auditd_conf resource
Use the auditd_conf
Chef InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under /etc/audit/auditd.conf'
on Unix and Linux platforms.
Availability
Installation
This resource is distributed along with Chef InSpec itself. You can use it automatically.
Version
This resource first became available in v1.0.0 of InSpec.
Syntax
A auditd_conf
resource block declares configuration settings that should be tested:
describe auditd_conf('path') do
its('keyword') { should cmp 'value' }
end
where
'keyword'
is a configuration setting defined in theauditd.conf
configuration file('path')
is the non-default path to theauditd.conf
configuration file{ should cmp 'value' }
is the value that is expected
Properties
This matcher will match any property listed in the auditd.conf
configuration file. Property names and expected values are case-insensitive:
admin_space_left
,admin_space_left_action
,action_mail_acct
,conf_path
,content
,disk_error_action
,disk_full_action
,flush
,freq
,log_file
,log_format
,max_log_file
,max_log_file_action
,num_logs
,params
,space_left
,space_left_action
Property Examples
The following examples show how to use this Chef InSpec audit resource.
Test the auditd.conf file
describe auditd_conf do
its('log_file') { should cmp '/full/path/to/file' }
its('log_format') { should cmp 'raw' }
its('flush') { should cmp 'none' }
its('freq') { should cmp 1 }
its('num_logs') { should cmp 0 }
its('max_log_file') { should cmp 6 }
its('max_log_file_action') { should cmp 'email' }
its('space_left') { should cmp 2 }
its('action_mail_acct') { should cmp 'root' }
its('space_left_action') { should cmp 'email' }
its('admin_space_left') { should cmp 1 }
its('admin_space_left_action') { should cmp 'halt' }
its('disk_full_action') { should cmp 'halt' }
its('disk_error_action') { should cmp 'halt' }
end
describe file(auditd_conf.conf_path) do
its('group') { should cmp 'root' }
end
Matchers
For a full list of available matchers, please visit our matchers page.
cmp
The cmp
matcher compares values across types.
its('freq') { should cmp 1 }
Was this page helpful?