inspec/docs/resources/auditd_conf.md.erb

79 lines
2.3 KiB
Text
Raw Normal View History

2016-09-22 12:43:57 +00:00
---
title: About the auditd_conf Resource
platform: linux
2016-09-22 12:43:57 +00:00
---
# auditd_conf
Use the `auditd_conf` InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under `/etc/audit/auditd.conf'` on Unix and Linux platforms.
<br>
## Availability
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
### Version
This resource first became available in v1.0.0 of InSpec.
## Syntax
2016-09-22 12:43:57 +00:00
A `auditd_conf` resource block declares configuration settings that should be tested:
describe auditd_conf('path') do
its('keyword') { should cmp 'value' }
end
where
* `'keyword'` is a configuration setting defined in the `auditd.conf` configuration file
* `('path')` is the non-default path to the `auditd.conf` configuration file
* `{ should cmp 'value' }` is the value that is expected
<br>
2016-09-22 12:43:57 +00:00
## Properties
This matcher will match any property listed in the `auditd.conf` configuration file. Property names and expected values are case-insensitive:
* `admin_space_left`, `admin_space_left_action`, `action_mail_acct`, `disk_error_action`, `disk_full_action`, `flush`, `freq`, `log_file`, `log_format`, `max_log_file`, `max_log_file_action`, `num_logs`, `space_left`, `space_left_action`
## Property Examples
2016-09-22 12:43:57 +00:00
The following examples show how to use this InSpec audit resource.
### Test the auditd.conf file
2016-09-22 12:43:57 +00:00
describe auditd_conf do
its('log_file') { should cmp '/full/path/to/file' }
its('log_format') { should cmp 'raw' }
its('flush') { should cmp 'none' }
its('freq') { should cmp 1 }
its('num_logs') { should cmp 0 }
its('max_log_file') { should cmp 6 }
its('max_log_file_action') { should cmp 'email' }
its('space_left') { should cmp 2 }
its('action_mail_acct') { should cmp 'root' }
its('space_left_action') { should cmp 'email' }
its('admin_space_left') { should cmp 1 }
its('admin_space_left_action') { should cmp 'halt' }
its('disk_full_action') { should cmp 'halt' }
its('disk_error_action') { should cmp 'halt' }
end
<br>
## Matchers
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### `cmp`
The `cmp` matcher compares values across types.
its('freq') { should cmp 1 }