Best Inspec_ruby code snippet using Inspec.interactive
security_policy.rb
Source:security_policy.rb
1# encoding: utf-82#3# Security Configuration and Analysis4#5# Export local security policy:6# secedit /export /cfg secpol.cfg7#8# @link http://www.microsoft.com/en-us/download/details.aspx?id=252509#10# In Windows, some security options are managed differently that the local GPO11# All local GPO parameters can be examined via Registry, but not all security12# parameters. Therefore we need a combination of Registry and secedit output13require 'hashie'14module Inspec::Resources15 # known and supported MS privilege rights16 # @see https://technet.microsoft.com/en-us/library/dd277311.aspx17 # @see https://msdn.microsoft.com/en-us/library/windows/desktop/bb530716(v=vs.85).aspx18 MS_PRIVILEGES_RIGHTS = [19 'SeNetworkLogonRight',20 'SeBackupPrivilege',21 'SeChangeNotifyPrivilege',22 'SeSystemtimePrivilege',23 'SeCreatePagefilePrivilege',24 'SeDebugPrivilege',25 'SeRemoteShutdownPrivilege',26 'SeAuditPrivilege',27 'SeIncreaseQuotaPrivilege',28 'SeIncreaseBasePriorityPrivilege',29 'SeLoadDriverPrivilege',30 'SeBatchLogonRight',31 'SeServiceLogonRight',32 'SeInteractiveLogonRight',33 'SeSecurityPrivilege',34 'SeSystemEnvironmentPrivilege',35 'SeProfileSingleProcessPrivilege',36 'SeSystemProfilePrivilege',37 'SeAssignPrimaryTokenPrivilege',38 'SeRestorePrivilege',39 'SeShutdownPrivilege',40 'SeTakeOwnershipPrivilege',41 'SeUndockPrivilege',42 'SeManageVolumePrivilege',43 'SeRemoteInteractiveLogonRight',44 'SeImpersonatePrivilege',45 'SeCreateGlobalPrivilege',46 'SeIncreaseWorking',47 'SeTimeZonePrivilege',48 'SeCreateSymbolicLinkPrivilege',49 'SeDenyNetworkLogonRight', # Deny access to this computer from the network50 'SeDenyInteractiveLogonRight', # Deny logon locally51 'SeDenyBatchLogonRight', # Deny logon as a batch job52 'SeDenyServiceLogonRight', # Deny logon as a service53 'SeTcbPrivilege',54 'SeMachineAccountPrivilege',55 'SeCreateTokenPrivilege',56 'SeCreatePermanentPrivilege',57 'SeEnableDelegationPrivilege',58 'SeLockMemoryPrivilege',59 'SeSyncAgentPrivilege',60 'SeUnsolicitedInputPrivilege',61 'SeTrustedCredManAccessPrivilege',62 'SeRelabelPrivilege', # the privilege to change a Windows integrity label (new to Windows Vista)63 'SeDenyRemoteInteractiveLogonRight', # Deny logon through Terminal Services64 ].freeze65 class SecurityPolicy < Inspec.resource(1)66 name 'security_policy'67 supports platform: 'windows'68 desc 'Use the security_policy InSpec audit resource to test security policies on the Microsoft Windows platform.'69 example <<~EXAMPLE70 describe security_policy do71 its('SeNetworkLogonRight') { should include 'S-1-5-11' }72 end73 describe security_policy(translate_sid: true) do74 its('SeNetworkLogonRight') { should include 'NT AUTHORITY\\Authenticated Users' }75 end76 EXAMPLE77 def initialize(opts = {})78 @translate_sid = opts[:translate_sid] || false79 end80 def content81 read_content82 end83 def params(*opts)84 opts.inject(read_params) do |res, nxt|85 res.respond_to?(:key) ? res[nxt] : nil86 end87 end88 def method_missing(name)89 params = read_params90 return nil if params.nil?91 # deep search for hash key92 params.extend Hashie::Extensions::DeepFind93 res = params.deep_find(name.to_s)94 # return an empty array if configuration does not include rights configuration95 return [] if res.nil? && MS_PRIVILEGES_RIGHTS.include?(name.to_s)96 res97 end98 def to_s99 'Security Policy'100 end101 private102 def read_content103 return @content if defined?(@content)104 # using process pid to prevent any race conditions with multiple runners105 export_file = "win_secpol-#{Process.pid}.cfg"106 # export the security policy107 cmd = inspec.command("secedit /export /cfg #{export_file}")108 return nil if cmd.exit_status.to_i != 0109 # store file content110 cmd = inspec.command("Get-Content #{export_file}")111 return skip_resource "Can't read security policy" if cmd.exit_status.to_i != 0112 @content = cmd.stdout113 ensure114 # delete temp file115 inspec.command("Remove-Item #{export_file}").exit_status.to_i116 end117 def read_params118 return @params if defined?(@params)119 return @params = {} if read_content.nil?120 conf = SimpleConfig.new(121 @content,122 assignment_regex: /^\s*(.