mirror of
https://github.com/inspec/inspec
synced 2024-12-18 09:03:12 +00:00
9283f19b6e
Signed-off-by: David Wrede <dwrede@chef.io>
79 lines
2 KiB
Text
79 lines
2 KiB
Text
---
|
|
title: About the auditd_conf Resource
|
|
---
|
|
|
|
# auditd_conf
|
|
|
|
Use the `auditd_conf` InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under `/etc/audit/auditd.conf'` on Unix and Linux platforms.
|
|
|
|
## Syntax
|
|
|
|
A `auditd_conf` resource block declares configuration settings that should be tested:
|
|
|
|
describe auditd_conf('path') do
|
|
its('keyword') { should cmp 'value' }
|
|
end
|
|
|
|
where
|
|
|
|
* `'keyword'` is a configuration setting defined in the `auditd.conf` configuration file
|
|
* `('path')` is the non-default path to the `auditd.conf` configuration file
|
|
* `{ should cmp 'value' }` is the value that is expected
|
|
|
|
|
|
## Matchers
|
|
|
|
This InSpec audit resource has the following matchers:
|
|
|
|
### be
|
|
|
|
<%= partial "/shared/matcher_be" %>
|
|
|
|
### cmp
|
|
|
|
<%= partial "/shared/matcher_cmp" %>
|
|
|
|
### eq
|
|
|
|
<%= partial "/shared/matcher_eq" %>
|
|
|
|
### include
|
|
|
|
<%= partial "/shared/matcher_include" %>
|
|
|
|
### keyword
|
|
|
|
This matcher will matche any keyword that is listed in the `auditd.conf` configuration file. Option names and values are case-insensitive:
|
|
|
|
its('log_format') { should cmp 'raw' }
|
|
|
|
or:
|
|
|
|
its('max_log_file') { should cmp 6 }
|
|
|
|
### match
|
|
|
|
<%= partial "/shared/matcher_match" %>
|
|
|
|
## Examples
|
|
|
|
The following examples show how to use this InSpec audit resource.
|
|
|
|
### Test the auditd.conf file
|
|
|
|
describe auditd_conf do
|
|
its('log_file') { should cmp '/full/path/to/file' }
|
|
its('log_format') { should cmp 'raw' }
|
|
its('flush') { should cmp 'none' }
|
|
its('freq') { should cmp 1 }
|
|
its('num_logs') { should cmp 0 }
|
|
its('max_log_file') { should cmp 6 }
|
|
its('max_log_file_action') { should cmp 'email' }
|
|
its('space_left') { should cmp 2 }
|
|
its('action_mail_acct') { should cmp 'root' }
|
|
its('space_left_action') { should cmp 'email' }
|
|
its('admin_space_left') { should cmp 1 }
|
|
its('admin_space_left_action') { should cmp 'halt' }
|
|
its('disk_full_action') { should cmp 'halt' }
|
|
its('disk_error_action') { should cmp 'halt' }
|
|
end
|