mirror of
https://github.com/inspec/inspec
synced 2024-11-14 00:47:10 +00:00
c7e87ca3e3
* Create file-check functionality into utility file There are the similar issues as PR #2302. Almost resources return false positives when a file does not exist or is not read. * Replace to file-check functionality * Fix dh_params and x509_certificate resources If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have raised an exception and have skipped the inspection. Thus x509_certificate and dh_params resources are not allowed to read a empty file. * to_s of shadow expects filters is not nil * Remove workaround of sshd_config Removes the workaround of sshd_config since Travis CI fails due to a bug of dev-sec/ssh-baseline and the PR #100 will fix it. * Use init block variable in methods Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
790 lines
23 KiB
Ruby
790 lines
23 KiB
Ruby
# encoding: utf-8
|
|
|
|
require 'hashie'
|
|
require 'utils/file_reader'
|
|
|
|
module Inspec::Resources
|
|
class Runlevels < Hash
|
|
attr_accessor :owner
|
|
|
|
def self.from_hash(owner, hash = {}, filter = nil)
|
|
res = Runlevels.new(owner)
|
|
filter = filter.first if filter.is_a?(Array) && filter.length <= 1
|
|
|
|
ks = case filter
|
|
when nil
|
|
hash.keys
|
|
when Regexp
|
|
hash.keys.find_all { |x| x.to_s =~ filter }
|
|
when Array
|
|
f = filter.map(&:to_s)
|
|
hash.keys.find_all { |x| f.include?(x.to_s) }
|
|
when Numeric
|
|
hash.keys.include?(filter) ? [filter] : []
|
|
else
|
|
hash.keys.find_all { |x| x == filter }
|
|
end
|
|
|
|
ks.each { |k| res[k] = hash[k] }
|
|
res
|
|
end
|
|
|
|
def initialize(owner, default = false)
|
|
@owner = owner
|
|
super(default)
|
|
end
|
|
|
|
def filter(f)
|
|
Runlevels.from_hash(owner, self, f)
|
|
end
|
|
|
|
# Check if all runlevels are enabled
|
|
#
|
|
# @return [boolean] true if all runlevels are enabled
|
|
def enabled?
|
|
values.all?
|
|
end
|
|
|
|
# Check if all runlevels are disabled
|
|
#
|
|
# @return [boolean] true if all runlevels are disabled
|
|
def disabled?
|
|
values.none?
|
|
end
|
|
|
|
def to_s
|
|
"#{owner} runlevels #{keys.join(', ')}"
|
|
end
|
|
end
|
|
|
|
# We detect the init system for each operating system, based on the operating
|
|
# system.
|
|
#
|
|
# Fedora 15 : systemd
|
|
# RedHat 7 : systemd
|
|
# Ubuntu 15.04 : systemd
|
|
# Ubuntu < 15.04 : upstart
|
|
#
|
|
# TODO: extend the logic to detect the running init system, independently of OS
|
|
class Service < Inspec.resource(1)
|
|
name 'service'
|
|
supports platform: 'unix'
|
|
supports platform: 'windows'
|
|
desc 'Use the service InSpec audit resource to test if the named service is installed, running and/or enabled.'
|
|
example "
|
|
describe service('service_name') do
|
|
it { should be_installed }
|
|
it { should be_enabled }
|
|
it { should be_running }
|
|
its('type') { should be 'systemd' }
|
|
its ('startmode') { should be 'Auto'}
|
|
end
|
|
|
|
describe service('service_name').runlevels(3, 5) do
|
|
it { should be_enabled }
|
|
end
|
|
|
|
describe service('service_name').params do
|
|
its('UnitFileState') { should eq 'enabled' }
|
|
end
|
|
"
|
|
|
|
attr_reader :service_ctl
|
|
|
|
def initialize(service_name, service_ctl = nil)
|
|
@service_name = service_name
|
|
@service_mgmt = nil
|
|
@service_ctl ||= service_ctl
|
|
@cache = nil
|
|
@service_mgmt = select_service_mgmt
|
|
|
|
return skip_resource 'The `service` resource is not supported on your OS yet.' if @service_mgmt.nil?
