linux_audit_system resource
Use the linux_audit_system
Chef InSpec audit resource to test the configuration of Linux audit system.
Availability
Installation
The Chef InSpec distributes this resource.
Syntax
A linux_audit_system
Chef InSpec audit resource allows you to test the configuration of Linux audit system.
describe linux_audit_system do
it { should be_enabled }
it { should be_running }
its('rules') { should include 'some_rule' }
end
where
rules
is a property of this resource.some_rule
is the expected rule to be included in the rules list.be_enabled
andbe_running
are matchers of this resource.
Properties
The property of this resource is rules
.
rules
The rules
property returns an array of audit rules of the system. It allows testing by passing an argument as a string or a regular expression to a valid matcher.
its('rules') { should include 'RULE' }
its('rules') { should include %r{some_regex_rule} }
Matchers
For a full list of available matchers, please visit our matchers page. The specific matchers of this resource are be_enabled
and be_running
.
be_enabled
The be_enabled
matcher tests if auditing is enabled on the system.
it { should be_enabled }
be_running
The be_running
matcher tests if the audit daemon runs on the system.
it { should be_running }
Examples
The following examples show how to use this Chef InSpec audit resource.
Ensure auditing is enabled on the system
be_enabled
checks if auditing is enabled on the system.
describe linux_audit_system do
it { should be_enabled }
end
Ensure the audit daemon is running on the system
be_running
checks for if the audit daemon runs on the system.
describe linux_audit_system do
it { should be_running }
end
Verify if the list of audit rules contains certain rules
rules
returns an array of audit rules of the system.
describe linux_audit_system do
its('rules') { should include '-w /etc -p wa' }
its('rules') { should include %r!-w /etc -p wa! }
its('rules') { should include %r{-w /etc -p wa} }
its('rules') { should_not include %r!-a entry,always -S all -F pid=1005! }
end