inspec 1.0.0.beta2 → 1.0.0.beta3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +41 -2
- data/Gemfile +4 -0
- data/Rakefile +2 -1
- data/docs/.gitignore +2 -0
- data/docs/README.md +21 -1
- data/docs/resources/apache_conf.md.erb +75 -0
- data/docs/resources/apt.md.erb +84 -0
- data/docs/resources/audit_policy.md.erb +61 -0
- data/docs/resources/auditd_conf.md.erb +79 -0
- data/docs/resources/auditd_rules.md.erb +132 -0
- data/docs/resources/bash.md.erb +84 -0
- data/docs/resources/bond.md.erb +97 -0
- data/docs/resources/bridge.md.erb +67 -0
- data/docs/resources/bsd_service.md.erb +76 -0
- data/docs/resources/command.md.erb +151 -0
- data/docs/resources/csv.md.erb +62 -0
- data/docs/resources/directory.md.erb +43 -0
- data/docs/resources/etc_group.md.erb +116 -0
- data/docs/resources/etc_passwd.md.erb +155 -0
- data/docs/resources/etc_shadow.md.erb +149 -0
- data/docs/resources/file.md.erb +460 -0
- data/docs/resources/gem.md.erb +73 -0
- data/docs/resources/group.md.erb +74 -0
- data/docs/resources/grub_conf.md.erb +115 -0
- data/docs/resources/host.md.erb +85 -0
- data/docs/resources/iis_site.md.erb +142 -0
- data/docs/resources/inetd_conf.md.erb +99 -0
- data/docs/resources/ini.md.erb +69 -0
- data/docs/resources/interface.md.erb +66 -0
- data/docs/resources/iptables.md.erb +70 -0
- data/docs/resources/json.md.erb +76 -0
- data/docs/resources/kernel_module.md.erb +60 -0
- data/docs/resources/kernel_parameter.md.erb +72 -0
- data/docs/resources/launchd_service.md.erb +76 -0
- data/docs/resources/limits_conf.md.erb +80 -0
- data/docs/resources/login_def.md.erb +77 -0
- data/docs/resources/mount.md.erb +83 -0
- data/docs/resources/mysql_conf.md.erb +102 -0
- data/docs/resources/mysql_session.md.erb +63 -0
- data/docs/resources/npm.md.erb +75 -0
- data/docs/resources/ntp_conf.md.erb +76 -0
- data/docs/resources/oneget.md.erb +67 -0
- data/docs/resources/os.md.erb +154 -0
- data/docs/resources/os_env.md.erb +98 -0
- data/docs/resources/package.md.erb +115 -0
- data/docs/resources/parse_config.md.erb +122 -0
- data/docs/resources/parse_config_file.md.erb +143 -0
- data/docs/resources/pip.md.erb +74 -0
- data/docs/resources/port.md.erb +150 -0
- data/docs/resources/postgres_conf.md.erb +90 -0
- data/docs/resources/postgres_session.md.erb +75 -0
- data/docs/resources/powershell.md.erb +116 -0
- data/docs/resources/process.md.erb +73 -0
- data/docs/resources/registry_key.md.erb +149 -0
- data/docs/resources/runit_service.md.erb +76 -0
- data/docs/resources/security_policy.md.erb +61 -0
- data/docs/resources/service.md.erb +135 -0
- data/docs/resources/ssh_config.md.erb +94 -0
- data/docs/resources/sshd_config.md.erb +97 -0
- data/docs/resources/ssl.md.erb +133 -0
- data/docs/resources/sys_info.md.erb +55 -0
- data/docs/resources/systemd_service.md.erb +76 -0
- data/docs/resources/sysv_service.md.erb +76 -0
- data/docs/resources/upstart_service.md.erb +76 -0
- data/docs/resources/user.md.erb +154 -0
- data/docs/resources/users.md.erb +140 -0
- data/docs/resources/vbscript.md.erb +69 -0
- data/docs/resources/windows_feature.md.erb +61 -0
- data/docs/resources/wmi.md.erb +95 -0
- data/docs/resources/xinetd_conf.md.erb +170 -0
- data/docs/resources/yaml.md.erb +69 -0
- data/docs/resources/yum.md.erb +103 -0
- data/docs/ruby_usage.md +154 -0
- data/docs/shared/matcher_be.md.erb +1 -0
- data/docs/shared/matcher_cmp.md.erb +45 -0
- data/docs/shared/matcher_eq.md.erb +3 -0
- data/docs/shared/matcher_include.md.erb +1 -0
- data/docs/shared/matcher_match.md.erb +1 -0
- data/lib/fetchers/url.rb +27 -29
- data/lib/inspec/cached_fetcher.rb +67 -0
- data/lib/inspec/dependencies/requirement.rb +6 -7
- data/lib/inspec/objects/each_loop.rb +5 -2
- data/lib/inspec/plugins/fetcher.rb +2 -0
- data/lib/inspec/profile.rb +9 -41
- data/lib/inspec/resource.rb +1 -1
- data/lib/inspec/rspec_json_formatter.rb +11 -5
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/groups.rb +190 -0
- data/lib/resources/users.rb +3 -2
- metadata +79 -6
- data/docs/cli.rst +0 -448
- data/docs/resources.rst +0 -4836
- data/docs/ruby_usage.rst +0 -145
- data/lib/resources/group.rb +0 -137
@@ -0,0 +1,72 @@
|
|
1
|
+
---
|
2
|
+
title: About the kernel_parameter Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# kernel_parameter
|
6
|
+
|
7
|
+
Use the `kernel_parameter` InSpec audit resource to test kernel parameters on Linux platforms.