|
|
end
|
|
|
|
def select_service_mgmt # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength
|
|
os = inspec.os
|
|
platform = os[:name]
|
|
|
|
# Ubuntu
|
|
# @see: https://wiki.ubuntu.com/SystemdForUpstartUsers
|
|
# Ubuntu 15.04 : Systemd
|
|
# Systemd runs with PID 1 as /sbin/init.
|
|
# Upstart runs with PID 1 as /sbin/upstart.
|
|
# Ubuntu < 15.04 : Upstart
|
|
# Upstart runs with PID 1 as /sbin/init.
|
|
# Systemd runs with PID 1 as /lib/systemd/systemd.
|
|
if %w{ubuntu}.include?(platform)
|
|
version = os[:release].to_f
|
|
if version < 15.04
|
|
Upstart.new(inspec, service_ctl)
|
|
else
|
|
Systemd.new(inspec, service_ctl)
|
|
end
|
|
elsif %w{linuxmint}.include?(platform)
|
|
version = os[:release].to_f
|
|
if version < 18
|
|
Upstart.new(inspec, service_ctl)
|
|
else
|
|
Systemd.new(inspec, service_ctl)
|
|
end
|
|
elsif %w{debian}.include?(platform)
|
|
version = os[:release].to_i
|
|
if version > 7
|
|
Systemd.new(inspec, service_ctl)
|
|
else
|
|
SysV.new(inspec, service_ctl || '/usr/sbin/service')
|
|
end
|
|
elsif %w{redhat fedora centos oracle}.include?(platform)
|
|
version = os[:release].to_i
|
|
if (%w{redhat centos oracle}.include?(platform) && version >= 7) || (platform == 'fedora' && version >= 15)
|
|
Systemd.new(inspec, service_ctl)
|
|
else
|
|
SysV.new(inspec, service_ctl || '/sbin/service')
|
|
end
|
|
elsif %w{wrlinux}.include?(platform)
|
|
SysV.new(inspec, service_ctl)
|
|
elsif %w{mac_os_x}.include?(platform)
|
|
LaunchCtl.new(inspec, service_ctl)
|
|
elsif os.windows?
|
|
WindowsSrv.new(inspec)
|
|
elsif %w{freebsd}.include?(platform)
|
|
BSDInit.new(inspec, service_ctl)
|
|
elsif %w{arch}.include?(platform)
|
|
Systemd.new(inspec, service_ctl)
|
|
elsif %w{coreos}.include?(platform)
|
|
Systemd.new(inspec, service_ctl)
|
|
elsif %w{suse opensuse}.include?(platform)
|
|
if os[:release].to_i >= 12
|
|
Systemd.new(inspec, service_ctl)
|
|
else
|
|
SysV.new(inspec, service_ctl || '/sbin/service')
|
|
end
|
|
elsif %w{aix}.include?(platform)
|
|
SrcMstr.new(inspec)
|
|
elsif %w{amazon}.include?(platform)
|
|
Upstart.new(inspec, service_ctl)
|
|
elsif os.solaris?
|
|
Svcs.new(inspec)
|
|
end
|
|
end
|
|
|
|
def info
|
|
return nil if @service_mgmt.nil?
|
|
@cache ||= @service_mgmt.info(@service_name)
|
|
end
|
|
|
|
# verifies if the service is enabled
|
|
def enabled?(_level = nil)
|
|
return false if info.nil?
|
|
info[:enabled]
|
|
end
|
|
|
|
def params
|
|
return {} if info.nil?
|
|
Hashie::Mash.new(info[:params] || {})
|
|
end
|
|
|
|
# verifies the service is registered
|
|
def installed?(_name = nil, _version = nil)
|
|
return false if info.nil?
|
|
info[:installed]
|
|
end
|
|
|
|
# verifies the service is currently running
|
|
def running?(_under = nil)
|
|
return false if info.nil?
|
|
info[:running]
|
|
end
|
|
|
|
# get all runlevels that are available and their configuration
|
|
def runlevels(*args)
|
|
return Runlevels.new(self) if info.nil? or info[:runlevels].nil?
|
|
Runlevels.from_hash(self, info[:runlevels], args)
|
|
end
|
|
|
|
# returns the service type from info
|
|
def type
|
|
return nil if info.nil?
