Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-27 07:00:39 +00:00
Code Issues Projects Releases Packages Wiki Activity

Document awesome where syntax for port

Browse source
This commit is contained in:
Peter Burkholder 2016-08-18 12:29:23 -04:00
parent b84b721b83
commit 69a96665de
1 changed files with 33 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
docs/resources.rst
View file

@ -1845,7 +1845,7 @@ The ``be_running`` matcher tests if the IIS site is running
.. code-block:: ruby .. code-block:: ruby
it { should be_running } it { should be_running }
have_app_pool have_app_pool
+++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++
The ``have_app_pool`` matcher tests if the IIS site belongs in the specified application pool The ``have_app_pool`` matcher tests if the IIS site belongs in the specified application pool
@ -1861,15 +1861,15 @@ The ``have_binding`` matcher tests if the IIS site has the specified binding
.. code-block:: ruby .. code-block:: ruby
it { should have_binding('http :80:*' ) } it { should have_binding('http :80:*' ) }
have_path have_path
+++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++
The ``have_path`` matcher tests if the IIS site is located in the specified path The ``have_path`` matcher tests if the IIS site is located in the specified path
.. code-block:: ruby .. code-block:: ruby
it { should have_path('c:\\inetpub\\wwwroot\\my_site') } it { should have_path('c:\\inetpub\\wwwroot\\my_site') }
Examples Examples
----------------------------------------------------- -----------------------------------------------------
@ -1881,7 +1881,7 @@ The following examples show how to use this InSpec audit resource.
describe iis_site('My Site') do describe iis_site('My Site') do
it { should be_running } it { should be_running }
it { should have_path('c:\\mysite') } it { should have_path('c:\\mysite') }
end end
**Test to see if 'Default Web Site' has been removed** **Test to see if 'Default Web Site' has been removed**
@ -1900,8 +1900,8 @@ The following examples show how to use this InSpec audit resource.
it { should have_app_pool('app_pool') } it { should have_app_pool('app_pool') }
it { should have_binding('http :80:*') } it { should have_binding('http :80:*') }
end end
inetd_conf inetd_conf
===================================================== =====================================================
@ -3564,6 +3564,18 @@ A ``port`` |inspec resource| block declares a port, and then depending on what n
where the ``processes`` returns the processes listening on port 514. where the ``processes`` returns the processes listening on port 514.
or:
.. code-block:: ruby
describe port.where { protocol =~ /tcp/ && port > 22 && port < 80 } do
it { should_not be_listening }
end
where
* ``.where{}`` may specify a block to filter on attributes: port, address, protocol, process, pid, listening?
Matchers Matchers
----------------------------------------------------- -----------------------------------------------------
This InSpec audit resource has the following matchers. This InSpec audit resource has the following matchers.
@ -3656,6 +3668,20 @@ This check can be implemented in two equivalent ways:
it { should be_listening } it { should be_listening }
end end
**Test that no ports above 80 are listening**
.. code-block:: ruby
describe port.where { protocol =~ /tcp/ && port > 80 } do
it { should_not be_listening }
end
**Tests that only httpd and sshd are listening**
describe port.where { listening? } do
its('processes') { should contain_exactly('sshd','httpd') }
end
postgres_conf postgres_conf
===================================================== =====================================================
Use the ``postgres_conf`` |inspec resource| to test the contents of the configuration file for |postgresql|, typically located at ``/etc/postgresql/<version>/main/postgresql.conf`` or ``/var/lib/postgres/data/postgresql.conf``, depending on the platform. Use the ``postgres_conf`` |inspec resource| to test the contents of the configuration file for |postgresql|, typically located at ``/etc/postgresql/<version>/main/postgresql.conf`` or ``/var/lib/postgres/data/postgresql.conf``, depending on the platform.