|
8
|
+
|
9
|
+
# Syntax
|
10
|
+
|
11
|
+
A `kernel_parameter` resource block declares a parameter and then a value to be tested:
|
12
|
+
|
13
|
+
describe kernel_parameter('path.to.parameter') do
|
14
|
+
its('value') { should eq 0 }
|
15
|
+
end
|
16
|
+
|
17
|
+
where
|
18
|
+
|
19
|
+
* `'kernel.parameter'` must specify a kernel parameter, such as `'net.ipv4.conf.all.forwarding'`
|
20
|
+
* `{ should eq 0 }` states the value to be tested
|
21
|
+
|
22
|
+
# Matchers
|
23
|
+
|
24
|
+
This InSpec audit resource has the following matchers:
|
25
|
+
|
26
|
+
## be
|
27
|
+
|
28
|
+
<%= partial "/shared/matcher_be" %>
|
29
|
+
|
30
|
+
## cmp
|
31
|
+
|
32
|
+
<%= partial "/shared/matcher_cmp" %>
|
33
|
+
|
34
|
+
## eq
|
35
|
+
|
36
|
+
<%= partial "/shared/matcher_eq" %>
|
37
|
+
|
38
|
+
## include
|
39
|
+
|
40
|
+
<%= partial "/shared/matcher_include" %>
|
41
|
+
|
42
|
+
## match
|
43
|
+
|
44
|
+
<%= partial "/shared/matcher_match" %>
|
45
|
+
|
46
|
+
## value
|
47
|
+
|
48
|
+
The `value` matcher tests the value assigned to the named IP address versus the value declared in the test:
|
49
|
+
|
50
|
+
its('value') { should eq 0 }
|
51
|
+
|
52
|
+
# Examples
|
53
|
+
|
54
|
+
The following examples show how to use this InSpec audit resource.
|
55
|
+
|
56
|
+
## Test if global forwarding is enabled for an IPv4 address
|
57
|
+
|
58
|
+
describe kernel_parameter('net.ipv4.conf.all.forwarding') do
|
59
|
+
its('value') { should eq 1 }
|
60
|
+
end
|
61
|
+
|
62
|
+
## Test if global forwarding is disabled for an IPv6 address
|
63
|
+
|
64
|
+
describe kernel_parameter('net.ipv6.conf.all.forwarding') do
|
65
|
+
its('value') { should eq 0 }
|
66
|
+
end
|
67
|
+
|
68
|
+
## Test if an IPv6 address accepts redirects
|
69
|
+
|
70
|
+
describe kernel_parameter('net.ipv6.conf.interface.accept_redirects') do
|
71
|
+
its('value') { should eq 'true' }
|
72
|
+
end
|
@@ -0,0 +1,76 @@
|
|
1
|
+
---
|
2
|
+
title: About the launchd_service Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# launchd_service
|
6
|
+
|
7
|
+
Use the ``launchd_service`` InSpec audit resource to test a service using Launchd.