|
|
info[:type]
|
|
end
|
|
|
|
# returns the service name from info
|
|
def name
|
|
return @service_name if info.nil?
|
|
info[:name]
|
|
end
|
|
|
|
# returns the service description from info
|
|
def description
|
|
return nil if info.nil?
|
|
info[:description]
|
|
end
|
|
|
|
# returns the service start up mode from info
|
|
def startmode
|
|
return nil if info.nil?
|
|
info[:startmode]
|
|
end
|
|
|
|
def to_s
|
|
"Service #{@service_name}"
|
|
end
|
|
|
|
private :info
|
|
end
|
|
|
|
class ServiceManager
|
|
attr_reader :inspec, :service_ctl
|
|
def initialize(inspec, service_ctl = nil)
|
|
@inspec = inspec
|
|
@service_ctl ||= service_ctl
|
|
end
|
|
end
|
|
|
|
# @see: http://www.freedesktop.org/software/systemd/man/systemctl.html
|
|
# @see: http://www.freedesktop.org/software/systemd/man/systemd-system.conf.html
|
|
class Systemd < ServiceManager
|
|
def initialize(inspec, service_ctl = nil)
|
|
@service_ctl = service_ctl || 'systemctl'
|
|
super
|
|
end
|
|
|
|
def is_enabled?(service_name)
|
|
result = inspec.command("#{service_ctl} is-enabled #{service_name} --quiet")
|
|
return true if result.exit_status == 0
|
|
|
|
# Some systems may not have a `.service` file for a particular service
|
|
# which causes the `systemctl is-enabled` check to fail despite the
|
|
# service being enabled. In that event we fallback to `sysv_service`.
|
|
if result.stderr =~ /Failed to get.*No such file or directory/
|
|
return inspec.sysv_service(service_name).enabled?
|
|
end
|
|
|
|
false
|
|
end
|
|
|
|
def is_active?(service_name)
|
|
inspec.command("#{service_ctl} is-active #{service_name} --quiet").exit_status == 0
|
|
end
|
|
|
|
def info(service_name)
|
|
cmd = inspec.command("#{service_ctl} show --all #{service_name}")
|
|
return nil if cmd.exit_status.to_i != 0
|
|
|
|
# parse data
|
|
params = SimpleConfig.new(
|
|
cmd.stdout.chomp,
|
|
assignment_regex: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/,
|
|
multiple_values: false,
|
|
).params
|
|
|
|
# LoadState values eg. loaded, not-found
|
|
installed = params['LoadState'] == 'loaded'
|
|
|
|
{
|
|
name: params['Id'],
|
|
description: params['Description'],
|
|
installed: installed,
|
|
running: is_active?(service_name),
|
|
enabled: is_enabled?(service_name),
|
|
type: 'systemd',
|
|
params: params,
|
|
}
|
|
end
|
|
end
|
|
|
|
# AIX services
|
|
class SrcMstr < ServiceManager
|
|
attr_reader :name
|
|
|
|
def info(service_name)
|
|
@name = service_name
|
|
running = status?
|
|
return nil if running.nil?
|
|
|
|
{
|
|
name: service_name,
|
|
description: nil,
|
|
installed: true,
|
|
running: running,
|
|
enabled: enabled?,
|
|
type: 'srcmstr',
|
|
}
|
|
end
|
|
|
|
private
|
|
|
|
def status?
|
|
status_cmd = inspec.command("lssrc -s #{@name}")
|
|
return nil if status_cmd.exit_status.to_i != 0
|
|
status_cmd.stdout.split(/\n/).last.chomp =~ /active$/ ? true : false
|
|
end
|
|
|
|
def enabled?
|
|
enabled_rc_tcpip? || enabled_inittab?
|
|
end
|
|
|
|
def enabled_rc_tcpip?
|
|
inspec.command(
|
|
"grep -v ^# /etc/rc.tcpip | grep 'start ' | grep -Eq '(/{0,1}| )#{name} '",
|
|
).exit_status == 0
|
|
end
|
|
|
|
def enabled_inittab?