*)=\s*(\S*)\s*$/,123 )124 @params = convert_hash(conf.params)125 end126 # extracts the values, this methods detects:127 # numbers and SIDs and optimizes them for further usage128 def extract_value(val)129 if val =~ /^\d+$/130 val.to_i131 # special handling for SID array132 elsif val =~ /[,]{0,1}\*\S/133 if @translate_sid134 val.split(',').map { |v|135 object_name = inspec.command("(New-Object System.Security.Principal.SecurityIdentifier(\"#{v.sub('*S', 'S')}\")).Translate( [System.Security.Principal.NTAccount]).Value").stdout.to_s.strip136 object_name.empty? || object_name.nil? ? v.sub('*S', 'S') : object_name137 }138 else139 val.split(',').map { |v|140 v.sub('*S', 'S')141 }142 end143 # special handling for string values with "144 elsif !(m = /^\"(.*)\"$/.match(val)).nil?145 m[1]146 else147 val148 end149 end150 def convert_hash(hash)151 new_hash = {}152 hash.each do |k, v|153 v.is_a?(Hash) ? value = convert_hash(v) : value = extract_value(v)154 new_hash[k.strip] = value155 end156 new_hash157 end158 end159end...
cli_command.rb
Source:cli_command.rb
...44 desc 'prompt', 'Tries to prompt the user'45 def prompt46 ui.prompt.keypress('Apollo 18, ready to launch! :countdown', timeout: 1)47 end48 desc 'interactive', 'Inspec::UI#interactive?'49 def interactive50 ui.plain_line(ui.interactive?.to_s)51 end52 #--------------------------------------------------#53 # Exit code Testing Commands54 #--------------------------------------------------#55 [56 :normal,57 :usage_error,58 :plugin_error,59 :skipped_tests,60 :failed_tests,61 :tea,62 ].each do |exit_mode|63 short = 'exit' + exit_mode.to_s.split('_').first64 desc short, "Exit with code for #{exit_mode}"...
windows_configuration_test.rb
Source:windows_configuration_test.rb
1# Chef InSpec test for recipe 4_Windows::windows_configuration2# The Chef InSpec reference, with examples and extensive documentation, can be3# found at https://docs.chef.io/inspec/resources/4describe security_policy do5 its('SeInteractiveLogonRight') { should eq ['S-1-5-32-544'] }6end7describe security_policy do8 its('SeRemoteInteractiveLogonRight') { should eq ['S-1-5-32-544'] + ['S-1-5-32-555'] }9end10describe security_policy do11 its('EnableAdminAccount') { should eq 0 }12end13describe registry_key 'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' do14 its('DisableCAD') { should eq 0 }15end16describe registry_key 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpClient' do17 its('Enabled') { should eq 1 }18end19describe registry_key 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\W32time\\TimeProviders\\NTPServer' do20 its('Disabled') { should eq 0 }21end...
interactive
Using AI Code Generation
1describe command('hostname') do2 its('stdout') { should match /myhost/ }3Profile: tests from 1.rb (tests from 1.rb)4Version: (not specified)5Profile: myprofile (myprofile)6Version: (not specified)7Profile: myprofile (myprofile)8Version: (not specified)9Profile: myprofile (myprofile)10Version: (not specified)11Profile: myprofile (myprofile)12Version: (not specified)
interactive
Using AI Code Generation
1Inspec::UI::CLI.start(ARGV)2Inspec::UI::CLI.start(ARGV)3Traceback (most recent call last):42.rb:6:in `require': cannot load such file -- inspec (LoadError)
interactive
Using AI Code Generation
1 inspec.add_target(:local, '/path/to/inspec/test.rb')2describe file('/etc/hosts') do3 it { should be_file }4 its('content') { should match /
interactive
Using AI Code Generation
1 describe user('root') do2 it { should exist }3 describe user('root') do4 it { should exist }5 describe user('root') do6 it { should exist }7 describe user('root') do8 it { should exist }9 describe user('root') do10 it { should exist }11 describe user('root') do12 it { should exist }13 describe user('root') do14 it { should exist }15 describe user('root') do16 it { should exist }17 describe user('root') do18 it { should exist }
interactive
Using AI Code Generation
1 describe file('/etc/passwd') do2Finished in 0.00454 seconds (files took 0.2862 seconds to load)3{4 {
Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.
You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.
Get 100 minutes of automation test minutes FREE!!