Commit graph

692 commits

Author SHA1 Message Date
David Pell
155995adfd In ApacheConf#include_files, check for abs paths
If the path is absolute, just use what was passed, otherwise build an
absolute path using `@conf_dir`.

Fixes #1013
2016-09-20 09:11:09 -04:00
Alex Pop
8a470c16f1 ssl resource to use inspec.backend.hostname and require train 0.19.1 2016-09-16 10:41:22 +01:00
Christoph Hartmann
9c7d06c167 use simple config for security policy resource 2016-09-12 12:20:57 +02:00
Christoph Hartmann
a2143b8249 identify enabled/disabled accounts for windows 2016-09-12 11:40:25 +02:00
Christoph Hartmann
e61f71143d add unit tests 2016-09-09 12:43:03 +02:00
Christoph Hartmann
82a4e21cf7 add sys_info resource to get information about the hostname 2016-09-09 10:36:02 +02:00
Christoph Hartmann
fb416bfdf8 added further comments highlight that the users research is focussed on local users 2016-09-09 09:31:38 +02:00
Christoph Hartmann
23cfc3c4bd fix for solaris 2016-09-09 09:31:38 +02:00
Christoph Hartmann
78a47aa43b improve windows implementation 2016-09-09 09:31:38 +02:00
Christoph Hartmann
74c3904844 improve performance for single user requests 2016-09-09 09:31:37 +02:00
Christoph Hartmann
94100d98b0 full implementation for filtable for linux and mac 2016-09-09 09:31:37 +02:00
Kartik Null Cating-Subramanian
42fd3fc51a first iteration fitlertable for user resource 2016-09-09 09:31:37 +02:00
Christoph Hartmann
80fd288f44 Merge pull request #1020 from chef/chris-rock/iis_direct_matcher
allow direct access to iis configuration parameters
2016-09-07 11:34:47 +02:00
Christoph Hartmann
1bd55f8cc4 allow direct access to iis configuration parameters 2016-09-07 11:19:34 +02:00
Alex Pop
f65ceeb900 handled hostname differently for WinRM::Connection
parallelize protocol checks to speed up the scan
2016-09-07 11:04:01 +02:00
Christoph Hartmann
c3c648eeb9 fix integration tests for usage with winrm v2 2016-09-05 13:36:48 +02:00
Christoph Hartmann
3346d7e1a9 support /etc/init.d directory for run level configuration 2016-09-05 11:08:21 +02:00
Christoph Hartmann
a116406b4e Merge pull request #1014 from jeremymv2/fix_apache_conf
Fix apache conf
2016-09-04 20:18:16 +02:00
Jeremy J. Miller
898fe125f2 keep os logic in apache resource 2016-09-04 13:27:14 -04:00
Jeremy J. Miller
5774dacfea use inspec.os.debian? 2016-09-02 13:57:35 -04:00
Jeremy J. Miller
3919d33ccb fixing apache_conf.conf_dir 2016-09-02 13:44:16 -04:00
Alex Pop
f1b1794ee5 fix os exception 2016-09-02 15:24:50 +01:00
Martin Hegarty
e6eb6d8d36 Allow for windows service name with spaces 2016-08-31 15:01:07 +01:00
Christoph Hartmann
dd06709d6e switch from deprecated script resource to powershell resource for user resource 2016-08-26 09:33:35 +02:00
Kartik Null Cating-Subramanian
89976219b9 Add windows user SID as 'UID' in user resource. Fix #960 2016-08-26 09:27:03 +02:00
Christoph Hartmann
8de1b9fe7b Merge pull request #978 from nvtkaszpir/patch-1
Update port.rb Documentation
2016-08-26 09:12:35 +02:00
Kartik Null Cating-Subramanian
1243d9475d Rubocoooop! 2016-08-25 14:22:15 -04:00
Michał Sochoń
3c106096b9 Update port.rb 2016-08-25 19:57:41 +02:00
Michał Sochoń
8b6107c5b9 Update port.rb
fix comment section, expand example section
2016-08-25 17:03:41 +02:00
Christoph Hartmann
3182978e85 fix lint 2016-08-24 14:40:26 +02:00
Kartik Null Cating-Subramanian
db032e437e Speed up windows package lookup - maybe 2016-08-24 14:33:56 +02:00
Anirudh Gupta
4041f1898e can check windows service startup mode now 2016-08-24 02:01:10 +05:30
username-is-already-taken2
52c52d565f Update host.rb
Resolved an issue checking ports on windows

