inspec/docs/resources/etc_hosts_allow.md.erb

---
title: About the etc_hosts_allow Resource
---

# etc_hosts_allow

Use the `etc_hosts_allow` InSpec audit resource to test rules set to accept daemon and client traffic set in /etc/hosts.allow file.

<br>

## Syntax

An etc/hosts.allow rule specifies one or more daemons mapped to one or more clients,
with zero or more options to use to accept traffic when found.

Use the where clause to match a property to one or more rules in the hosts.allow file.

    describe etc_hosts_allow.where { daemon == 'value' } do
      its ('client_list') { should include ['values'] }
      its ('options') { should include ['values'] }
    end

Use the optional constructor parameter to give an alternative path to hosts.allow

    describe etc_hosts_allow(hosts_path).where { daemon == 'value' } do
      its ('client_list') { should include ['values'] }
      its ('options') { should include ['values'] }
    end

where

* `daemon` is a daemon that will be allowed to pass traffic in.
* `client_list` is a list of clients will be allowed to pass traffic in.
* `options` is a list of tasks that to be done with the rule when traffic is found.

<br>

## Supported Properties

    'daemon', 'client_list', 'options'

<br>

## Property Examples and Return Types

### daemon

`daemon` returns a string containing the daemon that is allowed in the rule.

    describe etc_hosts_allow.where { client_list == ['127.0.1.154',  '[:fff:fAb0::]'] } do
      its('daemon') { should eq ['vsftpd', 'sshd'] }
    end

### client_list

`client_list` returns a 2d string array where each entry contains the clients specified for the rule.

    describe etc_hosts_allow.where { daemon == 'sshd' } do
      its('client_list') { should include ['192.168.0.0/16', '[abcd::0000:1234]'] }
    end

### options

`options` returns a 2d string array where each entry contains any options specified for the rule.

    describe etc_hosts_allow.where { daemon == 'sshd' } do
      its('options') { should include ['deny', 'echo "REJECTED"'] }
    end
etc_hosts_allow and etc_hosts_deny resources: test the content of the tcpwrappers configuration files (#2073) * New Resource-combined etc_hosts_allow etc_hosts_deny Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> 2017-09-25 17:49:04 +00:00			`---`
			`title: About the etc_hosts_allow Resource`
			`---`

			`# etc_hosts_allow`

			Use the `etc_hosts_allow` InSpec audit resource to test rules set to accept daemon and client traffic set in /etc/hosts.allow file.

Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`<br>`

etc_hosts_allow and etc_hosts_deny resources: test the content of the tcpwrappers configuration files (#2073) * New Resource-combined etc_hosts_allow etc_hosts_deny Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> 2017-09-25 17:49:04 +00:00			`## Syntax`

			`An etc/hosts.allow rule specifies one or more daemons mapped to one or more clients,`
			`with zero or more options to use to accept traffic when found.`

			`Use the where clause to match a property to one or more rules in the hosts.allow file.`

			`describe etc_hosts_allow.where { daemon == 'value' } do`
			`its ('client_list') { should include ['values'] }`
			`its ('options') { should include ['values'] }`
			`end`

			`Use the optional constructor parameter to give an alternative path to hosts.allow`

			`describe etc_hosts_allow(hosts_path).where { daemon == 'value' } do`
			`its ('client_list') { should include ['values'] }`
			`its ('options') { should include ['values'] }`
			`end`

			`where`

			* `daemon` is a daemon that will be allowed to pass traffic in.
			* `client_list` is a list of clients will be allowed to pass traffic in.
			* `options` is a list of tasks that to be done with the rule when traffic is found.

Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`<br>`

etc_hosts_allow and etc_hosts_deny resources: test the content of the tcpwrappers configuration files (#2073) * New Resource-combined etc_hosts_allow etc_hosts_deny Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> 2017-09-25 17:49:04 +00:00			`## Supported Properties`

			`'daemon', 'client_list', 'options'`

Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`<br>`

etc_hosts_allow and etc_hosts_deny resources: test the content of the tcpwrappers configuration files (#2073) * New Resource-combined etc_hosts_allow etc_hosts_deny Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> 2017-09-25 17:49:04 +00:00			`## Property Examples and Return Types`

			`### daemon`

			`daemon` returns a string containing the daemon that is allowed in the rule.

			`describe etc_hosts_allow.where { client_list == ['127.0.1.154', '[:fff:fAb0::]'] } do`
			`its('daemon') { should eq ['vsftpd', 'sshd'] }`
			`end`

			`### client_list`

			`client_list` returns a 2d string array where each entry contains the clients specified for the rule.

			`describe etc_hosts_allow.where { daemon == 'sshd' } do`
			`its('client_list') { should include ['192.168.0.0/16', '[abcd::0000:1234]'] }`
			`end`

			`### options`

			`options` returns a 2d string array where each entry contains any options specified for the rule.

			`describe etc_hosts_allow.where { daemon == 'sshd' } do`
			`its('options') { should include ['deny', 'echo "REJECTED"'] }`
			`end`