mirror of
https://github.com/inspec/inspec
synced 2024-11-13 08:27:08 +00:00
61 lines
1.6 KiB
Text
61 lines
1.6 KiB
Text
---
|
|
title: About the audit_policy Resource
|
|
---
|
|
|
|
# audit_policy
|
|
|
|
Use the `audit_policy` Inspec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each auditing category property that is enabled, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
|
|
|
|
## Syntax
|
|
|
|
An `audit_policy` resource block declares a parameter that belongs to an audit policy category or subcategory:
|
|
|
|
describe audit_policy do
|
|
its('parameter') { should eq 'value' }
|
|
end
|
|
|
|
where
|
|
|
|
* `'parameter'` must specify a parameter
|
|
* `'value'` must be one of `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`
|
|
|
|
|
|
## Matchers
|
|
|
|
This InSpec audit resource has the following matchers:
|
|
|
|
### be
|
|
|
|
<%= partial "/shared/matcher_be" %>
|
|
|
|
### cmp
|
|
|
|
<%= partial "/shared/matcher_cmp" %>
|
|
|
|
### eq
|
|
|
|
<%= partial "/shared/matcher_eq" %>
|
|
|
|
### include
|
|
|
|
<%= partial "/shared/matcher_include" %>
|
|
|
|
### match
|
|
|
|
<%= partial "/shared/matcher_match" %>
|
|
|
|
## Examples
|
|
|
|
The following examples show how to use this InSpec audit resource.
|
|
|
|
### Test that a parameter is not set to "No Auditing"
|
|
|
|
describe audit_policy do
|
|
its('Other Account Logon Events') { should_not eq 'No Auditing' }
|
|
end
|
|
|
|
### Test that a parameter is set to "Success"
|
|
|
|
describe audit_policy do
|
|
its('User Account Management') { should eq 'Success' }
|
|
end
|