Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 05:03:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #4314 from inspec/ja/add-shadow-example

Browse source 
Add SHA512 password example to `shadow` resource
This commit is contained in:
kekaichinose 2019-07-26 11:48:44 -07:00 committed by GitHub
commit e88468736a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
docs/resources/shadow.md.erb
View file

@ -87,6 +87,18 @@ Use `where` to match any of the supported [filter criteria](#filter_criteria). `
its('users') { should be_empty } its('users') { should be_empty }
end end
Use `where` with [expect syntax](https://www.inspec.io/docs/reference/profiles/#should-vs-expect-syntax) to show all users (that aren't disabled or locked) without SHA512 hashed passwords.
# Users with password fields that are not *, !, or don't begin with $6$
bad_users = inspec.shadow.where { password !~ /^[*!]$|^\$6\$.*/ }.users
describe 'Password hashes in /etc/shadow' do
it 'should only contain SHA512 hashes' do
message = "Users without SHA512 hashes: #{bad_users.join(', ')}"
expect(bad_users).to be_empty, message
end
end
<br> <br>
## Properties ## Properties