mirror of
https://github.com/inspec/inspec
synced 2024-11-27 15:10:44 +00:00
2cef15aec3
* Added aide_conf resource and subsequent files * Updated to match on all selection lines Signed-off-by: Jennifer Burns <jburns@mitre.org> * Changed to use CommentParser and fixed typo Signed-off-by: Jennifer Burns <jburns@mitre.org> * Fix typo in test file Signed-off-by: Jennifer Burns <jburns@mitre.org> * Updated to address PR feedback Signed-off-by: Jennifer Burns <jburns@mitre.org>
81 lines
2.2 KiB
Text
81 lines
2.2 KiB
Text
---
|
|
title: About the aide_conf Resource
|
|
---
|
|
|
|
# aide_conf
|
|
|
|
Use the `aide_conf` InSpec audit resource to test the rules established for the file integrity tool AIDE. Controlled by the aide.conf file typically at /etc/aide.conf.
|
|
|
|
## Syntax
|
|
|
|
An `aide_conf` resource block can be used to determine if the selection lines contain one (or more) directories whose files should be added to the aide database:
|
|
|
|
describe aide_conf('path') do
|
|
its('selection_lines') { should include '/sbin' }
|
|
end
|
|
|
|
where
|
|
|
|
* `'selection_lines'` refers to all selection lines found in the aide.conf file
|
|
* `('path')` is the non-default path to the `aide.conf` file (optional)
|
|
* `should include 'value'` is the value that is expected
|
|
|
|
Use the where clause to match a selection_line to one rule or a particular set of rules found in the aide.conf file:
|
|
|
|
describe aide_conf.where { selection_line == '/bin' } do
|
|
its('rules.flatten') { should include 'r' }
|
|
end
|
|
|
|
describe aide_conf.where { selection_line == '/sbin' } do
|
|
its('rules') { should include ['p', 'i', 'l', 'n', 'u', 'g', 'sha512'] }
|
|
end
|
|
|
|
## Matchers
|
|
|
|
This InSpec audit resource has the following matchers:
|
|
|
|
### be
|
|
|
|
<%= partial "/shared/matcher_be" %>
|
|
|
|
### cmp
|
|
|
|
<%= partial "/shared/matcher_cmp" %>
|
|
|
|
### eq
|
|
|
|
<%= partial "/shared/matcher_eq" %>
|
|
|
|
### include
|
|
|
|
<%= partial "/shared/matcher_include" %>
|
|
|
|
### all_have_rule
|
|
|
|
The usage of all_have_rule will return whether or not all selection lines in audit.conf contain a particular rule:
|
|
|
|
describe aide_conf.all_have_rule('sha512') do
|
|
it { should eq true }
|
|
end
|
|
|
|
## Examples
|
|
|
|
The following examples show how to use this InSpec audit resource.
|
|
|
|
### Test if all selection lines contain the xattr rule
|
|
|
|
describe aide_conf.all_have_rule('xattr') do
|
|
it { should eq true }
|
|
end
|
|
|
|
### Test whether selection line for /bin contains a particular rule
|
|
|
|
describe aide_conf.where { selection_line == '/bin' } do
|
|
its('rules.flatten') { should include 'r' }
|
|
end
|
|
|
|
### Test whether selection line for /sbin consists of a particular set of rules
|
|
|
|
describe aide_conf.where { selection_line == '/sbin' } do
|
|
its('rules') { should include ['r', 'sha512'] }
|
|
end
|