Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 21:23:29 +00:00
Code Issues Projects Releases Packages Wiki Activity

updated docs for resource

Browse source 
Signed-off-by: Will Dower <wdower@mitre.org>
This commit is contained in:
Will Dower 2021-07-12 11:44:13 -04:00 committed by Clinton Wolfe
parent 513b743ce6
commit d00ce2c194
2 changed files with 39 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
docs-chef-io/content/inspec/resources/firewalld.md
View file

@ -45,7 +45,20 @@ Use the where clause to test open interfaces, sources, and services that are in
## Properties
### `interfaces`
- `interfaces`
- `sources`
- `services`
- `target`
- `ports`
- `protocols`
- `forward_ports`
- `source_ports`
- `icmp_blocks`
- `rich_rules`
## Property Examples
### interfaces
The `interfaces` property is used in conjunction with the where class to display open interfaces in an active zone.
@ -77,12 +90,20 @@ The `target` property is used in conjunction with the where class to display the
its('target') { should cmp ['default'] } # or ['DROP'], ['ACCEPT'], etc.
end
### icmp_block_inversion
### ports
The `icmp_block_inversion` property is used in conjunction with the where class to display whether inversion of icmp blocks has been enabled for a zone.
The `ports` property is used in conjunction with the where class to display the ports used by an active zone.
describe firewalld.where { zone == 'public' } do
its('target') { should cmp ['default'] } # or ['DROP'], ['ACCEPT'], etc.
its('ports') { should cmp ["80/tcp", "443/tcp"] }
end
### protocols
The `protocols` property is used in conjunction with the where class to display the protocols used by an active zone.
describe firewalld.where { zone == 'public' } do
its('protocols') { should cmp ["icmp", "ipv4"] }
end
### default_zone
@ -131,4 +152,16 @@ The `be_running` matcher tests if the firewalld service is running:
it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') }
It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action
It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action.
### `have_icmp_block_inversion_enabled`
`have_icmp_block_inversion_enabled` returns true or false if ICMP block inversion flag is set for the indicated zone.
it { should have_icmp_block_inversion_enabled }
### `have_masquerade_enabled`
`have_masquerade_enabled` returns true or false if the masquerade flag is set for the indicated zone.
it { should have_masquerade_enabled }

2
test/unit/resources/firewalld_test.rb
View file

@ -57,7 +57,7 @@ describe "Inspec::Resources::FirewallD" do
it "detects protocols in an active zone" do
entries = cent_resource.where { zone == "public" }
_(entries.protocols).must_equal [%w{icmp ipv4}]
_(entries.protocols).must_equal [["icmp", "ipv4"]]
end
it "detects whether IPv4 masquerading is enabled in an active zone" do