The previous version wasn't really checking if a port was accessible as we were only validating if the ping succeeded. Using TcpTestSucceeded to determine if the connection worked or not.
2016-08-23 17:15:33 +02:00
Tim Smith
d953986d25 Add darwin helper
Signed-off-by: Tim Smith <tsmith@chef.io>
2016-08-23 10:37:52 +02:00
Chris Evett
3df98b7a19 add iis_site tests and refactor post code review 2016-08-17 06:57:48 -04:00
Chris Evett
4d63afc1f8 add documentation to resources.rst for iis_site and fix comment 2016-08-17 06:57:48 -04:00
Chris Evett
7f9fbc6cce add iis_site resource 2016-08-17 06:57:48 -04:00
Christoph Hartmann
c23263f3d0 handle xinetd config with only one entry 2016-08-16 17:23:22 +02:00
Victoria Jeffrey
6f198f539b cleanup 2016-08-16 10:01:10 +02:00
Victoria Jeffrey
cf771ab967 ssh_config parse should be case insensitive 2016-08-16 10:01:10 +02:00
Dominik Richter
c4282ab6b2 add ssl resource (early access) 2016-08-15 07:49:41 -07:00
Dominik Richter
5f1d83f196 Merge pull request #912 from chef/ap/port-win-process
Windows ports with pid and process name
2016-08-12 20:59:28 +02:00
Alex Pop
353dcf10ec make netstat default for getting ports and get only listening ones 2016-08-12 16:02:56 +01:00
Christoph Hartmann
57bdd3464c add feature to fetch children from registry key 2016-08-12 14:51:23 +02:00
Christoph Hartmann
1faa68732e use powershell function for registry key 2016-08-12 14:51:23 +02:00
Christoph Hartmann
571bc14742 support hash params as options for registry key 2016-08-12 14:51:23 +02:00
Steven Danna
c71f5cdb30 Improve detection of postgresql conf dir and data dir
Redhat conf_dir detection was regressed in 57d7275 which inadvertently
removed the setting of @conf_dir. Any attempt to use the postgres
resource on RHEL would rain an exception:

    inspec> postgres.data_dir
    TypeError: no implicit conversion of nil into String

Further, the redhat detection code appears to assume that RHEL always
uses versioned data directories. This however, does not appear to be the
case:

    $ cat /etc/redhat-release
    CentOS release 6.7 (Final)
    $ sudo ls /var/lib/pgsql/
    backups  data  pgstartup.log

The code now can handle both versioned and un-versioned directory
formats on RHEL. Further, it provides diagnostic warnings about
uncertainty in the discovered data directories and configuration
directories.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-10 18:44:15 +02:00
Steven Danna
13ebea48e1 Allow port to be specified as a string
This allows the user to write:

   describe port(22) do
     it { should be_listening }
   end

as well as

   describe port('22') do
     it { should be_listening }
   end

without hitting an error.

Fixes #867

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-05 14:01:08 +02:00
Christoph Hartmann
b3652bf85d improve code style for parse_config thanks @stevendanna
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2016-08-05 12:29:34 +02:00
Christoph Hartmann
d9a1a500d0 add params and content method to parse_config 2016-08-05 12:13:56 +02:00
Steven Danna
57d7275857
Update inspec for os[:family] change in Train
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-04 13:32:35 +01:00
Steven Danna
28946f5fde
Use systemctl's helper command to determine enabled & active status
The output of `systemctl show SERVICENAME` can be misleading in the
case of non-native services (i.e. services configured via an init script
and integrated with systemd via a shim) or for more sophisticated unit
types.

For example, the UnitFileState of ntp is "bad":

    > systemctl show ntp | grep UnitFileState
    UnitFileState=bad

despite systemd reporting it as enabled:

   > systemctl is-enabled ntp
   ntp.service is not a native service, redirecting to
   systemd-sysv-install
   Executing /lib/systemd/systemd-sysv-install is-enabled ntp
   enabled

Further, the old parsing code would have missed unit files in the
following states that are technically enabled:

   enabled-runtime, indirect, generated, and transient

Using the `is-enabled` commands ensures that we report the same enabled
status that systemd reports, without having to update our own parsing in
the event that new unit states are added. Additionally, as shown above,
it handles the sysv compatibility helper.

Similarly, the is-active helper command ensures that we always report
the same active/not-active status as systemd would natively. For
instance, a quick reading of `src/systemctl/systemctl.c` in the systemd
source shows that systemctl reports units as active if they are in the
state `UNIT_ACTIVE` or `UNIT_RELOADING`.