|
|
inspec.command("lsitab #{name}").exit_status == 0
|
|
end
|
|
end
|
|
|
|
# @see: http://upstart.ubuntu.com
|
|
class Upstart < ServiceManager
|
|
include FileReader
|
|
|
|
def initialize(service_name, service_ctl = nil)
|
|
@service_ctl = service_ctl || 'initctl'
|
|
super
|
|
end
|
|
|
|
def info(service_name)
|
|
# get the status of upstart service
|
|
status = inspec.command("#{service_ctl} status #{service_name}")
|
|
|
|
# fallback for systemv services, those are not handled via `initctl`
|
|
return SysV.new(inspec).info(service_name) if status.exit_status.to_i != 0 || status.stdout == ''
|
|
|
|
# @see: http://upstart.ubuntu.com/cookbook/#job-states
|
|
# grep for running to indicate the service is there
|
|
running = !status.stdout[%r{start/running}].nil?
|
|
enabled = info_enabled(service_name)
|
|
|
|
{
|
|
name: service_name,
|
|
description: nil,
|
|
installed: true,
|
|
running: running,
|
|
enabled: enabled,
|
|
type: 'upstart',
|
|
}
|
|
end
|
|
|
|
private
|
|
|
|
def info_enabled(service_name)
|
|
# check if a service is enabled
|
|
config = read_file_content("/etc/init/#{service_name}.conf", allow_empty: true)
|
|
|
|
!config.match(/^\s*start on/).nil?
|
|
end
|
|
|
|
def version
|
|
@version ||= begin
|
|
out = inspec.command("#{service_ctl} --version").stdout
|
|
Gem::Version.new(out[/\(upstart ([^\)]+)\)/, 1])
|
|
end
|
|
end
|
|
end
|
|
|
|
class SysV < ServiceManager
|
|
RUNLEVELS = { 0=>false, 1=>false, 2=>false, 3=>false, 4=>false, 5=>false, 6=>false }.freeze
|
|
|
|
def initialize(service_name, service_ctl = nil)
|
|
@service_ctl = service_ctl || 'service'
|
|
super
|
|
end
|
|
|
|
def info(service_name)
|
|
# check if service is installed
|
|
# read all available services via ls /etc/init.d/
|
|
srvlist = inspec.command('ls -1 /etc/init.d/')
|
|
return nil if srvlist.exit_status != 0
|
|
|
|
# check if the service is in list
|
|
service = srvlist.stdout.split("\n").select { |srv| srv == service_name }
|
|
|
|
# abort if we could not find any service
|
|
return nil if service.empty?
|
|
|
|
# read all enabled services from runlevel
|
|
# on rhel via: 'chkconfig --list', is not installed by default
|
|
# bash: for i in `find /etc/rc*.d -name S*`; do basename $i | sed -r 's/^S[0-9]+//'; done | sort | uniq
|
|
enabled_services_cmd = inspec.command('find /etc/rc*.d /etc/init.d/rc*.d -name "S*"').stdout
|
|
service_line = %r{rc(?<runlevel>[0-6])\.d/S[^/]*?#{Regexp.escape service_name}$}
|
|
all_services = enabled_services_cmd.split("\n").map { |line|
|
|
service_line.match(line)
|
|
}.compact
|
|
enabled = !all_services.empty?
|
|
|
|
# Determine a list of runlevels which this service is activated for
|
|
runlevels = RUNLEVELS.dup
|
|
all_services.each { |x| runlevels[x[:runlevel].to_i] = true }
|
|
|
|
# check if service is really running
|
|
# service throws an exit code if the service is not installed or
|
|
# not enabled
|
|
|
|
cmd = inspec.command("#{service_ctl} #{service_name} status")
|
|
running = cmd.exit_status == 0
|
|
{
|
|
name: service_name,
|
|
description: nil,
|
|
installed: true,
|
|
running: running,
|
|
enabled: enabled,
|
|
runlevels: runlevels,
|
|
type: 'sysv',
|
|
}
|
|
end
|
|
end
|
|
|
|
# @see: https://www.freebsd.org/doc/en/articles/linux-users/startup.html
|
|
# @see: https://www.freebsd.org/cgi/man.cgi?query=rc.conf&sektion=5
|
|
class BSDInit < ServiceManager
|
|
def initialize(service_name, service_ctl = nil)
|
|
@service_ctl = service_ctl || 'service'
|
|
super
|
|
end
|
|
|
|
def info(service_name)
|
|
# check if service is enabled
|
|
# services are enabled in /etc/rc.conf and /etc/defaults/rc.conf
|
|
# via #{service_name}_enable="YES"
|
|
# service SERVICE status returns the following result if not activated:
|
|
# Cannot 'status' sshd. Set sshd_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.
|
|
# gather all enabled services
|
|
cmd = inspec.command("#{service_ctl} -e")
|
|
return nil if cmd.exit_status != 0
|
|
|
|
# search for the service
|
|
srv = /(^.*#{service_name}$)/.match(cmd.stdout)
|
|
return nil if srv.nil? || srv[0].nil?
