mirror of
https://github.com/inspec/inspec
synced 2024-11-27 15:10:44 +00:00
updated docs for resource
Signed-off-by: Will Dower <wdower@mitre.org>
This commit is contained in:
parent
513b743ce6
commit
d00ce2c194
2 changed files with 39 additions and 6 deletions
|
@ -45,7 +45,20 @@ Use the where clause to test open interfaces, sources, and services that are in
|
||||||
|
|
||||||
## Properties
|
## Properties
|
||||||
|
|
||||||
### `interfaces`
|
- `interfaces`
|
||||||
|
- `sources`
|
||||||
|
- `services`
|
||||||
|
- `target`
|
||||||
|
- `ports`
|
||||||
|
- `protocols`
|
||||||
|
- `forward_ports`
|
||||||
|
- `source_ports`
|
||||||
|
- `icmp_blocks`
|
||||||
|
- `rich_rules`
|
||||||
|
|
||||||
|
## Property Examples
|
||||||
|
|
||||||
|
### interfaces
|
||||||
|
|
||||||
The `interfaces` property is used in conjunction with the where class to display open interfaces in an active zone.
|
The `interfaces` property is used in conjunction with the where class to display open interfaces in an active zone.
|
||||||
|
|
||||||
|
@ -77,12 +90,20 @@ The `target` property is used in conjunction with the where class to display the
|
||||||
its('target') { should cmp ['default'] } # or ['DROP'], ['ACCEPT'], etc.
|
its('target') { should cmp ['default'] } # or ['DROP'], ['ACCEPT'], etc.
|
||||||
end
|
end
|
||||||
|
|
||||||
### icmp_block_inversion
|
### ports
|
||||||
|
|
||||||
The `icmp_block_inversion` property is used in conjunction with the where class to display whether inversion of icmp blocks has been enabled for a zone.
|
The `ports` property is used in conjunction with the where class to display the ports used by an active zone.
|
||||||
|
|
||||||
describe firewalld.where { zone == 'public' } do
|
describe firewalld.where { zone == 'public' } do
|
||||||
its('target') { should cmp ['default'] } # or ['DROP'], ['ACCEPT'], etc.
|
its('ports') { should cmp ["80/tcp", "443/tcp"] }
|
||||||
|
end
|
||||||
|
|
||||||
|
### protocols
|
||||||
|
|
||||||
|
The `protocols` property is used in conjunction with the where class to display the protocols used by an active zone.
|
||||||
|
|
||||||
|
describe firewalld.where { zone == 'public' } do
|
||||||
|
its('protocols') { should cmp ["icmp", "ipv4"] }
|
||||||
end
|
end
|
||||||
|
|
||||||
### default_zone
|
### default_zone
|
||||||
|
@ -131,4 +152,16 @@ The `be_running` matcher tests if the firewalld service is running:
|
||||||
|
|
||||||
it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') }
|
it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') }
|
||||||
|
|
||||||
It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action
|
It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action.
|
||||||
|
|
||||||
|
### `have_icmp_block_inversion_enabled`
|
||||||
|
|
||||||
|
`have_icmp_block_inversion_enabled` returns true or false if ICMP block inversion flag is set for the indicated zone.
|
||||||
|
|
||||||
|
it { should have_icmp_block_inversion_enabled }
|
||||||
|
|
||||||
|
### `have_masquerade_enabled`
|
||||||
|
|
||||||
|
`have_masquerade_enabled` returns true or false if the masquerade flag is set for the indicated zone.
|
||||||
|
|
||||||
|
it { should have_masquerade_enabled }
|
||||||
|
|
|
@ -57,7 +57,7 @@ describe "Inspec::Resources::FirewallD" do
|
||||||
|
|
||||||
it "detects protocols in an active zone" do
|
it "detects protocols in an active zone" do
|
||||||
entries = cent_resource.where { zone == "public" }
|
entries = cent_resource.where { zone == "public" }
|
||||||
_(entries.protocols).must_equal [%w{icmp ipv4}]
|
_(entries.protocols).must_equal [["icmp", "ipv4"]]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "detects whether IPv4 masquerading is enabled in an active zone" do
|
it "detects whether IPv4 masquerading is enabled in an active zone" do
|
||||||
|
|
Loading…
Reference in a new issue