inspec/docs/resources/aide_conf.md.erb
hannah-radish 9cfc86d2ab Resource documentation update (#2207)
Light formatting changes, change order of example and matchers, slight
color changes

Signed-off-by: hannah-radish <hmaddy@chef.io>
2017-10-03 17:35:10 -04:00

71 lines
2.2 KiB
Text

---
title: About the aide_conf Resource
---
# aide_conf
Use the `aide_conf` InSpec audit resource to test the rules established for the file integrity tool AIDE. Controlled by the aide.conf file typically at /etc/aide.conf.
<br>
## Syntax
An `aide_conf` resource block can be used to determine if the selection lines contain one (or more) directories whose files should be added to the aide database:
describe aide_conf('path') do
its('selection_lines') { should include '/sbin' }
end
where
* `'selection_lines'` refers to all selection lines found in the aide.conf file
* `('path')` is the non-default path to the `aide.conf` file (optional)
* `should include 'value'` is the value that is expected
Use the where clause to match a selection_line to one rule or a particular set of rules found in the aide.conf file:
describe aide_conf.where { selection_line == '/bin' } do
its('rules.flatten') { should include 'r' }
end
describe aide_conf.where { selection_line == '/sbin' } do
its('rules') { should include ['p', 'i', 'l', 'n', 'u', 'g', 'sha512'] }
end
<br>
## Examples
The following examples show how to use this InSpec audit resource. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### Test if all selection lines contain the xattr rule
describe aide_conf.all_have_rule('xattr') do
it { should eq true }
end
### Test whether selection line for /bin contains a particular rule
describe aide_conf.where { selection_line == '/bin' } do
its('rules.flatten') { should include 'r' }
end
### Test whether selection line for /sbin consists of a particular set of rules
describe aide_conf.where { selection_line == '/sbin' } do
its('rules') { should include ['r', 'sha512'] }
end
<br>
## Matchers
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### all_have_rule
The usage of all_have_rule will return whether or not all selection lines in audit.conf contain a particular rule:
describe aide_conf.all_have_rule('sha512') do
it { should eq true }
end