mirror of
https://github.com/inspec/inspec
synced 2024-12-18 00:53:22 +00:00
65589f8f78
When a header includes two `_`s, they must be escaped, otherwise, the text between the two `_`s is rendered with emphasis. E.g., `<h1 id="etchostsallow">etc<em>hosts</em>allow</h1>` Escaping the `_`s fixes this and the header is rendered properly. This is a fix for: * etc_hosts_allow * etc_hosts_deny * postgres_hba_conf * postgres_ident_conf This change also adds the `h1` title to the windows_hotfix resource page. Signed-off-by: Nathen Harvey <nharvey@chef.io>
92 lines
2.4 KiB
Text
92 lines
2.4 KiB
Text
---
|
|
title: About the postgres_hba_conf Resource
|
|
---
|
|
|
|
# postgres\_hba\_conf
|
|
|
|
Use the `postgres_hba_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.
|
|
|
|
<br>
|
|
|
|
## Syntax
|
|
|
|
An `postgres_hba_conf` InSpec audit resource block declares client authentication data that should be tested:
|
|
|
|
describe postgres_hba_conf.where { type == 'local' } do
|
|
its('auth_method') { should eq ['peer'] }
|
|
end
|
|
|
|
where
|
|
|
|
* `'attribute'` is a attribute in the pg hba configuration file
|
|
* `'filter_value'` is the value that is to be filtered for
|
|
* `'value'` is the value that is to be matched expected
|
|
|
|
<br>
|
|
|
|
## Supported Properties
|
|
|
|
'address', 'auth_method', 'auth_params', 'conf_dir' , 'conf_file' , 'database', 'params' ,'type', 'user'
|
|
|
|
<br>
|
|
|
|
## Property Examples and Return Types
|
|
|
|
### address([String])
|
|
|
|
`address` returns a an array of strings that matches the where condition of the filter table
|
|
|
|
describe postgres_hba_conf.where { type == 'local' } do
|
|
its('address') { should cmp 'value' }
|
|
end
|
|
|
|
### auth_method([String])
|
|
|
|
`auth_method` returns a an array of strings that matches the where condition of the filter table
|
|
|
|
describe postgres_hba_conf.where { type == 'local' } do
|
|
its('auth_method') { should cmp 'value' }
|
|
end
|
|
|
|
### database([String])
|
|
|
|
`database` returns a an array of strings that matches the where condition of the filter table
|
|
|
|
describe postgres_hba_conf.where { type == 'local' } do
|
|
its('database') { should cmp 'value' }
|
|
end
|
|
|
|
### type([String])
|
|
|
|
`type` returns a an array of strings that matches the where condition of the filter table
|
|
|
|
describe postgres_hba_conf.where { database == 'acme_test_db' } do
|
|
its('type') { should cmp 'value' }
|
|
end
|
|
|
|
### user([String])
|
|
|
|
`user` returns a an array of strings that matches the where condition of the filter table
|
|
|
|
describe postgres_hba_conf.where { database == 'acme_test_db' } do
|
|
its('user') { should cmp 'value' }
|
|
end
|
|
|
|
<br>
|
|
|
|
## Matchers
|
|
|
|
This InSpec audit resource matches any service that is listed in the HBA configuration file. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
|
|
its('auth_method') { should_not cmp 'peer' }
|
|
|
|
or:
|
|
|
|
its('auth_method') { should cmp 'peer' }
|
|
|
|
For example:
|
|
|
|
describe postgres_hba_conf.where { type == 'type' } do
|
|
its('auth_method') { should cmp 'value' }
|
|
its('user') { should cmp 'value' }
|
|
end
|