Module: Inspec::Resources

Defined in:
lib/inspec/resources/csv.rb,
lib/inspec/resources/os.rb,
lib/inspec/resources/apt.rb,
lib/inspec/resources/gem.rb,
lib/inspec/resources/ini.rb,
lib/inspec/resources/ksh.rb,
lib/inspec/resources/lxc.rb,
lib/inspec/resources/npm.rb,
lib/inspec/resources/opa.rb,
lib/inspec/resources/pip.rb,
lib/inspec/resources/ssl.rb,
lib/inspec/resources/wmi.rb,
lib/inspec/resources/xml.rb,
lib/inspec/resources/yum.rb,
lib/inspec/resources/zfs.rb,
lib/inspec/resources/bash.rb,
lib/inspec/resources/bond.rb,
lib/inspec/resources/cpan.rb,
lib/inspec/resources/cran.rb,
lib/inspec/resources/cron.rb,
lib/inspec/resources/file.rb,
lib/inspec/resources/host.rb,
lib/inspec/resources/http.rb,
lib/inspec/resources/json.rb,
lib/inspec/resources/noop.rb,
lib/inspec/resources/port.rb,
lib/inspec/resources/toml.rb,
lib/inspec/resources/yaml.rb,
lib/inspec/resources/ipnat.rb,
lib/inspec/resources/mount.rb,
lib/inspec/resources/mysql.rb,
lib/inspec/resources/nginx.rb,
lib/inspec/resources/users.rb,
lib/inspec/resources/apache.rb,
lib/inspec/resources/auditd.rb,
lib/inspec/resources/bridge.rb,
lib/inspec/resources/cgroup.rb,
lib/inspec/resources/docker.rb,
lib/inspec/resources/groups.rb,
lib/inspec/resources/oneget.rb,
lib/inspec/resources/oracle.rb,
lib/inspec/resources/os_env.rb,
lib/inspec/resources/passwd.rb,
lib/inspec/resources/podman.rb,
lib/inspec/resources/shadow.rb,
lib/inspec/resources/command.rb,
lib/inspec/resources/crontab.rb,
lib/inspec/resources/iis_app.rb,
lib/inspec/resources/key_rsa.rb,
lib/inspec/resources/mongodb.rb,
lib/inspec/resources/opa_api.rb,
lib/inspec/resources/opa_cli.rb,
lib/inspec/resources/package.rb,
lib/inspec/resources/selinux.rb,
lib/inspec/resources/service.rb,
lib/inspec/resources/ssh_key.rb,
lib/inspec/resources/iis_site.rb,
lib/inspec/resources/ipfilter.rb,
lib/inspec/resources/iptables.rb,
lib/inspec/resources/nftables.rb,
lib/inspec/resources/ntp_conf.rb,
lib/inspec/resources/packages.rb,
lib/inspec/resources/platform.rb,
lib/inspec/resources/postgres.rb,
lib/inspec/resources/sys_info.rb,
lib/inspec/resources/timezone.rb,
lib/inspec/resources/vbscript.rb,
lib/inspec/resources/zfs_pool.rb,
lib/inspec/resources/aide_conf.rb,
lib/inspec/resources/cassandra.rb,
lib/inspec/resources/dh_params.rb,
lib/inspec/resources/directory.rb,
lib/inspec/resources/etc_fstab.rb,
lib/inspec/resources/etc_group.rb,
lib/inspec/resources/etc_hosts.rb,
lib/inspec/resources/firewalld.rb,
lib/inspec/resources/grub_conf.rb,
lib/inspec/resources/interface.rb,
lib/inspec/resources/ip6tables.rb,
lib/inspec/resources/processes.rb,
lib/inspec/resources/filesystem.rb,
