2017-09-25 17:49:04 +00:00
|
|
|
---
|
|
|
|
title: About the etc_hosts_deny Resource
|
2018-02-16 00:28:15 +00:00
|
|
|
platform: linux
|
2017-09-25 17:49:04 +00:00
|
|
|
---
|
|
|
|
|
2018-01-08 18:09:13 +00:00
|
|
|
# etc\_hosts\_deny
|
2017-09-25 17:49:04 +00:00
|
|
|
|
2019-04-26 18:24:29 +00:00
|
|
|
Use the `etc_hosts_deny` Chef InSpec audit resource to test rules for rejecting daemon and client traffic defined in /etc/hosts.deny.
|
2017-09-25 17:49:04 +00:00
|
|
|
|
2017-10-03 21:35:10 +00:00
|
|
|
<br>
|
|
|
|
|
2018-08-09 12:34:49 +00:00
|
|
|
## Availability
|
|
|
|
|
|
|
|
### Installation
|
|
|
|
|
2019-04-26 18:24:29 +00:00
|
|
|
This resource is distributed along with Chef InSpec itself. You can use it automatically.
|
2018-08-09 12:34:49 +00:00
|
|
|
|
|
|
|
### Version
|
|
|
|
|
|
|
|
This resource first became available in v1.39.1 of InSpec.
|
|
|
|
|
2017-09-25 17:49:04 +00:00
|
|
|
## Syntax
|
|
|
|
|
2018-02-06 11:30:09 +00:00
|
|
|
An etc/hosts.deny rule specifies one or more daemons mapped to one or more clients, with zero or more options for rejecting traffic when found.
|
2017-09-25 17:49:04 +00:00
|
|
|
|
2018-02-06 11:30:09 +00:00
|
|
|
Use the where clause to match a property to one or more rules in the hosts.deny file:
|
2017-09-25 17:49:04 +00:00
|
|
|
|
|
|
|
describe etc_hosts_deny.where { daemon == 'value' } do
|
|
|
|
its ('client_list') { should include ['values'] }
|
|
|
|
its ('options') { should include ['values'] }
|
|
|
|
end
|
|
|
|
|
2018-02-06 11:30:09 +00:00
|
|
|
Use the optional constructor parameter to give an alternative path to hosts.deny:
|
2017-09-25 17:49:04 +00:00
|
|
|
|
|
|
|
describe etc_hosts_deny(hosts_path).where { daemon == 'value' } do
|
|
|
|
its ('client_list') { should include ['values'] }
|
|
|
|
its ('options') { should include ['values'] }
|
|
|
|
end
|
|
|
|
|
|
|
|
where
|
|
|
|
|
|
|
|
* `daemon` is a daemon that will be rejected to pass traffic in.
|
|
|
|
* `client_list` is a list of clients will be rejected to pass traffic in.
|
|
|
|
* `options` is a list of tasks that to be done with the rule when traffic is found.
|
|
|
|
|
2017-10-03 21:35:10 +00:00
|
|
|
<br>
|
|
|
|
|
2018-02-15 14:33:22 +00:00
|
|
|
## Properties
|
2017-09-25 17:49:04 +00:00
|
|
|
|
|
|
|
'daemon', 'client_list', 'options'
|
|
|
|
|
2017-10-03 21:35:10 +00:00
|
|
|
<br>
|
|
|
|
|
2018-02-15 14:33:22 +00:00
|
|
|
## Parameter Examples
|
2017-09-25 17:49:04 +00:00
|
|
|
|
|
|
|
### daemon
|
|
|
|
|
|
|
|
`daemon` returns a string containing the daemon that is allowed in the rule.
|
|
|
|
|
|
|
|
describe etc_hosts_deny.where { client_list == ['127.0.1.154', '[:fff:fAb0::]'] } do
|
|
|
|
its('daemon') { should eq ['vsftpd', 'sshd'] }
|
|
|
|
end
|
|
|
|
|
|
|
|
### client_list
|
|
|
|
|
|
|
|
`client_list` returns a 2d string array where each entry contains the clients specified for the rule.
|
|
|
|
|
|
|
|
describe etc_hosts_deny.where { daemon == 'sshd' } do
|
|
|
|
its('client_list') { should include ['192.168.0.0/16', '[abcd::0000:1234]'] }
|
|
|
|
end
|
|
|
|
|
|
|
|
### options
|
|
|
|
|
|
|
|
`options` returns a 2d string array where each entry contains any options specified for the rule.
|
|
|
|
|
|
|
|
describe etc_hosts_deny.where { daemon == 'sshd' } do
|
|
|
|
its('options') { should include ['deny', 'echo "REJECTED"'] }
|
|
|
|
end
|
2018-02-06 11:30:09 +00:00
|
|
|
|
|
|
|
<br>
|
|
|
|
|
|
|
|
## Matchers
|
|
|
|
|
2018-02-16 03:07:18 +00:00
|
|
|
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|