login_defs resource
Use the login_defs Chef InSpec audit resource to test configuration settings in the /etc/login.defs file. The logins.defs file defines site-specific configuration for the shadow password suite on Linux and Unix platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.
Availability
Install
This resource is distributed with Chef InSpec and is automatically available for use.Version
This resource first became available in v1.0.0 of InSpec.
Syntax
A login_defs resource block declares the login.defs configuration data to be tested:
describe login_defs do
its('name') { should include('foo') }
end
where
nameis a configuration setting inlogin.defs{ should include('foo') }tests the value ofnameas read fromlogin.defsversus the value declared in the test
Properties
This resource supports the properties found in the login.defs configuration settings.
Examples
The following examples show how to use this Chef InSpec audit resource.
name
The name matcher tests the value of name as read from login.defs versus the value declared in the test:
its('name') { should eq 'foo' }
Test password expiration settings
describe login_defs do
its('PASS_MAX_DAYS') { should eq '180' }
its('PASS_MIN_DAYS') { should eq '1' }
its('PASS_MIN_LEN') { should eq '15' }
its('PASS_WARN_AGE') { should eq '30' }
end
Test the encryption method
describe login_defs do
its('ENCRYPT_METHOD') { should eq 'SHA512' }
end
Test umask setting
describe login_defs do
its('UMASK') { should eq '077' }
its('PASS_MAX_DAYS') { should eq '90' }
end