mirror of
https://github.com/inspec/inspec
synced 2024-12-18 09:03:12 +00:00
64 lines
1.4 KiB
Text
64 lines
1.4 KiB
Text
|
---
|
||
|
title: About the zfs_dataset Resource
|
||
|
---
|
||
|
|
||
|
# zfs_dataset
|
||
|
|
||
|
Use the `zfs_dataset` InSpec audit resource to test the ZFS datasets on FreeBSD systems.
|
||
|
|
||
|
## Syntax
|
||
|
|
||
|
A `zfs_dataset` resource block declares the ZFS dataset properties that should be tested:
|
||
|
|
||
|
describe zfs_dataset('dataset') do
|
||
|
it { should MATCHER 'value' }
|
||
|
end
|
||
|
|
||
|
where
|
||
|
|
||
|
* `('dataset')` is the name of the ZFS dataset (eg: `'tank/tmp'`)
|
||
|
* `MATCHER` is a valid matcher for this resource
|
||
|
* `'value'` is the value to be tested
|
||
|
|
||
|
|
||
|
## Matchers
|
||
|
|
||
|
This InSpec audit resource has the matchers listed below, in addition to dynamically exposing all ZFS dataset properties available (see: `man zfs` for the list of supported properties.)
|
||
|
|
||
|
### be
|
||
|
|
||
|
<%= partial "/shared/matcher_be" %>
|
||
|
|
||
|
### be_mounted
|
||
|
|
||
|
The `be_mounted` matcher tests if the dataset is accessible from the file system:
|
||
|
|
||
|
it { should be_mounted }
|
||
|
|
||
|
### cmp
|
||
|
|
||
|
<%= partial "/shared/matcher_cmp" %>
|
||
|
|
||
|
### eq
|
||
|
|
||
|
<%= partial "/shared/matcher_eq" %>
|
||
|
|
||
|
### match
|
||
|
|
||
|
<%= partial "/shared/matcher_match" %>
|
||
|
|
||
|
## Examples
|
||
|
|
||
|
The following examples show how to use this InSpec audit resource.
|
||
|
|
||
|
### Test a dataset of 'tank/tmp'
|
||
|
|
||
|
describe zfs_dataset('tank/tmp') do
|
||
|
it { should be_mounted }
|
||
|
its('atime') { should eq 'on' }
|
||
|
its('compression') { should eq 'lz4' }
|
||
|
its('exec') { should eq 'off' }
|
||
|
its('readonly') { should eq 'off' }
|
||
|
its('setuid') { should eq 'off' }
|
||
|
end
|