Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 21:23:29 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/docs/resources/postgres_conf.md.erb
Aaron Lippold 3bb98fa1e8 Fixes the postgres_conf parsing of complex paramerters (#1938) 
Fixes #1671

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-23 08:31:27 -07:00

92 lines
2.4 KiB
Text
Raw Blame History

---
title: About the postgres_conf Resource
---
# postgres_conf
Use the `postgres_conf` InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at `/etc/postgresql/<version>/main/postgresql.conf` or `/var/lib/postgres/data/postgresql.conf`, depending on the platform.
## Syntax
A `postgres_conf` resource block declares one (or more) settings in the `postgresql.conf` file, and then compares the setting in the configuration file to the value stated in the test:
describe postgres_conf('path') do
its('setting') { should eq 'value' }
end
where
* `'setting'` specifies a setting in the `postgresql.conf` file
* `('path')` is the non-default path to the `postgresql.conf` file (optional)
* `should eq 'value'` is the value that is expected
## Matchers
This InSpec audit resource has the following matchers:
### be
<%= partial "/shared/matcher_be" %>
### cmp
<%= partial "/shared/matcher_cmp" %>
### eq
<%= partial "/shared/matcher_eq" %>
### include
<%= partial "/shared/matcher_include" %>
### match
<%= partial "/shared/matcher_match" %>
### setting
The `setting` matcher tests specific, named settings in the `postgresql.conf` file:
its('setting') { should eq 'value' }
Use a `setting` matcher for each setting to be tested.
## Examples
The following examples show how to use this InSpec audit resource.
### Test the maximum number of allowed client connections
describe postgres_conf do
its('max_connections') { should eq '5' }
end
### Test system logging
describe postgres_conf do
its('logging_collector') { should eq 'on' }
its('log_connections') { should eq 'on' }
its('log_disconnections') { should eq 'on' }
its('log_duration') { should eq 'on' }
its('log_hostname') { should eq 'on' }
its('log_line_prefix') { should eq '%t %u %d %h' }
its(['pgaudit.log_parameter']) { should cmp 'on' }
end
### Test the port on which PostgreSQL listens
describe postgres_conf do
its('port') { should eq '5432' }
end
### Test the Unix socket settings
describe postgres_conf do
its('unix_socket_directories') { should eq '.s.PGSQL.5432' }
its('unix_socket_group') { should eq nil }
its('unix_socket_permissions') { should eq '0770' }
end
where `unix_socket_group` is set to the PostgreSQL default setting (the group to which the server user belongs).
Reference in a new issue View git blame Copy permalink