Writing our First Inspec Script
Before creating the Script Create the folder called inspec-demo and move into the folder by executing the below command
$ mkdir inspec-demo && cd inspec-demo
Now Execute the below command to create the file called conference with the following content
$ echo "Open Security Summit is an Good Conference" >> conference
Now let's try to understand the basic components the Inspec test scripts made up
Resources - Resources are the subject that we want to test
Matcher - as the name suggest it try to match or compare with the current state of the resources with the state that defined by the user
The simple test looks like the below format
describe <'Resources'> do
it {<'Matcher'>}
end
Note there are two things exist in the chef inspec it and its The difference between those two is it denotes the resources its denotes the attribute of the resources like permission
Now lets try to create the script with the following below content
describe file('conference') do ## Here we are using the file named as conference as resource
it { should exist } ## check whether the file exist or not
its('content') { should match "Open Security Summit is an Awesome Conference"}
## check its content
end
Open your favourite editor of your choice and Save the above script with .rb Extension in the inspec-demo document
Now execute the test by typing the below command in the terminal
$ inspec exec test.rb
Profile: tests from test.rb (tests from test.rb)
Version: (not specified)
Target: local://
File conference
✔ is expected to exist
× content is expected to match "Open Security Summit is an Awesome Conference"
expected "Open Security Summit is an Good Conference\n" to match "Open Security Summit is an Awesome Conference"
Diff:
@@ -1,2 +1,2 @@
-Open Security Summit is an Awesome Conference
+Open Security Summit is an Good Conference
Test Summary: 1 successful, 1 failure, 0 skipped
You could see that we are getting one success and one failure
Now try to replace the content of the conference file with the below content
Open Security Summit is an Awesome Conference
Now again try to run the test using the same above command
Profile: tests from test.rb (tests from test.rb)
Version: (not specified)
Target: local://
File conference
✔ is expected to exist
✔ content is expected to match "Open Security Summit is an Awesome Conference"
Test Summary: 2 successful, 0 failures, 0 skipped
This time you could see that we are getting 2 success and 0 failure
You can get the output in the JSON format so that machine can easily parse the output
$ inspec exec test.rb--reporter=json
Task
Create the test that checks for the following things
\etc\passwdfile must exist- It should be owned by
rootuser