module Inspec::Resources
copyright: 2015, Vulcano Security GmbH
Advanced Auditing: As soon as you start applying Advanced Audit Configuration Policy, legacy policies will be completely ignored. reference: technet.microsoft.com/en-us/library/cc753632.aspx use:
- list all categories: Auditpol /list /subcategory:* /r - list parameters: Auditpol /get /category:"System" /subcategory:"IPsec Driver" - list specific parameter: Auditpol /get /subcategory:"IPsec Driver"
Valid values are:
-
“No Auditing”
-
“Not Specified”
-
“Success”
-
“Success and Failure”
-
“Failure”
Further information is available at: msdn.microsoft.com/en-us/library/dd973859.aspx
Usage: describe bridge('br0') do
it { should exist } it { should have_interface 'eth0' }
end
Check for Chocolatey packages to be installed
Usage: describe cpan('DBD::Pg') do
it { should be_installed }
end
Usage: describe cran('DBI') do
it { should be_installed }
end
Parses a csv document This implementation was inspired by a blog post @see technicalpickles.com/posts/parsing-csv-with-ruby
circular: require “inspec/resource” but… already being included by inspec/resource.rb
check for web applications in IIS Note: this is only supported in windows 2012 and later
check for web applications in IIS Note: this is only supported in windows 2012 and later
check for site in IIS Usage: describe iis_site('Default Web Site') do
it{ should exist } it{ should be_running } it{ should be_in_app_pool('Default App Pool') } it{ should have_path('C:\\inetpub\wwwroot\\DefaultWebSite') } it{ should have_binding('https :443:www.contoso.com sslFlags=0') } it{ should have_binding('net.pipe *') }
end
Note: this is only supported in windows 2012 and later
Usage: describe ip6tables do
it { should have_rule('-P INPUT ACCEPT') }
end
The following serverspec sytax is not implemented: describe ip6tables do
it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') }
end Please use the new sytax: describe ip6tables(table:'mangle', chain: 'input') do
it { should have_rule('-P INPUT ACCEPT') }
end
Note: Docker
containers normally do not have ip6tables installed
@see ipset.netfilter.org/ip6tables.man.html @see ipset.netfilter.org/ip6tables.man.html
Usage: describe iptables do
it { should have_rule('-P INPUT ACCEPT') }
end
The following serverspec sytax is not implemented: describe iptables do
it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') }
end Please use the new sytax: describe iptables(table:'mangle', chain: 'input') do
it { should have_rule('-P INPUT ACCEPT') }
end
Note: Docker
containers normally do not have iptables installed
@see ipset.netfilter.org/iptables.man.html @see ipset.netfilter.org/iptables.man.html @see www.frozentux.net/iptables-tutorial/iptables-tutorial.html
Usage:
describe login_def do
its('UMASK') { should eq '077' } its('PASS_MAX_DAYS.to_i') { should be <= 90 }
end
copyright: 2015, Vulcano Security GmbH
STABILITY: Experimental This resouce needs a proper interace to the underlying data, which is currently missing. Until it is added, we will keep it experimental.
TODO: Support it on Windows. To do so, we need to recognize the base os and how it combines the file path. Calling `File.join` or similar methods may lead to errors when running remotely.
This resource talks with OneGet (github.com/OneGet/oneget) Its part of Windows Management Framework 5.0 and part of Windows 10
Usage: describe oneget('zoomit') do
it { should be_installed }
end
Resource
to determine package information
Usage: describe package('nginx') do
it { should be_installed }
end
Usage: describe pip('Jinja2') do
it { should be_installed }
end
TODO: currently we return local ip only TODO: improve handling of same port on multiple interfaces
copyright: 2015, Vulcano Security GmbH
Three constructor methods are available:
-
resistry_key(path'):
describe registry_key('HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSchedule') do
its('Start') { should eq 2 }
end
-
resistry_key('name','path'):
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSchedule') do
its('Start') { should eq 2 }
end
-
options hash
describe registry_key({
name: 'Task Scheduler', hive: 'HKEY_LOCAL_MACHINE', key: '\SYSTEM\CurrentControlSet\services\Schedule'
}) do
its('Start') { should eq 2 }
end
Get all childs of a registry key: describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINESYSTEMCurrentControlSet').children do
it { should_not eq [] }
end
Example to use regular expressions for keys describe registry_key({
hive: HKEY_USERS
}).children(/^S-1-5-21--[0-9]
-+-[0-9]{3,}\Software\Policies\Microsoft\Windows\Installer/).each { |key|
describe registry_key(key) do its('AlwaysInstallElevated') { should eq 'value' } end
}
Example to use regular expressions in responses describe registry_key({
hive: 'HKEY_LOCAL_MACHINE', key: 'SOFTWARE\Microsoft\Windows NT\CurrentVersion'
}) do
its('ProductName') { should match /^[a-zA-Z0-9\(\)\s]*2012\s[rR]2[a-zA-Z0-9\(\)\s]*$/ }
end
The file format consists of
-
user
-
password
-
last_change
-
min_days before password change
-
max_days until password change
-
warn_days before warning about expiry
-
inactive_days before deactivating the account
-
expiry_date when this account will expire
Custom resource based on the InSpec resource DSL
Parses a yaml document Usage: describe yaml('.kitchen.yaml') do
its('driver.name') { should eq('vagrant') }
end
Usage: describe yum do
its('repos') { should exist }
end
describe yum do
its('repos') { should include 'base/7/x86_64' } its('epel') { should exist } its('epel') { should be_enabled }
end
Filter for a specific repo by name
-
use full identifier e.g. 'updates/7/x86_64'
-
use short identifier e.g. 'updates'
describe yum.repo('epel') do
it { should exist } it { should be_enabled } its('baseurl') { should include 'mycompany.biz' }
end
deprecated: describe yumrepo('epel') do
it { should exist } it { should be_enabled }
end
Constants
- LegacyPowershellScript
this is deprecated syntax and will be removed in future versions
- MS_PRIVILEGES_RIGHTS
known and supported MS privilege rights @see technet.microsoft.com/en-us/library/dd277311.aspx @see msdn.microsoft.com/en-us/library/windows/desktop/bb530716(v=vs.85).aspx
- PowershellScript