linux_audit_system resource
Use the linux_audit_system Chef InSpec audit resource to test the configuration of Linux audit system.
Availability
Install
The Chef InSpec distributes this resource.
Syntax
A linux_audit_system Chef InSpec audit resource allows you to test the configuration of Linux audit system.
describe linux_audit_system do
it { should be_enabled }
it { should be_running }
its('rules') { should include 'some_rule' }
end
where:
rulesis a property of this resource.some_ruleis the expected rule to be included in the rules list.be_enabledandbe_runningare matchers of this resource.
Properties
The property of this resource is rules.
rules
The rules property returns an array of audit rules of the system. It allows testing by passing an argument as a string or a regular expression to a valid matcher.
its('rules') { should include 'RULE' }
its('rules') { should include %r{some_regex_rule} }
Matchers
For a full list of available matchers, please visit our matchers page. The specific matchers of this resource are be_enabled and be_running.
be_enabled
The be_enabled matcher tests if auditing is enabled on the system.
it { should be_enabled }
be_running
The be_running matcher tests if the audit daemon runs on the system.
it { should be_running }
Examples
The following examples show how to use this Chef InSpec audit resource.
Ensure auditing is enabled on the system
be_enabled checks if auditing is enabled on the system.
describe linux_audit_system do
it { should be_enabled }
end
Ensure the audit daemon is running on the system
be_running checks for if the audit daemon runs on the system.
describe linux_audit_system do
it { should be_running }
end
Verify if the list of audit rules contains certain rules
rules returns an array of audit rules of the system.
describe linux_audit_system do
its('rules') { should include '-w /etc -p wa' }
its('rules') { should include %r!-w /etc -p wa! }
its('rules') { should include %r{-w /etc -p wa} }
its('rules') { should_not include %r!-a entry,always -S all -F pid=1005! }
end