inspec/docs/resources/iis_site.md.erb

129 lines
3.6 KiB
Text
Raw Normal View History

2016-09-22 12:43:57 +00:00
---
title: About the iis_site Resource
---
# iis_site
Use the `iis_site` InSpec audit resource to test the state of IIS on Windows Server 2012 (and later).
<br>
## Syntax
2016-09-22 12:43:57 +00:00
An `iis_site` resource block declares details about the named site:
describe iis_site('site_name') do
it { should exist }
it { should be_running }
it { should have_app_pool('app_pool_name') }
it { should have_binding('binding_details') }
it { should have_path('path_to_site') }
end
where
* `'site_name'` is the name of the site, such as `'Default Web Site'`
* `('app_pool_name')` is the name of the application pool in which the site's root application is run, such as `'DefaultAppPool'`
* `('binding_details')` is a binding for the site, such as `'net.pipe *'`. A site may have multiple bindings; therefore, use a `have_binding` matcher for each site binding to be tested
* `('path_to_site')` is the path to the site, such as `'C:\\inetpub\\wwwroot'`
For example:
describe iis_site('Default Web Site') do
it { should exist }
it { should be_running }
it { should have_app_pool('DefaultAppPool') }
it { should have_binding('https :443:www.contoso.com sslFlags=0') }
it { should have_binding('net.pipe *') }
it { should have_path('C:\\inetpub\\wwwroot') }
end
<br>
2016-09-22 12:43:57 +00:00
## Examples
2016-09-22 12:43:57 +00:00
The following examples show how to use this InSpec audit resource.
2016-09-22 12:43:57 +00:00
### Test a default IIS site
2016-09-22 12:43:57 +00:00
describe iis_site('Default Web Site') do
it { should exist }
it { should be_running }
it { should have_app_pool('DefaultAppPool') }
it { should have_binding('http *:80:') }
it { should have_path('%SystemDrive%\\inetpub\\wwwroot') }
end
2016-09-22 12:43:57 +00:00
### Test if IIS service is running
2016-09-22 12:43:57 +00:00
describe service('W3SVC') do
it { should be_installed }
it { should be_running }
end
2016-09-22 12:43:57 +00:00
<br>
2016-09-22 12:43:57 +00:00
## Matchers
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### be_running
2016-09-22 12:43:57 +00:00
The `be_running` matcher tests if the site is running:
2016-09-22 12:43:57 +00:00
it { should be_running }
2016-09-22 12:43:57 +00:00
### exist
2016-09-22 12:43:57 +00:00
The `exist` matcher tests if the site exists:
it { should exist }
### have\_app\_pool
2016-09-22 12:43:57 +00:00
The `have_app_pool` matcher tests if the named application pool exists for the site:
it { should have_app_pool('DefaultAppPool') }
For example, testing if a site's application pool inherits the settings of the parent application pool:
it { should have_app_pool('/') }
### have_binding
2016-09-22 12:43:57 +00:00
The `have_binding` matcher tests if the specified binding exists for the site:
it { should have_binding('http :80:*') }
or:
it { should have_binding('net.pipe *') }
A site may have multiple bindings; use a `have_binding` matcher for each unique site binding to be tested.
##### Binding Attributes
2016-09-22 12:43:57 +00:00
The `have_binding` matcher can also test attributes that are defined for a site binding. For example, the `sslFlags` attribute defines if SSL is enabled, and (when enabled) what level of SSL is applied to the site.
Testing a site with SSL disabled:
it { should have_binding('https :443:www.contoso.com sslFlags=0') }
Testing a site with SSL enabled:
it { should have_binding('https :443:www.contoso.com sslFlags=Ssl') }
Testing a site with certificate mapping authentication enabled:
it { should have_binding('https :443:www.contoso.com sslFlags=SslMapCert') }
Testing a site with 128-bit SSL enabled:
it { should have_binding('https :443:www.contoso.com sslFlags=Ssl128') }
### have_path
2016-09-22 12:43:57 +00:00
The `have_path` matcher tests if the named path is defined for the site:
it { should have_path('C:\\inetpub\\wwwroot') }