|
8
|
+
|
9
|
+
# Syntax
|
10
|
+
|
11
|
+
A ``launchd_service`` resource block declares the name of a service and then one (or more) matchers to test the state of the service:
|
12
|
+
|
13
|
+
describe launchd_service('service_name') do
|
14
|
+
it { should be_installed }
|
15
|
+
it { should be_enabled }
|
16
|
+
it { should be_running }
|
17
|
+
end
|
18
|
+
|
19
|
+
where
|
20
|
+
|
21
|
+
* ``('service_name')`` must specify a service name
|
22
|
+
* `be_installed`, `be_enabled`, and `be_running` are valid matchers for this resource; all matchers available to the `service` resource may be used
|
23
|
+
|
24
|
+
The path to the service manager's control may be specified for situations where the path isn't available in the current ``PATH``. For example:
|
25
|
+
|
26
|
+
describe launchd_service('service_name', '/path/to/control') do
|
27
|
+
it { should be_enabled }
|
28
|
+
it { should be_installed }
|
29
|
+
it { should be_running }
|
30
|
+
end
|
31
|
+
|
32
|
+
# Matchers
|
33
|
+
|
34
|
+
This InSpec audit resource has the following matchers:
|
35
|
+
|
36
|
+
## be
|
37
|
+
|
38
|
+
<%= partial "/shared/matcher_be" %>
|
39
|
+
|
40
|
+
## be_enabled
|
41
|
+
|
42
|
+
The `be_enabled` matcher tests if the named service is enabled:
|
43
|
+
|
44
|
+
it { should be_enabled }
|
45
|
+
|
46
|
+
## be_installed
|
47
|
+
|
48
|
+
The `be_installed` matcher tests if the named service is installed:
|
49
|
+
|
50
|
+
it { should be_installed }
|
51
|
+
|
52
|
+
## be_running
|
53
|
+
|
54
|
+
The `be_running` matcher tests if the named service is running:
|
55
|
+
|
56
|
+
it { should be_running }
|
57
|
+
|
58
|
+
## cmp
|
59
|
+
|
60
|
+
<%= partial "/shared/matcher_cmp" %>
|
61
|
+
|
62
|
+
## eq
|
63
|
+
|
64
|
+
<%= partial "/shared/matcher_eq" %>
|
65
|
+
|
66
|
+
## include
|
67
|
+
|
68
|
+
<%= partial "/shared/matcher_include" %>
|
69
|
+
|
70
|
+
## match
|
71
|
+
|
72
|
+
<%= partial "/shared/matcher_match" %>
|
73
|
+
|
74
|
+
# Examples
|
75
|
+
|
76
|
+
None.
|
@@ -0,0 +1,80 @@
|
|
1
|
+
---
|
2
|
+
title: About the limits_conf Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# limits_conf
|
6
|
+
|
7
|
+
Use the `limits_conf` InSpec audit resource to test configuration settings in the `/etc/security/limits.conf` file. The `limits.conf` defines limits for processes (by user and/or group names) and helps ensure that the system on which those processes are running remains stable. Each process may be assigned a hard or soft limit.
|
8
|
+
|
9
|
+
* Soft limits are maintained by the shell and defines the number of file handles (or open files) available to the user or group after login
|
10
|
+
* Hard limits are maintained by the kernel and defines the maximum number of allowed file handles
|
11
|
+
|
12
|
+
Entries in the `limits.conf` file are similar to:
|
13
|
+
|
14
|
+
grantmc soft nofile 4096
|
15
|
+
grantmc hard nofile 63536
|
16
|
+
|
17
|
+
^^^^^^^^^ ^^^^ ^^^^^^ ^^^^^
|
18
|
+
domain type item value
|
19
|
+
|
20
|
+
# Syntax
|
21
|
+
|
22
|
+
A `limits_conf` resource block declares a domain to be tested, along with associated type, item, and value:
|
23
|
+
|
24
|
+
describe limits_conf('path') do
|
25
|
+
its('domain') { should include ['type', 'item', 'value'] }
|
26
|
+
its('domain') { should eq ['type', 'item', 'value'] }
|
27
|
+
end
|
28
|
+
|
29
|
+
where
|
30
|
+
|
31
|
+
* `('path')` is the non-default path to the `inetd.conf` file
|
32
|
+
* `'domain'` is a user or group name, such as `grantmc`
|
33
|
+
* `'type'` is either `hard` or `soft`
|
34
|
+
* `'item'` is the item for which limits are defined, such as `core`, `nofile`, `stack`, `nproc`, `priority`, or `maxlogins`
|
35
|
+
* `'value'` is the value associated with the `item`
|
36
|
+
|
37
|
+
# Matchers
|
38
|
+
|
39
|
+
This InSpec audit resource has the following matchers:
|
40
|
+
|
41
|
+
## be
|
42
|
+
|
43
|
+
<%= partial "/shared/matcher_be" %>
|
44
|
+
|
45
|
+
## cmp
|
46
|
+
|
47
|
+
<%= partial "/shared/matcher_cmp" %>
|
48
|
+
|
49
|
+
## domain
|
50
|
+
|
51
|
+
The `domain` matcher tests the domain in the `limits.conf` file, along with associated type, item, and value:
|
52
|
+
|
53
|
+
its('domain') { should include ['type', 'item', 'value'] }
|
54
|
+
`
|
55
|
+
For example:
|
56
|
+
|
57
|
+
its('grantmc') { should include ['hard', 'nofile', '63536'] }
|
58
|
+
|
59
|
+
## eq
|
60
|
+
|
61
|
+
<%= partial "/shared/matcher_eq" %>
|
62
|
+
|
63
|
+
## include
|
64
|
+
|
65
|
+
<%= partial "/shared/matcher_include" %>
|
66
|
+
|
67
|
+
## match
|
68
|
+
|
69
|
+
<%= partial "/shared/matcher_match" %>
|
70
|
+
|
71
|
+
# Examples
|
72
|
+
|
73
|
+
The following examples show how to use this InSpec audit resource.
