mirror of
https://github.com/inspec/inspec
synced 2024-11-14 00:47:10 +00:00
5c1467dfe9
Signed-off-by: IanMadd <maddaus@protonmail.com>
104 lines
2.9 KiB
Text
104 lines
2.9 KiB
Text
---
|
|
title: About the inetd_conf Resource
|
|
platform: linux
|
|
---
|
|
|
|
# inetd_conf
|
|
|
|
Use the `inetd_conf` Chef InSpec audit resource to test if a service is listed in the `inetd.conf` file on Linux and Unix platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The `inetd.conf` file is typically located at `/etc/inetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.
|
|
|
|
<br>
|
|
|
|
## Availability
|
|
|
|
### Installation
|
|
|
|
This resource is distributed along with Chef InSpec itself. You can use it automatically.
|
|
|
|
### Version
|
|
|
|
This resource first became available in v1.0.0 of InSpec.
|
|
|
|
## Syntax
|
|
|
|
An `inetd_conf` resource block declares the list of services that are enabled in the `inetd.conf` file:
|
|
|
|
describe inetd_conf('path') do
|
|
its('service_name') { should eq 'value' }
|
|
end
|
|
|
|
where
|
|
|
|
* `'service_name'` is a service listed in the `inetd.conf` file
|
|
* `('path')` is the non-default path to the `inetd.conf` file
|
|
* `should eq 'value'` is the value that is expected
|
|
|
|
<br>
|
|
|
|
## Properties
|
|
|
|
This resource supports any of the properties listed as services in the `inetd.conf` file. You may want to ensure that specific services do not listen via `inetd.conf`.
|
|
|
|
<br>
|
|
|
|
## Examples
|
|
|
|
The following examples show how to use this Chef InSpec audit resource.
|
|
|
|
### Basic tests for inetd_conf services:
|
|
|
|
its('shell') { should eq nil }
|
|
|
|
or:
|
|
|
|
its('netstat') { should eq nil }
|
|
|
|
or:
|
|
|
|
its('systat') { should eq nil }
|
|
|
|
For example:
|
|
|
|
describe inetd_conf do
|
|
its('shell') { should eq nil }
|
|
its('login') { should eq nil }
|
|
its('exec') { should eq nil }
|
|
end
|
|
|
|
### Verify that FTP is disabled
|
|
|
|
The contents if the `inetd.conf` file contain the following:
|
|
|
|
#ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
|
|
#telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
|
|
|
|
and the following test is defined:
|
|
|
|
describe inetd_conf do
|
|
its('ftp') { should eq nil }
|
|
its('telnet') { should eq nil }
|
|
end
|
|
|
|
Because both the `ftp` and `telnet` Internet services are commented out (`#`), both services are disabled. Consequently, both tests will return `true`. However, if the `inetd.conf` file is set as follows:
|
|
|
|
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
|
|
#telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
|
|
|
|
then the same test will return `false` for `ftp` and the entire test will fail.
|
|
|
|
### Test if telnet is installed
|
|
|
|
describe package('telnetd') do
|
|
it { should_not be_installed }
|
|
end
|
|
|
|
describe inetd_conf do
|
|
its('telnet') { should eq nil }
|
|
end
|
|
|
|
<br>
|
|
|
|
## Matchers
|
|
|
|
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
|