Fixes #749

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-03 13:31:09 +01:00
Dominik Richter
c2f34932ad add port resource for windows 2008
using `netstat -an`
2016-07-21 14:58:43 +02:00
Chris Evett
925da00b3d fixing rubocop error 2016-07-17 14:22:04 -04:00
Chris Evett
85988aab9c add mssql resource 2016-07-17 14:18:25 -04:00
Patrick Münch
7d986c2d17 FIX #823 wrong postgres path detection
Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
2016-07-12 19:59:08 +02:00
Dominik Richter
68cf88f701 add suid sgid and sticky support for file resource 2016-07-10 23:08:42 +02:00
Dominik Richter
c6644ebdfe check service running by ActiveState
See http://unix.stackexchange.com/questions/159174/differences-between-inactive-vs-disabled-and-active-vs-enabled-services
2016-07-06 12:57:04 +02:00
Christoph Hartmann
9bdb01f1d5 improve wmi resource 2016-06-19 23:40:45 +02:00
Dominik Richter
302a718b48 list arbitrary ports and query it
utilizing filter table to make port more flexible and useful.
2016-05-31 03:14:07 +02:00
Christoph Hartmann
9e753a5dbc add helper methods for os resource 2016-05-31 00:01:26 +02:00
Anirudh Gupta
c9dbbfd5dc modification in command resource example 2016-05-16 11:53:21 +05:30
Dominik Richter
dde4433933 use struct for processes list
we know all the fields + struct is fully compatible to the curren hash implementation
2016-05-13 11:22:56 +02:00
Christoph Hartmann
5939e5b2f9 Merge pull request #739 from chef/ap/port-not-nil
Return empty array instead of nil for port methods
2016-05-11 23:32:43 +02:00
Alex Pop
2a9d9b5481 return empty array instead of nil to be .each friendly 2016-05-11 22:21:22 +01:00
tpcwang
c8d2991589 Escape os_env command on Windows to handle env variables containing parentheses.
Update the mock file to match the new command
2016-05-11 01:09:06 -07:00
Victoria Jeffrey
1811eb6666 Expose label for processes only on linux 2016-05-10 13:59:13 -04:00
Alex Pop
9ded3b8835 Provide service params as a mash, empty unless systemd for now 2016-05-09 14:54:09 +02:00
Dominik Richter
5d925b2851 api: make processes return integers for pid/vsz/rss 2016-05-06 16:49:21 +02:00
Alex Pop
9a83814f35 update mount example with include 2016-05-06 14:27:42 +01:00
Alex Pop
c518b9edc2 expose systemd service properties via .info 2016-05-06 13:36:42 +02:00
Dominik Richter
67fccc1246 expose deprecated fields in passwd 2016-05-04 15:27:58 +02:00
Dominik Richter
fb91b788a6 use filtertable with passwd resource 2016-05-04 15:27:58 +02:00
Alex Pop
f78afe0d75 Use only strings in resource examples, docs and tests 2016-05-03 23:27:18 +01:00
Anirudh Gupta
738ef69bcf prefixed hpux to cmd file name 2016-05-03 21:38:39 +05:30
Anirudh Gupta
d839f218bf hpux support for basic port properties 2016-05-03 14:30:59 +05:30
Alex Pop
56d856531b support basename parameter and add tests 2016-04-29 13:40:32 -04:00
Dominik Richter
83b4dfbf4d use the source_path instead of path for file internal reporting 2016-04-28 20:11:21 -04:00
Dominik Richter
3e8974d243 update to new train interface 2016-04-28 19:55:34 -04:00
Alex Pop
3ab53e940d make file resource follow links and provide method to get to the original link object 2016-04-28 19:55:34 -04:00
Dominik Richter
0c8e891ee1 add #entries to filter table + remodel configuration 2016-04-28 22:46:39 +02:00
Dominik Richter
048a1584b9 encapsulated filters 2016-04-28 22:46:39 +02:00
Dominik Richter
652f10ad9a use Inspec::Filter in xinetd resource 2016-04-28 22:46:39 +02:00
Dominik Richter
01caf05020 add cmd for executing calls against the inspec api 2016-04-27 06:31:01 -07:00
Anirudh Gupta
1330e09df5 added file permission by user check for hp-ux 2016-04-26 14:53:28 +05:30
Anirudh Gupta
75534fdaa5 added hpux user and package resource support 2016-04-21 14:01:56 +05:30
Alex Pop
9f156bb36b update file resource example to use cmd matcher for better failure output in octal 2016-04-20 11:57:34 -04:00
Alex Pop
7a3b4736b8 fix the shadow password example now that cmp can handle arrays 2016-04-20 11:57:34 -04:00
