Use the login_defs Chef InSpec audit resource to test configuration settings in the /etc/login.defs file. The logins.defs file defines site-specific configuration for the shadow password suite on Linux and Unix platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
This resource first became available in v1.0.0 of InSpec.
A login_defs resource block declares the login.defs configuration data to be tested:
describe login_defs do
its('name') { should include('foo') }
end
where
name is a configuration setting in login.defs
{ should include('foo') } tests the value of name as read from login.defs versus the value declared in the testThis resource supports the properties found in the login.defs configuration settings.
The following examples show how to use this Chef InSpec audit resource.
The name matcher tests the value of name as read from login.defs versus the value declared in the test:
its('name') { should eq 'foo' }
describe login_defs do
its('PASS_MAX_DAYS') { should eq '180' }
its('PASS_MIN_DAYS') { should eq '1' }
its('PASS_MIN_LEN') { should eq '15' }
its('PASS_WARN_AGE') { should eq '30' }
end
describe login_defs do
its('ENCRYPT_METHOD') { should eq 'SHA512' }
end
describe login_defs do
its('UMASK') { should eq '077' }
its('PASS_MAX_DAYS') { should eq '90' }
end
For a full list of available matchers, please visit our matchers page.
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/inspec/resources/login_defs/