From 53d04c2be5646483865bfb0272993461a685e9b9 Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Sat, 18 Jun 2016 11:27:10 +0200 Subject: [PATCH] add documentation for bash resource --- docs/resources.rst | 125 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 125 insertions(+) diff --git a/docs/resources.rst b/docs/resources.rst index c9cc220b62..2a11f80828 100644 --- a/docs/resources.rst +++ b/docs/resources.rst @@ -9,6 +9,7 @@ The following InSpec audit resources are available: * `audit_policy`_ * `auditd_conf`_ * `auditd_rules`_ +* `bash`_ * `bond`_ * `bridge`_ * `csv`_ @@ -398,6 +399,130 @@ Note that filters can be chained, for example: end + + +bash +===================================================== +Use the ``bash`` |inspec resource| to test an arbitrary command in BASH on the system. + +**Stability: Stable** + +Syntax +----------------------------------------------------- +A ``bash`` |inspec resource| block declares a command to be run, one (or more) expected outputs, and the location to which that output is sent: + +.. code-block:: ruby + + describe bash('command') do + it { should exist } + its('matcher') { should eq 'output' } + end + +where + +* ``'command'`` must specify a command to be run +* ``'matcher'`` is one of ``exit_status``, ``stderr``, or ``stdout`` +* ``'output'`` tests the output of the command run on the system versus the output value stated in the test + +Matchers +----------------------------------------------------- +This InSpec audit resource has the following matchers. + +exist ++++++++++++++++++++++++++++++++++++++++++++++++++++++ +The ``exist`` matcher tests if a command may be run on the system: + +.. code-block:: ruby + + it { should exist } + +exit_status ++++++++++++++++++++++++++++++++++++++++++++++++++++++ +The ``exit_status`` matcher tests the exit status for the command: + +.. code-block:: ruby + + its('exit_status') { should eq 123 } + +stderr ++++++++++++++++++++++++++++++++++++++++++++++++++++++ +The ``stderr`` matcher tests results of the command as returned in standard error (stderr): + +.. code-block:: ruby + + its('stderr') { should eq 'error' } + +stdout ++++++++++++++++++++++++++++++++++++++++++++++++++++++ +The ``stdout`` matcher tests results of the command as returned in standard output (stdout): + +.. code-block:: ruby + + its('stdout') { should match /^1$/ } + +Examples +----------------------------------------------------- +The following examples show how to use this InSpec audit resource. + +**List content of a directorye** + +.. code-block:: ruby + + describe bash('ls -al /') do + its('stdout') { should match /bin/ } + its('stderr') { should eq '' } + its('exit_status') { should eq 0 } + end + +**Test standard output (stdout)** + +.. code-block:: ruby + + describe bash('echo hello') do + its('stdout') { should eq 'hello\n' } + its('stderr') { should eq '' } + its('exit_status') { should eq 0 } + end + +**Test standard error (stderr)** + +.. code-block:: ruby + + describe bash('>&2 echo error') do + its('stdout') { should eq '' } + its('stderr') { should eq 'error\n' } + its('exit_status') { should eq 0 } + end + +**Test an exit status code** + +.. code-block:: ruby + + describe bash('exit 123') do + its('stdout') { should eq '' } + its('stderr') { should eq '' } + its('exit_status') { should eq 123 } + end + +**Specify the path of the bash executable** + +.. code-block:: ruby + + describe bash('echo hello', path: '/bin/bash') do + its('stdout') { should eq 'hello\n' } + end + +**Specify bash arguments (defaults to -c)** + +.. code-block:: ruby + + describe bash('echo hello', args: '-x -c') do + its('stdout') { should eq 'hello\n' } + end + + + + bond ===================================================== Use the ``bond`` |inspec resource| to test a logical, bonded network interface (i.e. "two or more network interfaces aggregated into a single, logical network interface"). On |linux| platforms, any value in the ``/proc/net/bonding`` directory may be tested.