lib/inspec/resources/inetd_conf.rb,
lib/inspec/resources/interfaces.rb,
lib/inspec/resources/login_defs.rb,
lib/inspec/resources/mail_alias.rb,
lib/inspec/resources/mysql_conf.rb,
lib/inspec/resources/nginx_conf.rb,
lib/inspec/resources/php_config.rb,
lib/inspec/resources/podman_pod.rb,
lib/inspec/resources/powershell.rb,
lib/inspec/resources/ssh_config.rb,
lib/inspec/resources/apache_conf.rb,
lib/inspec/resources/auditd_conf.rb,
lib/inspec/resources/chrony_conf.rb,
lib/inspec/resources/ibmdb2_conf.rb,
lib/inspec/resources/limits_conf.rb,
lib/inspec/resources/sybase_conf.rb,
lib/inspec/resources/xinetd_conf.rb,
lib/inspec/resources/zfs_dataset.rb,
lib/inspec/resources/audit_policy.rb,
lib/inspec/resources/docker_image.rb,
lib/inspec/resources/iis_app_pool.rb,
lib/inspec/resources/mongodb_conf.rb,
lib/inspec/resources/parse_config.rb,
lib/inspec/resources/podman_image.rb,
lib/inspec/resources/postfix_conf.rb,
lib/inspec/resources/registry_key.rb,
lib/inspec/resources/windows_task.rb,
lib/inspec/resources/docker_plugin.rb,
lib/inspec/resources/elasticsearch.rb,
lib/inspec/resources/kernel_module.rb,
lib/inspec/resources/mssql_session.rb,
lib/inspec/resources/mysql_session.rb,
lib/inspec/resources/oracledb_conf.rb,
lib/inspec/resources/podman_volume.rb,
lib/inspec/resources/postgres_conf.rb,
lib/inspec/resources/routing_table.rb,
lib/inspec/resources/docker_service.rb,
lib/inspec/resources/ibmdb2_session.rb,
lib/inspec/resources/mssql_sys_conf.rb,
lib/inspec/resources/podman_network.rb,
lib/inspec/resources/sybase_session.rb,
lib/inspec/resources/virtualization.rb,
lib/inspec/resources/windows_hotfix.rb,
lib/inspec/resources/default_gateway.rb,
lib/inspec/resources/mongodb_session.rb,
lib/inspec/resources/rabbitmq_config.rb,
lib/inspec/resources/security_policy.rb,
lib/inspec/resources/windows_feature.rb,
lib/inspec/resources/cassandradb_conf.rb,
lib/inspec/resources/docker_container.rb,
lib/inspec/resources/kernel_parameter.rb,
lib/inspec/resources/oracledb_session.rb,
lib/inspec/resources/podman_container.rb,
lib/inspec/resources/postgres_session.rb,
lib/inspec/resources/windows_firewall.rb,
lib/inspec/resources/x509_certificate.rb,
lib/inspec/resources/x509_private_key.rb,
lib/inspec/resources/kernel_parameters.rb,
lib/inspec/resources/postgres_hba_conf.rb,
lib/inspec/resources/chocolatey_package.rb,
lib/inspec/resources/linux_audit_system.rb,
lib/inspec/resources/cassandradb_session.rb,
lib/inspec/resources/postgres_ident_conf.rb,
lib/inspec/resources/security_identifier.rb,
lib/inspec/resources/etc_hosts_allow_deny.rb,
lib/inspec/resources/windows_firewall_rule.rb,
lib/inspec/resources/oracledb_listener_conf.rb

