Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2025-02-17 06:28:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

update ssh docs

Browse source
This commit is contained in:
Christoph Hartmann 2015-10-31 20:46:12 +01:00 committed by Dominik Richter
parent ad73a606ff
commit ee3e56adae
1 changed files with 2 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
docs/resources.rst
View file

@ -3829,7 +3829,7 @@ The following examples show how to use this InSpec audit resource.
sshd_config
=====================================================
Use the ``sshd_config`` |inspec resource| to test configuration data for the |openssh| daemon located at ``etc/ssh/sshd_config`` on |linux| and |unix| platforms. sshd---the |openssh| daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command executation, and data exchanges.
Use the ``sshd_config`` |inspec resource| to test configuration data for the |openssh| daemon located at ``/etc/ssh/sshd_config`` on |linux| and |unix| platforms. sshd---the |openssh| daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command executation, and data exchanges.
**Stability: Experimental**
@ -3875,8 +3875,6 @@ The following examples show how to use this InSpec audit resource.
.. code-block:: ruby
return unless command('sshd').exist?
describe sshd_config do
its('AcceptEnv') { should include('GORDON_SERVER') }
end
@ -3885,8 +3883,6 @@ The following examples show how to use this InSpec audit resource.
.. code-block:: ruby
return unless command('sshd').exist?
describe sshd_config do
its('AddressFamily') { should eq 'inet6' }
end
@ -3899,19 +3895,10 @@ The following examples show how to use this InSpec audit resource.
its('Protocol') { should eq '2' }
end
**Test ports for SSL, then verify ciphers**
**Test ciphers**
.. code-block:: ruby
describe port(80) do
it { should_not be_listening }
end
describe port(443) do
it { should be_listening }
its('protocol') {should eq 'tcp'}
end
describe sshd_config do
its('Ciphers') { should eq('chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr') }
end
@ -4135,8 +4122,6 @@ The ``be_installed`` matcher tests if the named |windows| feature is installed:
it { should be_installed }
If the feature is installed, the ``Get-WindowsFeature`` cmdlet is run and the name, display name, description, and install state is returned as a |json| object.
Examples
-----------------------------------------------------
The following examples show how to use this InSpec audit resource.