Sha256: e3817e2ff98efc1cb90c2a7900185707036dd01b53cc940714c8ad259feec454
Contents?: true
Size: 1.73 KB
Versions: 13
Compression:
Stored size: 1.73 KB
Contents
---
title: About the login_defs Resource
---
# login_defs
Use the `login_defs` InSpec audit resource to test configuration settings in the `/etc/login.defs` file. The `logins.defs` file defines site-specific configuration for the shadow password suite on Linux and Unix platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.
<br>
## Syntax
A `login_defs` resource block declares the `login.defs` configuration data to be tested:
describe login_defs do
its('name') { should include('foo') }
end
where
* `name` is a configuration setting in `login.defs`
* `{ should include('foo') }` tests the value of `name` as read from `login.defs` versus the value declared in the test
<br>
## Examples
The following examples show how to use this InSpec audit resource.
### Test password expiration settings
describe login_defs do
its('PASS_MAX_DAYS') { should eq '180' }
its('PASS_MIN_DAYS') { should eq '1' }
its('PASS_MIN_LEN') { should eq '15' }
its('PASS_WARN_AGE') { should eq '30' }
end
### Test the encryption method
describe login_defs do
its('ENCRYPT_METHOD') { should eq 'SHA512' }
end
### Test umask setting
describe login_def do
its('UMASK') { should eq '077' }
its('PASS_MAX_DAYS') { should eq '90' }
end
<br>
## Matchers
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### name
The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test:
its('name') { should eq 'foo' }
Version data entries
13 entries across 13 versions & 1 rubygems