mirror of
https://github.com/inspec/inspec
synced 2024-11-30 16:39:20 +00:00
b0bcc35fda
Signed-off-by: kagarmoe <kgarmoe@chef.io>
47 lines
1.1 KiB
Text
47 lines
1.1 KiB
Text
---
|
|
title: About the security_policy Resource
|
|
platform: windows
|
|
---
|
|
|
|
# security_policy
|
|
|
|
Use the `security_policy` InSpec audit resource to test security policies on the Windows platform.
|
|
|
|
<br>
|
|
|
|
## Syntax
|
|
|
|
A `security_policy` resource block declares the name of a security policy and the value to be tested:
|
|
|
|
describe security_policy do
|
|
its('policy_name') { should eq 'value' }
|
|
end
|
|
|
|
where
|
|
|
|
* `'policy_name'` must specify a security policy
|
|
* `{ should eq 'value' }` tests the value of `policy_name` against the value declared in the test
|
|
|
|
<br>
|
|
|
|
## Examples
|
|
|
|
The following examples show how to use this InSpec audit resource.
|
|
|
|
### Verify that only the Administrators group has remote access
|
|
|
|
describe security_policy do
|
|
its('SeRemoteInteractiveLogonRight') { should eq '*S-1-5-32-544' }
|
|
end
|
|
|
|
<br>
|
|
|
|
## Matchers
|
|
|
|
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
|
|
### policy_name
|
|
|
|
The `policy_name` matcher must be the name of a security policy:
|
|
|
|
its('SeNetworkLogonRight') { should eq '*S-1-5-11' }
|