2016-09-22 12:43:57 +00:00
---
title: About the auditd_conf Resource
2018-02-16 00:28:15 +00:00
platform: linux
2016-09-22 12:43:57 +00:00
---
# auditd_conf
Use the `auditd_conf` InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under `/etc/audit/auditd.conf'` on Unix and Linux platforms.
2017-10-03 21:35:10 +00:00
<br>
2018-08-09 12:34:49 +00:00
## Availability
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
### Version
This resource first became available in v1.0.0 of InSpec.
2016-09-27 19:03:23 +00:00
## Syntax
2016-09-22 12:43:57 +00:00
A `auditd_conf` resource block declares configuration settings that should be tested:
describe auditd_conf('path') do
its('keyword') { should cmp 'value' }
end
where
* `'keyword'` is a configuration setting defined in the `auditd.conf` configuration file
* `('path')` is the non-default path to the `auditd.conf` configuration file
* `{ should cmp 'value' }` is the value that is expected
2017-10-03 21:35:10 +00:00
<br>
2016-09-22 12:43:57 +00:00
2018-02-15 14:33:22 +00:00
## Properties
2018-02-05 18:56:36 +00:00
This matcher will match any property listed in the `auditd.conf` configuration file. Property names and expected values are case-insensitive:
* `admin_space_left`, `admin_space_left_action`, `action_mail_acct`, `disk_error_action`, `disk_full_action`, `flush`, `freq`, `log_file`, `log_format`, `max_log_file`, `max_log_file_action`, `num_logs`, `space_left`, `space_left_action`
## Property Examples
2016-09-22 12:43:57 +00:00
The following examples show how to use this InSpec audit resource.
2016-09-27 19:03:23 +00:00
### Test the auditd.conf file
2016-09-22 12:43:57 +00:00
describe auditd_conf do
its('log_file') { should cmp '/full/path/to/file' }
its('log_format') { should cmp 'raw' }
its('flush') { should cmp 'none' }
its('freq') { should cmp 1 }
its('num_logs') { should cmp 0 }
its('max_log_file') { should cmp 6 }
its('max_log_file_action') { should cmp 'email' }
its('space_left') { should cmp 2 }
its('action_mail_acct') { should cmp 'root' }
its('space_left_action') { should cmp 'email' }
its('admin_space_left') { should cmp 1 }
its('admin_space_left_action') { should cmp 'halt' }
its('disk_full_action') { should cmp 'halt' }
its('disk_error_action') { should cmp 'halt' }
end
2017-10-03 21:35:10 +00:00
<br>
## Matchers
2018-02-16 03:07:18 +00:00
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
2017-10-03 21:35:10 +00:00
2018-02-05 18:56:36 +00:00
### `cmp`
2017-10-03 21:35:10 +00:00
2018-02-16 00:28:15 +00:00
The `cmp` matcher compares values across types.
2017-10-03 21:35:10 +00:00
2018-02-05 18:56:36 +00:00
its('freq') { should cmp 1 }
2017-10-03 21:35:10 +00:00