group with where-function overhaul
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 18:42:05 -07:00
Dominik Richter
53112f4156 move resource methods to respective library files
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 17:40:08 -07:00
Dominik Richter
42c3f95b41 move local parseconfig resources to library file
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 17:25:27 -07:00
Dominik Richter
6faf07aa7d rename parse_config back to parse_config_file
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 17:24:15 -07:00
Dominik Richter
1344fba629 configurable limits_conf path
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:52:55 +02:00
Dominik Richter
70a6130335 move ssh_config + sshd_config with paths to the resource file
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:43:38 +02:00
Dominik Richter
cc28749adf configurable paths for postgres + mysql confs
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:38:52 +02:00
Dominik Richter
700e2bab26 feature: add mysql resource
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:31:57 +02:00
Dominik Richter
7e9c8fe289 bugfix: get comment_char for simple_config
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:23:52 +02:00
Dominik Richter
f2fed3fa6d api: change default of multiple_values true -> false in SimpleConfig
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:23:02 +02:00
Dominik Richter
9bf968838c rename conf_ssh -> ssh_config
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:22:25 +02:00
Dominik Richter
0c5a28431d feature: postgres information based on OS
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:21:32 +02:00
Dominik Richter
f51e89d3b1 shorten mysql and postgres session resources
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-07-30 18:28:57 +02:00
Christoph Hartmann
378a98797e rename config_file resource 2015-07-27 23:26:10 +02:00
Christoph Hartmann
44f5ecef77 add apache config parser 2015-07-27 23:26:10 +02:00
Dominik Richter
252a88c24f improvement: warn on minor missing entries, error on major ones
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-07-27 17:31:17 +02:00
Christoph Hartmann
bd6a294ac5 bugfix: add toString method for resources 2015-07-26 22:45:44 +02:00
Christoph Hartmann
345d7fb5cb improvement: parse config can be configured 2015-07-26 22:45:18 +02:00
Christoph Hartmann
d926a67596 feature: resource for ntp configuration 2015-07-26 22:44:33 +02:00
Christoph Hartmann
24e9210160 feature: resources for audit daemon 2015-07-26 22:44:01 +02:00
Christoph Hartmann
34b8ab5f2a refactor audit policy 2015-07-26 22:43:24 +02:00
Christoph Hartmann
32c4575642 add inetd resource 2015-07-26 12:53:29 +02:00
Christoph Hartmann
17476fd634 add limits.conf resource 2015-07-26 12:30:46 +02:00
Christoph Hartmann
8e16decccd refactor types 2015-07-26 12:30:12 +02:00
Dominik Richter
35d3ee6b19 bugfix: ensure pseudo pty on remote
This first came up when scanning a RHEL6 EC2 box. Serverspec throws this error when the channel doesn't support a stdin.

Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-07-21 12:59:52 +02:00
Christoph Hartmann
5d4e44872c remove puts 2015-07-16 01:51:26 +02:00
Christoph Hartmann
fe7758a9a6 remove puts 2015-07-16 01:48:09 +02:00
Christoph Hartmann
fd4bb5f467 bugfix: fix id 2015-07-16 01:40:37 +02:00
Christoph Hartmann
0268d44052 add types 2015-07-16 01:09:54 +02:00
Christoph Hartmann
db8ff02313 add logindef and parse_config type 2015-07-15 16:33:39 +02:00
Christoph Hartmann
4809c33f93 add duplicate check matcher for arrays 2015-07-15 15:16:28 +02:00
Christoph Hartmann
018601480d add etc_group implementation 2015-07-15 15:16:10 +02:00
Christoph Hartmann
dc94f2c2b5 add description for passwd file format 2015-07-15 15:15:53 +02:00
Christoph Hartmann
37f0ea7d6a update copyright header 2015-07-15 15:15:18 +02:00
Christoph Hartmann
6ab07121de add line feed 2015-07-15 00:50:42 +02:00
Christoph Hartmann
f9867b4c8d add helper matcher 2015-07-15 00:50:34 +02:00
Christoph Hartmann
dbbad50c09 add passwd extraction of passwords 2015-07-15 00:50:19 +02:00
Christoph Hartmann
8c17ab29a5 add passwd support 2015-07-15 00:47:17 +02:00
Christoph Hartmann
4ff1687f6e add env support 2015-07-15 00:47:04 +02:00
Christoph Hartmann
d7d79d3d5b bugfix: remove winrm timeout 2015-06-28 10:09:04 +02:00
Christoph Hartmann
a25925057e bugfix: remove debug output 2015-06-28 00:07:02 +02:00
Christoph Hartmann
1e80a197c4 feature: switch winrm port based on protocol 2015-06-27 23:03:43 +02:00
Christoph Hartmann
5714395232 feature: add ssl support for winrm 2015-06-27 21:30:21 +02:00
Christoph Hartmann
f165e51e1f return nil, if we haven't received a value 2015-06-27 21:29:57 +02:00
Dominik Richter
8dd5ad2979 bugfix: prevent entries in known hosts files
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-27 15:49:54 +02:00
Dominik Richter
2e827fd699 bugfix: prevent any auth-method that is not configured + prevent interactive password login
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-27 15:47:45 +02:00
Dominik Richter
34bc6a387c feature: add configurable profile_id field
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-25 17:45:46 +02:00
Dominik Richter
3440f6f69e bugfix scope
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 18:21:09 +02:00
Dominik Richter
8d0976a4cc bugfix: scoping for ubuntu's ruby version
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 17:57:07 +02:00
Dominik Richter
e832a1f2c8 bugfix: typo
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 17:27:05 +02:00
Dominik Richter
6b8cd1078a bugfix: mysql dynamic describe
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 16:33:22 +02:00
Dominik Richter
b3495e9fc5 bugfix: mysql resouce skipping and checking
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 16:18:40 +02:00
Dominik Richter
40ed9799b7 feature: mysql config resource updated
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 15:51:44 +02:00
Dominik Richter
232de91d9a feature: mysql resource with debian login + skipping policy
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 15:24:35 +02:00
Dominik Richter
ff0020ac73 bugfix: enforce utf-8 encoding
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 08:56:13 +02:00
Dominik Richter
1b9997b204 bugfix: work around embedded only_if conditionals
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 22:52:40 +02:00
Dominik Richter
8294641b1e bugfix: allow json/check methods to run despite only_if in profile
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 22:36:38 +02:00
Dominik Richter
cb3e067a1f feature: helper method to check if a default command exists
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 18:19:04 +02:00
Dominik Richter
5d5b945933 feature: only_if for profiles added
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 18:07:35 +02:00
Dominik Richter
cceefa54cf add base resource
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 17:06:04 +02:00
Dominik Richter
7a721dba7e feature: skip ssh config if file isn't readable/found
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 16:33:08 +02:00
Dominik Richter
8026915ce5 feature: support skipping rules via resources
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 16:32:42 +02:00
Dominik Richter
e0e7fb8996 bugfix: indicate that file resource is really working with paths
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 11:23:30 +02:00
Dominik Richter
9e79b49f43 improvement: file permission matchers add full description 2015-06-21 11:06:39 +02:00
Dominik Richter
b942a1a103 bugfix: run without profile ID defined
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 10:28:13 +02:00
Dominik Richter
1abfdae264 bugfix: use fully qualified profile IDs
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 02:21:08 +02:00
Dominik Richter
1d6a0decad make json-builder work again with new rule-tree 2015-06-20 01:41:48 +02:00
Dominik Richter
83dc0a6425 make check work again with new rule-tree
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 01:36:59 +02:00
Dominik Richter
5e83779fb4 api: separate name from title in metadata
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 01:04:05 +02:00
Dominik Richter
ef4471d20b feature: allow to skip rules
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 00:20:44 +02:00
Dominik Richter
2e1106b933 feature: add rule hierarchy with include and require rules
include_rules 'vulcanosec/ssh'

this will include all rules defined in vulcanosec/ssh

    require_rules 'vulcanosec/linux'

this will not include any rules yet, but you may choose what you want to pull in.

both have a block attached which will allow you to choose rules (for require_rules) and redefined/change existing rules as you like. small example:

    require_rules 'vulcanosec/linux' do
      rule fs-3 do
        impact 1.0
      end
    end

Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 00:00:53 +02:00
Dominik Richter
a6748e2418 load rules from a spec file into a profile context 2015-06-19 22:23:07 +02:00
Dominik Richter
7649d1459c simplify global vs embedded rule handling
i.e. one executes directly, the other just registers. this change makes such a distinction much easier

Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 21:52:57 +02:00
Dominik Richter
da71e1e826 move DSL helper methods out of local DSL space
to avoid potential collissions

Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 21:43:04 +02:00
Dominik Richter
8181ee038e move rule execution and ID-fixing out
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 21:17:56 +02:00
Dominik Richter
f64f15ee6b make syntax binding to scope programmable
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 20:11:26 +02:00
Dominik Richter
2c912d2fbe initialize vulcano module + version first
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 18:45:38 +02:00
Dominik Richter
e689afb4b8 improvement: split vulcano core library from verification 2015-06-19 16:45:36 +02:00
Dominik Richter
aebed6cb55 bugfix: only call rule blocks if they are given
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-19 16:32:11 +02:00
Dominik Richter
6f4a1fc092 move log out of bin/vulcano; it's not used there
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-19 15:06:44 +02:00
Dominik Richter
1b36802589 feature: include other rules
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-18 17:32:40 +02:00
Dominik Richter
243c7b9892 feature: sudo configuration
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-17 10:49:25 +02:00
Dominik Richter
1a05865d6e feature: print number of rules checked
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-16 23:33:27 +02:00
Dominik Richter
1247dd7bc7 api: change check -> rule
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-16 23:30:08 +02:00
Dominik Richter
e86cd978eb bugfix: create check structure with meta-info
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-12 12:32:10 +02:00
Dominik Richter
9f02a88e54 improvement: separate checking information from processing
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:53:25 +02:00
Dominik Richter
3013bdcc46 feature: add pry for development consoles
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:40:16 +02:00
Dominik Richter
c329b6743a bugfix: add resources to rules
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:37:51 +02:00
Dominik Richter
0c0be4b09e bugfix: don't evaluate nil impact
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:36:30 +02:00
Dominik Richter
b5fb4c46c0 improvement: print file which has error
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:26:29 +02:00
Dominik Richter
fb9d09af49 bugfix: gsub on empty desciption
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:23:36 +02:00
Dominik Richter
beee62fabd improvement: separate specfile sanitize vs check
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:21:03 +02:00
Dominik Richter
1833ff9aa0 bugfix: call lambda correctly
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:16:05 +02:00
Dominik Richter
5ba7fb0386 bugfix: recognize empty title as title==id
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:15:26 +02:00
Dominik Richter
4ab30252fb feature: vulcano check
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:03:12 +02:00
Dominik Richter
08035d7b61 bugfix: don't let dummy resources overwrite library files
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 23:05:00 +02:00
Dominik Richter
7a022f9c0a change json syntax to: map[string]check
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 22:24:53 +02:00
Dominik Richter
e9d642fc61 feature: replace vcheck
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 21:41:54 +02:00
Dominik Richter
44d1f88dda add version
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 19:49:55 +02:00
Dominik Richter
f56618f364 bugfix: cascade IDs to child describe-blocks (from :its)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 19:20:16 +02:00
Dominik Richter
64d90c326f feature: add rules with IDs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 17:09:02 +02:00
Dominik Richter
483c12edc7 feature: run specs on different port
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-05-14 18:30:50 +02:00
Dominik Richter
14eebb88e0 capitalize ssh conf name
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-05-14 18:30:38 +02:00
Dominik Richter
18277ddfad bugfix: postgres connection error detection fixed
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-05-14 18:29:55 +02:00
Dominik Richter
21d604820a feature: add windows resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-17 15:37:17 +02:00
Dominik Richter
e87af25d07 bugfix: ssh is simpleconf w/o multiassignemnt
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-17 15:36:55 +02:00
Dominik Richter
6875d373e8 feature: winrm specs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-17 15:36:34 +02:00
Dominik Richter
c1522ed98c feature: multi-assignments for simpleconfig
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-17 15:36:18 +02:00
Dominik Richter
985552731a import resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-09 22:01:23 +02:00