|
|
enabled = true
|
|
|
|
# check if the service is running
|
|
# if the service is not available or not running, we always get an error code
|
|
cmd = inspec.command("#{service_ctl} #{service_name} onestatus")
|
|
running = cmd.exit_status == 0
|
|
|
|
{
|
|
name: service_name,
|
|
description: nil,
|
|
installed: true,
|
|
running: running,
|
|
enabled: enabled,
|
|
type: 'bsd-init',
|
|
}
|
|
end
|
|
end
|
|
|
|
class Runit < ServiceManager
|
|
def initialize(service_name, service_ctl = nil)
|
|
@service_ctl = service_ctl || 'sv'
|
|
super
|
|
end
|
|
|
|
# rubocop:disable Style/DoubleNegation
|
|
def info(service_name)
|
|
# get the status of runit service
|
|
cmd = inspec.command("#{service_ctl} status #{service_name}")
|
|
# return nil unless cmd.exit_status == 0 # NOTE(sr) why do we do this?
|
|
|
|
installed = cmd.exit_status == 0
|
|
running = installed && !!(cmd.stdout =~ /^run:/)
|
|
enabled = installed && (running || !!(cmd.stdout =~ /normally up/) || !!(cmd.stdout =~ /want up/))
|
|
|
|
{
|
|
name: service_name,
|
|
description: nil,
|
|
installed: installed,
|
|
running: running,
|
|
enabled: enabled,
|
|
type: 'runit',
|
|
}
|
|
end
|
|
end
|
|
|
|
# MacOS / Darwin
|
|
# new launctl on macos 10.10
|
|
class LaunchCtl < ServiceManager
|
|
def initialize(service_name, service_ctl = nil)
|
|
@service_ctl = service_ctl || 'launchctl'
|
|
super
|
|
end
|
|
|
|
def info(service_name)
|
|
# get the status of upstart service
|
|
cmd = inspec.command("#{service_ctl} list")
|
|
return nil if cmd.exit_status != 0
|
|
|
|
# search for the service
|
|
srv = /(^.*#{service_name}.*)/.match(cmd.stdout)
|
|
return nil if srv.nil? || srv[0].nil?
|
|
|
|
# extract values from service
|
|
parsed_srv = /^(?<pid>[0-9-]+)\t(?<exit>[0-9]+)\t(?<name>\S*)$/.match(srv[0])
|
|
enabled = !parsed_srv['name'].nil? # it's in the list
|
|
|
|
# check if the service is running
|
|
pid = parsed_srv['pid']
|
|
running = pid != '-'
|
|
|
|
# extract service label
|
|
srv = parsed_srv['name'] || service_name
|
|
|
|
{
|
|
name: srv,
|
|
description: nil,
|
|
installed: true,
|
|
running: running,
|
|
enabled: enabled,
|
|
type: 'darwin',
|
|
}
|
|
end
|
|
end
|
|
|
|
# Determine the service state from Windows
|
|
# Uses Powershell to retrieve the information
|
|
class WindowsSrv < ServiceManager
|
|
# Determine service details
|
|
# PS: Get-Service -Name 'dhcp'| Select-Object -Property Name, DisplayName, Status | ConvertTo-Json
|
|
# {
|
|
# "Name": "dhcp",
|
|
# "DisplayName": "DHCP Client",
|
|
# "Status": 4
|
|
# }
|
|
#
|
|
# Until StartMode is not added to Get-Service, we need to do a workaround
|
|
# @see: https://connect.microsoft.com/PowerShell/feedback/details/424948/i-would-like-to-see-the-property-starttype-added-to-get-services
|
|
# Also see: https://msdn.microsoft.com/en-us/library/aa384896(v=vs.85).aspx
|
|
# Use the following powershell to determine the start mode
|
|
# PS: Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -eq $name -or $_.DisplayName -eq $name} | Select-Object -Prop
|
|