Dominik Richter
9da23f9cbc remodel bash and shell wrappers 2016-04-18 11:48:42 -04:00
Dominik Richter
0631779412 configure command execution shells to sh/bash/zsh 2016-04-18 01:09:37 -04:00
Dominik Richter
fa6143d6d4 be descriptive on shadow.entries
When used in combination: `shadow[.filter(...)].entries.each { |entry| ... }`, these entries would not  be very descriptive at all. You would basically only retrieve the full filter chain e.g. 20 times, without any information about what entry you are currently looking at. This fixes it, by providing the entry identified by the user name
2016-04-17 19:12:14 -04:00
Thomas Cate
e6d98968c9 first pass at working legacy-grub/grub2 config 2016-04-17 10:46:35 -04:00
Thomas Cate
0f8aff0b91 added default and per kernel checking 2016-04-17 10:46:35 -04:00
Thomas Cate
3051ead64d added tests for grub_conf resource 2016-04-17 10:46:29 -04:00
Thomas Cate
19333f0ece handle unsupported OSs 2016-04-17 10:46:29 -04:00
Thomas Cate
1b1690a3e3 improve examples 2016-04-17 10:46:29 -04:00
Thomas Cate
3559ba4aeb convert single entry arrays to strings 2016-04-17 10:46:24 -04:00
Thomas Cate
fc811518e8 remove troubleshooting output 2016-04-17 10:45:22 -04:00
Thomas Cate
96536db318 first pass at a grub_config resource 2016-04-17 10:45:22 -04:00
Christoph Hartmann
27357c8630 update documentation for json resource 2016-04-16 20:16:32 -04:00
Satish Puranam
07315ce5d2 Cleanup code meet lint guidelines 2016-04-14 13:39:03 -04:00
Satish Puranam
b0bc88f637 Cleanup, remove redundant checking of os family 2016-04-13 19:08:14 -04:00
Satish Puranam
81029274e2 Add support suse 11 to service resource 2016-04-13 18:24:26 -04:00
Jacob McCann
9dbf5354e5 Add 'static' value as enabled to systemd service enabled check 2016-04-13 14:44:28 -05:00
Christoph Hartmann
6fba237848 Merge pull request #580 from mulesoft-ops/amazon-linux-support
Amazon linux support for service resource
2016-03-31 09:55:36 +01:00
Dominik Richter
419b6a087c add file uid and gid accessors 2016-03-31 02:23:30 +02:00
Dominik Richter
2cad553de8 add advanced passwd filters (experimental) 2016-03-31 02:03:20 +02:00
Joshua Bussdieker
7a185f02dc Amazon linux support for service resource 2016-03-29 08:32:50 -07:00
Christoph Hartmann
ca0506b6a3 eases the removal of leading and trailing whitespace for powershell and vbscript 2016-03-26 22:25:53 +01:00
Dominik Richter
c5f0d11e4c bugfix: dont crash on read_file contents in parse_config 2016-03-22 18:42:50 +01:00
Christoph Hartmann
cd57b26bd0 wmi unit test 2016-03-20 11:53:56 +01:00
Christoph Hartmann
f97301882e add namespace for wmi resource 2016-03-20 11:53:56 +01:00
Christoph Hartmann
67251d2982 implement object traversal for wmi object, make namespace and filter optional 2016-03-20 11:53:56 +01:00
Christoph Hartmann
d045927d28 add wmi resource 2016-03-20 11:53:56 +01:00
Christoph Hartmann
849c23d0aa remove comments from ps script and remove tmp vb script after execution 2016-03-19 19:04:31 +01:00
Christoph Hartmann
6d53e43e7d add vbscript resource 2016-03-19 19:04:31 +01:00
Christoph Hartmann
f50255486b add support for addresses in port resource 2016-03-19 11:48:14 +01:00
Christoph Hartmann
e2466d0dbb rename script to powershell 2016-03-18 15:41:54 +01:00
Dominik Richter
24ffdf0478 descope calls to global File
This is just for simplicity. I expect other users to make the same mistake when using it, so I would rather our tests crash if we have this type of conflict again and prevent it in the first place. Renaming File to FileResource should take care of all important places
2016-03-09 10:48:54 +01:00
Dominik Richter
844580074d rename internal OS -> OSResource 2016-03-09 10:48:54 +01:00
Dominik Richter
387415859e rename internal File -> FileResource 2016-03-09 10:48:48 +01:00
Adam Leff
577688a3a0 Placing all resources in the Inspec::Resources namespace
Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix.

Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes.

I strongly recommend viewing this diff with `git diff --ignore-space-change`
to see the *real* changes. :)
2016-03-08 13:40:16 -05:00
Dominik Richter
e617f74bcd filter xinetd fields by regex 2016-02-26 14:46:51 +01:00
Dominik Richter
4a39275fc0 add xinetd_conf resource 2016-02-26 13:19:16 +01:00
Dominik Richter
ee82c3a2ff bugfix: handle edge-cases in upstart service
e.g. when a service could not be found and command outputs become empty / matchers dont hit'
2016-02-22 09:52:16 +01:00
Dominik Richter
c7312be8ec force encoding to utf-8 2016-02-22 05:18:41 +01:00
Dominik Richter
1e096c7181 add shadow resource for /etc/shadow 2016-02-19 14:26:04 +01:00
Christoph Hartmann
9e2dc30fb5 minor typo fix 2016-02-18 21:12:25 +01:00
Dominik Richter
1fa957c8ca ensure deprecated methods still work 2016-02-18 16:25:02 +01:00
Dominik Richter
83fcc35d2a expose all fields + deprecate singular accessors 2016-02-18 16:10:42 +01:00
Dominik Richter
d9427b3aac add filter to passwd 2016-02-18 16:10:42 +01:00
Stephan Renatus
453cd420fb fix service_ctl override logic 2016-02-17 12:55:09 +01:00
Dominik Richter
36cbafc438 add runlevel helper object to services 2016-02-14 18:23:58 +01:00
Dominik Richter
0934948a1a support runlevels for system V + service matching
Bugfix: there were services that would get matched because of the way the regex was constructed, i.e. if the user inserted `.` or `*` or anything regexy. Even if the service only had part of the name you were interested in, it would match (e.g. `sshd` would find `my_sshdaemon`).

Apart from this, runlevels are now detected for SystemV. This is exposed in `#info`
2016-02-13 02:11:51 +01:00
Stephan Renatus
ac2584f51d iptables: strip lines if iptables -S output
As it turns out, some of the lines on CentOS 6 had a trailing space in it.

Fixes #420.
2016-02-10 09:57:32 +01:00
Stephan Renatus
cdad6e63c3 iptables: some simplifications 2016-02-10 09:57:32 +01:00
Christoph Hartmann
0f14ebb1d1 simplify value extraction for apache resource without any magic 2016-02-09 17:35:33 +01:00
Christoph Hartmann
a3eda1fcee implement method missing for apache_conf resource 2016-02-09 17:35:33 +01:00
Dominik Richter
971d651551 change version constraints
Move to a more mathematical representation of version numbers comparisons. The existing one is semantically correct, but may lead to slight confusion.
2016-02-09 11:51:52 +01:00
Stephan Renatus
e5b88fc486 auditd_rules: suppress warning for centos 5; improve docs wording 2016-02-09 11:51:52 +01:00
Stephan Renatus
405b3e3fa4 rubocop fixes 2016-02-09 11:51:52 +01:00
Stephan Renatus
4b6eced92a auditd_rules: access by key, tests + documentation 2016-02-09 11:51:52 +01:00
Stephan Renatus
cd5f47ed33 auditd_rules: unit tests, meet the real world 2016-02-09 11:51:52 +01:00
Stephan Renatus
664561aa80 auditd_rules: status querying (old/new) and unit tests
TODO: unit tests for the legacy format
2016-02-09 11:51:52 +01:00
Stephan Renatus
5270f21da9 move FilterArray to utils, add retrieving values 2016-02-09 11:51:52 +01:00
Stephan Renatus
4afb22565e auditd_rules: teach old dog new tricks 2016-02-09 11:51:52 +01:00
Stephan Renatus
2afc29e48f auditd_rules: stash legacy behaviour away 2016-02-09 11:51:52 +01:00
Dominik Richter
0421b6dc1a exit early 2016-02-09 11:04:50 +01:00
Dominik Richter
c966e94835 typos 2016-02-09 11:04:34 +01:00
Stephan Renatus
f63a8ad1d5 upstart_service: add version fallback, fix regexp
before this regexp change, a service called "running" (hello integration
tests) would always be "running" ;)
2016-02-05 13:49:18 +01:00