Overview

Check for Chocolatey packages to be installed

Defined Under Namespace

Modules: DockerObject, FilePermissionsSelector, GroupManagementSelector, UserManagementSelector Classes: AideConf, AixPorts, AixUser, AlpinePkg, AlpinePkgs, Apache, ApacheConf, AptRepository, AuditDaemon, AuditDaemonConf, AuditPolicy, BSDInit, BSDService, Bash, BffPkg, Bond, Brew, Bridge, BridgeDetection, BsdInterface, BsdMounts, Cassandra, CassandradbConf, CassandradbSession, Cgroup, ChocoPkg, ChronyConf, Cmd, CpanPackage, CranPackage, Cron, Crontab, CsvConfig, DarwinGroup, DarwinHostProvider, DarwinUser, Deb, Debs, Defaultgateway, DhParams, Directory, Docker, DockerContainer, DockerContainerFilter, DockerImage, DockerImageFilter, DockerPlugin, DockerPluginFilter, DockerService, DockerServiceFilter, Elasticsearch, EtcFstab, EtcGroup, EtcGroupView, EtcHosts, EtcHostsAllow, EtcHostsDeny, FilePermissions, FileResource, FileSystemResource, FirewallD, FreeBSD10Init, FreeBSDUser, FreeBsdPorts, FreebsdPkg, FsManagement, GemPackage, God, Group, GroupInfo, Groups, GrubConfig, Host, HostProvider, HpuxPkg, HpuxPorts, HpuxUser, Http, Ibmdb2Conf, Ibmdb2Session, IisApp, IisAppPool, IisSite, IisSiteServerSpec, ImmutableFlagCheck, InetdConf, IniConfig, InterfaceInfo, Interfaces, Ip6Tables, IpFilter, IpNat, IpTables, JsonConfig, KernelModule, KernelParameter, KernelParameters, Ksh, LaunchCtl, LaunchdService, LegacyPowershell, LimitsConf, Lines, LinuxAuditSystem, LinuxBridge, LinuxHostProvider, LinuxImmutableFlagCheck, LinuxInterface, LinuxKernelParameter, LinuxMounts, LinuxPorts, LinuxUser, LoginDefs, LsofPorts, Lxc, Mailalias, Members, Mongodb, MongodbConf, MongodbSession, Monit, MonitoringTool, Mount, MountsInfo, MssqlSession, MssqlSysConf, Mysql, MysqlConf, MysqlConfEntry, MysqlSession, NetworkInterface, NfTables, Nginx, NginxConf, NginxConfHttp, NginxConfHttpEntry, NginxConfLocation, NginxConfServer, Noop, NpmPackage, NtpConf, OSResource, OneGetPackage, Opa, OpaApi, OpaCli, Oracle, OracledbConf, OracledbListenerConf, OracledbSession, OsEnv, PConfig, PConfigFile, Package, Packages, Pacman, Passwd, PhpConfig, PipPackage, PkgManagement, PkgsManagement, PlatformResource, Podman, PodmanContainer, PodmanContainerFilter, PodmanImage, PodmanImageFilter, PodmanNetwork, PodmanNetworkFilter, PodmanPod, PodmanPodFilter, PodmanVolume, PodmanVolumeFilter, Port, PortsInfo, PostfixConf, Postgres, PostgresConf, PostgresHbaConf, PostgresIdentConf, PostgresSession, Powershell, PpaRepository, Processes, RabbitmqConfig, RegistryKey, Routingtable, Rpm, Rpms, RsaKey, Runit, RunitService, Runlevels, SSL, SecurityIdentifier, SecurityPolicy, Selinux, SelinuxBooleanFilter, SelinuxModuleFilter, Service, ServiceManager, Shadow, SiteProvider, SolarisPkg, SolarisPorts, SolarisUser, SrcMstr, SshConfig, SshKey, SshdActiveConfig, SshdConfig, Svcs, SybaseConf, SybaseSession, SysV, SysVService, System, Systemd, SystemdService, TimeZone, TomlConfig, UnixFilePermissions, UnixFileSystemResource, UnixGroup, UnixHostProvider, UnixImmutableFlagCheck, UnixUser, Upstart, UpstartService, User, UserGroups, UserInfo, Users, VBScript, Virtualization, WMI, WindowsBridge, WindowsFeature, WindowsFilePermissions, WindowsFileSystemResource, WindowsFirewall, WindowsFirewallRule, WindowsGroup, WindowsHostProvider, WindowsHotfix, WindowsInterface, WindowsPkg, WindowsPorts, WindowsRegistryKey, WindowsSrv, WindowsTasks, WindowsUser, X509CertificateResource, X509PrivateKey, XinetdConf, XmlConfig, YamlConfig, Yum, YumRepo, Zfs, ZfsDataset, ZfsPool

Constant Summary collapse

PowershellScript =
Powershell
LegacyPowershellScript =
LegacyPowershell
MS_PRIVILEGES_RIGHTS =

known and supported MS privilege rights

[
  "SeNetworkLogonRight",
  "SeBackupPrivilege",
  "SeChangeNotifyPrivilege",
  "SeSystemtimePrivilege",
  "SeCreatePagefilePrivilege",
  "SeDebugPrivilege",
  "SeRemoteShutdownPrivilege",
  "SeAuditPrivilege",
  "SeIncreaseQuotaPrivilege",
  "SeIncreaseBasePriorityPrivilege",
  "SeLoadDriverPrivilege",
  "SeBatchLogonRight",
  "SeServiceLogonRight",
  "SeInteractiveLogonRight",
  "SeSecurityPrivilege",
  "SeSystemEnvironmentPrivilege",
  "SeProfileSingleProcessPrivilege",
  "SeSystemProfilePrivilege",
  "SeAssignPrimaryTokenPrivilege",
  "SeRestorePrivilege",
  "SeShutdownPrivilege",
  "SeTakeOwnershipPrivilege",
  "SeUndockPrivilege",
  "SeManageVolumePrivilege",
  "SeRemoteInteractiveLogonRight",
  "SeImpersonatePrivilege",
  "SeCreateGlobalPrivilege",
  "SeIncreaseWorking",
  "SeTimeZonePrivilege",
  "SeCreateSymbolicLinkPrivilege",
  "SeDenyNetworkLogonRight", # Deny access to this computer from the network
  "SeDenyInteractiveLogonRight", # Deny logon locally
  "SeDenyBatchLogonRight", # Deny logon as a batch job
  "SeDenyServiceLogonRight", # Deny logon as a service
  "SeTcbPrivilege",
  "SeMachineAccountPrivilege",
  "SeCreateTokenPrivilege",
  "SeCreatePermanentPrivilege",
  "SeEnableDelegationPrivilege",
  "SeLockMemoryPrivilege",
  "SeSyncAgentPrivilege",
  "SeUnsolicitedInputPrivilege",
  "SeTrustedCredManAccessPrivilege",
  "SeRelabelPrivilege", # the privilege to change a Windows integrity label (new to Windows Vista)
  "SeDenyRemoteInteractiveLogonRight", # Deny logon through Terminal Services
].freeze