# erty Name, StartMode, State, Status | ConvertTo-Json
|
|
# {
|
|
# "Name": "Dhcp",
|
|
# "StartMode": "Auto",
|
|
# "State": "Running",
|
|
# "Status": "OK"
|
|
# }
|
|
#
|
|
# Windows Services have the following status code:
|
|
# @see: https://msdn.microsoft.com/en-us/library/windows/desktop/ms685996(v=vs.85).aspx
|
|
# - 1: Stopped
|
|
# - 2: Starting
|
|
# - 3: Stopping
|
|
# - 4: Running
|
|
# - 5: Continue Pending
|
|
# - 6: Pause Pending
|
|
# - 7: Paused
|
|
def info(service_name)
|
|
cmd = inspec.command("New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Service -Value (Get-Service -Name '#{service_name}'| Select-Object -Property Name, DisplayName, Status) -PassThru | Add-Member -MemberType NoteProperty -Name WMI -Value (Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -eq '#{service_name}' -or $_.DisplayName -eq '#{service_name}'} | Select-Object -Property StartMode) -PassThru | ConvertTo-Json")
|
|
|
|
# cannot rely on exit code for now, successful command returns exit code 1
|
|
# return nil if cmd.exit_status != 0
|
|
# try to parse json
|
|
begin
|
|
service = JSON.parse(cmd.stdout)
|
|
rescue JSON::ParserError => _e
|
|
return nil
|
|
end
|
|
|
|
# check that we got a response
|
|
return nil if service.nil? || service['Service'].nil?
|
|
|
|
{
|
|
name: service['Service']['Name'],
|
|
description: service['Service']['DisplayName'],
|
|
installed: true,
|
|
running: service_running?(service),
|
|
enabled: service_enabled?(service),
|
|
startmode: service['WMI']['StartMode'],
|
|
type: 'windows',
|
|
}
|
|
end
|
|
|
|
private
|
|
|
|
# detect if service is enabled
|
|
def service_enabled?(service)
|
|
!service['WMI'].nil? &&
|
|
!service['WMI']['StartMode'].nil? &&
|
|
(service['WMI']['StartMode'] == 'Auto' ||
|
|
service['WMI']['StartMode'] == 'Manual')
|
|
end
|
|
|
|
# detect if service is running
|
|
def service_running?(service)
|
|
!service['Service']['Status'].nil? && service['Service']['Status'] == 4
|
|
end
|
|
end
|
|
|
|
# Solaris services
|
|
class Svcs < ServiceManager
|
|
def initialize(service_name, service_ctl = nil)
|
|
@service_ctl = service_ctl || 'svcs'
|
|
super
|
|
end
|
|
|
|
def info(service_name)
|
|
# get the status of runit service
|
|
cmd = inspec.command("#{service_ctl} -l #{service_name}")
|
|
return nil if cmd.exit_status != 0
|
|
|
|
params = SimpleConfig.new(
|
|
cmd.stdout.chomp,
|
|
assignment_regex: /^(\w+)\s*(.*)$/,
|
|
multiple_values: false,
|
|
).params
|
|
|
|
installed = cmd.exit_status == 0
|
|
running = installed && (params['state'] == 'online')
|
|
enabled = installed && (params['enabled'] == 'true')
|
|
|
|
{
|
|
name: service_name,
|
|
description: params['name'],
|
|
installed: installed,
|
|
running: running,
|
|
enabled: enabled,
|
|
type: 'svcs',
|
|
}
|
|
end
|
|
end
|
|
|
|
# specific resources for specific service managers
|
|
|
|
class SystemdService < Service
|
|
name 'systemd_service'
|
|
supports platform: 'unix'
|
|
desc 'Use the systemd_service InSpec audit resource to test if the named service (controlled by systemd) is installed, running and/or enabled.'
