mirror of
https://github.com/inspec/inspec
synced 2024-11-23 21:23:29 +00:00
a69cd1efee
Signed-off-by: Justin Schuhmann <jmschu02@gmail.com>
126 lines
3.5 KiB
Text
126 lines
3.5 KiB
Text
---
|
|
title: About the iis_app Resource
|
|
---
|
|
|
|
# iis_app
|
|
|
|
Use the `iis_app` InSpec audit resource to test the state of IIS on Windows Server 2012 (and later).
|
|
|
|
## Syntax
|
|
|
|
An `iis_app` resource block declares details about the named site:
|
|
|
|
describe iis_app('application_path', 'site_name') do
|
|
it { should exist }
|
|
it { should have_application_pool('application_pool') }
|
|
it { should have_protocols('protocol') }
|
|
it { should have_site_name('site') }
|
|
it { should have_physical_path('physical_path') }
|
|
it { should have_path('application_path') }
|
|
end
|
|
|
|
where
|
|
|
|
* `'application_path'` is the path to the application, such as `'/myapp'`
|
|
* `'site_name'` is the name of the site, such as `'Default Web Site'`
|
|
* `('application_pool')` is the name of the application pool in which the site's root application is run, such as `'DefaultAppPool'`
|
|
* `('protocols')` is a binding for the site, such as `'http'`. A site may have multiple bindings; therefore, use a `have_protocol` matcher for each site protocol to be tested
|
|
* `('physical_path') is the physical path to the application, such as `'C:\\inetpub\\wwwroot\\myapp'`
|
|
|
|
For example:
|
|
|
|
describe iis_app('/myapp', 'Default Web Site') do
|
|
it { should exist }
|
|
it { should have_application_pool('MyAppPool') }
|
|
it { should have_protocols('http') }
|
|
it { should have_site_name('Default Web Site') }
|
|
it { should have_physical_path('C:\\inetpub\\wwwroot\\myapp') }
|
|
it { should have_path('\\My Application') }
|
|
end
|
|
|
|
## Matchers
|
|
|
|
This InSpec audit resource has the following matchers:
|
|
|
|
### cmp
|
|
|
|
<%= partial "/shared/matcher_cmp" %>
|
|
|
|
### eq
|
|
|
|
<%= partial "/shared/matcher_eq" %>
|
|
|
|
### exist
|
|
|
|
The `exist` matcher tests if the site exists:
|
|
|
|
it { should exist }
|
|
|
|
### have\_application\_pool
|
|
|
|
The `have_application_pool` matcher tests if the named application pool exists for the web application:
|
|
|
|
it { should have_application_pool('DefaultAppPool') }
|
|
|
|
### have_protocol
|
|
|
|
The `have_protocol` matcher tests if the specified protocol exists for the web application:
|
|
|
|
it { should have_protocol('http') }
|
|
|
|
or:
|
|
|
|
it { should have_protocol('https') }
|
|
|
|
A web application may have multiple bindings; use a `have_protocol` matcher for each unique web application binding to be tested.
|
|
|
|
##### Protocol Attributes
|
|
|
|
The `have_protocol` matcher can also test attributes that are defined for a web application enabledProtocols.
|
|
|
|
it { should have_protocol('http') }
|
|
|
|
For example, testing a site that doesn't have https enabled:
|
|
|
|
it { should_not have_protocol('https') }
|
|
it { should have_protocol('http') }
|
|
|
|
Testing a web application with https enabled and http enabled:
|
|
|
|
it { should have_protocol('https') }
|
|
it { should have_protocol('http') }
|
|
|
|
### have_physical_path
|
|
|
|
The `have_physical_path` matcher tests if the named path is defined for the web application:
|
|
|
|
it { should have_physical_path('C:\\inetpub\\wwwroot') }
|
|
|
|
### include
|
|
|
|
<%= partial "/shared/matcher_include" %>
|
|
|
|
### match
|
|
|
|
<%= partial "/shared/matcher_match" %>
|
|
|
|
## Examples
|
|
|
|
The following examples show how to use this InSpec audit resource.
|
|
|
|
### Test a default IIS web application
|
|
|
|
describe iis_app('Default Web Site') do
|
|
it { should exist }
|
|
it { should be_running }
|
|
it { should have_app_pool('DefaultAppPool') }
|
|
it { should have_binding('http *:80:') }
|
|
it { should have_path('%SystemDrive%\\inetpub\\wwwroot') }
|
|
end
|
|
|
|
### Test if IIS service is running
|
|
|
|
describe service('W3SVC') do
|
|
it { should be_installed }
|
|
it { should be_running }
|
|
end
|