Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-12-03 18:09:32 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/docs/resources/iis_site.md.erb

143 lines
3.7 KiB
Text
Raw Normal View History

add all partials for resources
2016-09-22 12:43:57 +00:00
---
title: About the iis_site Resource
---
# iis_site
Use the `iis_site` InSpec audit resource to test the state of IIS on Windows Server 2012 (and later).
# Syntax
An `iis_site` resource block declares details about the named site:
describe iis_site('site_name') do
it { should exist }
it { should be_running }
it { should have_app_pool('app_pool_name') }
it { should have_binding('binding_details') }
it { should have_path('path_to_site') }
end
where
* `'site_name'` is the name of the site, such as `'Default Web Site'`
* `('app_pool_name')` is the name of the application pool in which the site's root application is run, such as `'DefaultAppPool'`
* `('binding_details')` is a binding for the site, such as `'net.pipe *'`. A site may have multiple bindings; therefore, use a `have_binding` matcher for each site binding to be tested
* `('path_to_site')` is the path to the site, such as `'C:\\inetpub\\wwwroot'`
For example:
describe iis_site('Default Web Site') do
it { should exist }
it { should be_running }
it { should have_app_pool('DefaultAppPool') }
it { should have_binding('https :443:www.contoso.com sslFlags=0') }
it { should have_binding('net.pipe *') }
it { should have_path('C:\\inetpub\\wwwroot') }
end
# Matchers
This InSpec audit resource has the following matchers:
## be
<%= partial "/shared/matcher_be" %>
## be_running
The `be_running` matcher tests if the site is running:
it { should be_running }
## cmp
<%= partial "/shared/matcher_cmp" %>
## eq
<%= partial "/shared/matcher_eq" %>
## exist
The `exist` matcher tests if the site exists:
it { should exist }
## have_app_pool
The `have_app_pool` matcher tests if the named application pool exists for the site:
it { should have_app_pool('DefaultAppPool') }
For example, testing if a site's application pool inherits the settings of the parent application pool:
it { should have_app_pool('/') }
## have_binding
The `have_binding` matcher tests if the specified binding exists for the site:
it { should have_binding('http :80:*') }
or:
it { should have_binding('net.pipe *') }
A site may have multiple bindings; use a `have_binding` matcher for each unique site binding to be tested.
### Binding Attributes
The `have_binding` matcher can also test attributes that are defined for a site binding. For example, the `sslFlags` attribute defines if SSL is enabled, and (when enabled) what level of SSL is applied to the site.
Testing a site with SSL disabled:
it { should have_binding('https :443:www.contoso.com sslFlags=0') }
Testing a site with SSL enabled:
it { should have_binding('https :443:www.contoso.com sslFlags=Ssl') }
Testing a site with certificate mapping authentication enabled:
it { should have_binding('https :443:www.contoso.com sslFlags=SslMapCert') }
Testing a site with 128-bit SSL enabled:
it { should have_binding('https :443:www.contoso.com sslFlags=Ssl128') }
## have_path
The `have_path` matcher tests if the named path is defined for the site:
it { should have_path('C:\\inetpub\\wwwroot') }
## include
<%= partial "/shared/matcher_include" %>
## match
<%= partial "/shared/matcher_match" %>
# Examples
The following examples show how to use this InSpec audit resource.
## Test a default IIS site
describe iis_site('Default Web Site') do
it { should exist }
it { should be_running }
it { should have_app_pool('DefaultAppPool') }
it { should have_binding('http *:80:') }
it { should have_path('%SystemDrive%\\inetpub\\wwwroot\\') }
end
## Test if IIS service is running
describe service('W3SVC') do
it { should be_installed }
it { should be_running }
end
Reference in a new issue Copy permalink