|
|
example "
|
|
# to override service mgmt auto-detection
|
|
describe systemd_service('service_name') do
|
|
it { should be_installed }
|
|
it { should be_enabled }
|
|
it { should be_running }
|
|
end
|
|
|
|
# to set a non-standard systemctl path
|
|
describe systemd_service('service_name', '/path/to/systemctl') do
|
|
it { should be_running }
|
|
end
|
|
"
|
|
|
|
def select_service_mgmt
|
|
Systemd.new(inspec, service_ctl)
|
|
end
|
|
end
|
|
|
|
class UpstartService < Service
|
|
name 'upstart_service'
|
|
supports platform: 'unix'
|
|
desc 'Use the upstart_service InSpec audit resource to test if the named service (controlled by upstart) is installed, running and/or enabled.'
|
|
example "
|
|
# to override service mgmt auto-detection
|
|
describe upstart_service('service_name') do
|
|
it { should be_installed }
|
|
it { should be_enabled }
|
|
it { should be_running }
|
|
end
|
|
|
|
# to set a non-standard initctl path
|
|
describe upstart_service('service_name', '/path/to/initctl') do
|
|
it { should be_running }
|
|
end
|
|
"
|
|
|
|
def select_service_mgmt
|
|
Upstart.new(inspec, service_ctl)
|
|
end
|
|
end
|
|
|
|
class SysVService < Service
|
|
name 'sysv_service'
|
|
supports platform: 'unix'
|
|
desc 'Use the sysv_service InSpec audit resource to test if the named service (controlled by SysV) is installed, running and/or enabled.'
|
|
example "
|
|
# to override service mgmt auto-detection
|
|
describe sysv_service('service_name') do
|
|
it { should be_installed }
|
|
it { should be_enabled }
|
|
it { should be_running }
|
|
end
|
|
|
|
# to set a non-standard service path
|
|
describe sysv_service('service_name', '/path/to/service') do
|
|
it { should be_running }
|
|
end
|
|
"
|
|
|
|
def select_service_mgmt
|
|
SysV.new(inspec, service_ctl)
|
|
end
|
|
end
|
|
|
|
class BSDService < Service
|
|
name 'bsd_service'
|
|
supports platform: 'unix'
|
|
desc 'Use the bsd_service InSpec audit resource to test if the named service (controlled by BSD init) is installed, running and/or enabled.'
|
|
example "
|
|
# to override service mgmt auto-detection
|
|
describe bsd_service('service_name') do
|
|
it { should be_installed }
|
|
it { should be_enabled }
|
|
it { should be_running }
|
|
end
|
|
|
|
# to set a non-standard service path
|
|
describe bsd_service('service_name', '/path/to/service') do
|
|
it { should be_running }
|
|
end
|
|
"
|
|
|
|
def select_service_mgmt
|
|
BSDInit.new(inspec, service_ctl)
|
|
end
|
|
end
|
|
|
|
class LaunchdService < Service
|
|
name 'launchd_service'
|
|
supports platform: 'unix'
|
|
desc 'Use the launchd_service InSpec audit resource to test if the named service (controlled by launchd) is installed, running and/or enabled.'
|
|
example "
|
|
# to override service mgmt auto-detection
|
|
describe launchd_service('service_name') do
|
|
it { should be_installed }
|
|
it { should be_enabled }
|
|
it { should be_running }
|
|
end
|
|
|
|
# to set a non-standard launchctl path
|
|
describe launchd_service('service_name', '/path/to/launchctl') do
|
|
it { should be_running }
|
|
end
|
|
"
|
|
|
|
def select_service_mgmt
|
|
LaunchCtl.new(inspec, service_ctl)
|
|
end
|
|
end
|
|
|
|
class RunitService < Service
|
|
name 'runit_service'
|
|
supports platform: 'unix'
|
|
desc 'Use the runit_service InSpec audit resource to test if the named service (controlled by runit) is installed, running and/or enabled.'
|
|
example "
|
|
# to override service mgmt auto-detection
|
|
describe runit_service('service_name') do
|
|
it { should be_installed }
|
|
it { should be_enabled }
|
|
it { should be_running }
|
|
end
|
|
|
|
# to set a non-standard sv path
|
|
describe runit_service('service_name', '/path/to/sv') do
|
|
it { should be_running }
|
|
end
|
|
"
|
|
|
|
def select_service_mgmt
|
|
Runit.new(inspec, service_ctl)
|
|
end
|
|
end
|
|
end
|