|
74
|
+
|
75
|
+
## Test limits
|
76
|
+
|
77
|
+
describe limits_conf('path') do
|
78
|
+
its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
|
79
|
+
its('ftp') { should eq ['hard', 'nproc', '0'] }
|
80
|
+
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
---
|
2
|
+
title: About the login_defs Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# login_defs
|
6
|
+
|
7
|
+
Use the `login_defs` InSpec audit resource to test configuration settings in the `/etc/login.defs` file. The `logins.defs` file defines site-specific configuration for the shadow password suite on Linux and Unix platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted.
|
8
|
+
|
9
|
+
# Syntax
|
10
|
+
|
11
|
+
A `login_defs` resource block declares the `login.defs` configuration data to be tested:
|
12
|
+
|
13
|
+
describe login_defs do
|
14
|
+
its('name') { should include('foo') }
|
15
|
+
end
|
16
|
+
|
17
|
+
where
|
18
|
+
|
19
|
+
* `name` is a configuration setting in `login.defs`
|
20
|
+
* `{ should include('foo') }` tests the value of `name` as read from `login.defs` versus the value declared in the test
|
21
|
+
|
22
|
+
|
23
|
+
# Matchers
|
24
|
+
|
25
|
+
This InSpec audit resource has the following matchers:
|
26
|
+
|
27
|
+
## be
|
28
|
+
|
29
|
+
<%= partial "/shared/matcher_be" %>
|
30
|
+
|
31
|
+
## cmp
|
32
|
+
|
33
|
+
<%= partial "/shared/matcher_cmp" %>
|
34
|
+
|
35
|
+
## eq
|
36
|
+
|
37
|
+
<%= partial "/shared/matcher_eq" %>
|
38
|
+
|
39
|
+
## include
|
40
|
+
|
41
|
+
<%= partial "/shared/matcher_include" %>
|
42
|
+
|
43
|
+
## match
|
44
|
+
|
45
|
+
<%= partial "/shared/matcher_match" %>
|
46
|
+
|
47
|
+
## name
|
48
|
+
|
49
|
+
The `name` matcher tests the value of `name` as read from `login.defs` versus the value declared in the test:
|
50
|
+
|
51
|
+
its('name') { should eq 'foo' }
|
52
|
+
|
53
|
+
# Examples
|
54
|
+
|
55
|
+
The following examples show how to use this InSpec audit resource.
|
56
|
+
|
57
|
+
## Test password expiration settings
|
58
|
+
|
59
|
+
describe login_defs do
|
60
|
+
its('PASS_MAX_DAYS') { should eq '180' }
|
61
|
+
its('PASS_MIN_DAYS') { should eq '1' }
|
62
|
+
its('PASS_MIN_LEN') { should eq '15' }
|
63
|
+
its('PASS_WARN_AGE') { should eq '30' }
|
64
|
+
end
|
65
|
+
|
66
|
+
## Test the encryption method
|
67
|
+
|
68
|
+
describe login_defs do
|
69
|
+
its('ENCRYPT_METHOD') { should eq 'SHA512' }
|
70
|
+
end
|
71
|
+
|
72
|
+
## Test umask setting
|
73
|
+
|
74
|
+
describe login_def do
|
75
|
+
its('UMASK') { should eq '077' }
|
76
|
+
its('PASS_MAX_DAYS') { should eq '90' }
|
77
|
+
end
|
@@ -0,0 +1,83 @@
|
|
1
|
+
---
|
2
|
+
title: About the mount Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# mount
|
6
|
+
|
7
|
+
Use the `mount` InSpec audit resource to test the mount points on Linux systems.
|
8
|
+
|
9
|
+
# Syntax
|
10
|
+
|
11
|
+
An `mount` resource block declares the synchronization settings that should be tested:
|
12
|
+
|
13
|
+
describe mount('path') do
|
14
|
+
it { should MATCHER 'value' }
|
15
|
+
end
|
16
|
+
|
17
|
+
where
|
18
|
+
|
19
|
+
* `('path')` is the path to the mounted directory
|
20
|
+
* `MATCHER` is a valid matcher for this resource
|
21
|
+
* `'value'` is the value to be tested
|
22
|
+
|
23
|
+
|
24
|
+
# Matchers
|
25
|
+
|
26
|
+
This InSpec audit resource has the following matchers:
|
27
|
+
|
28
|
+
## be
|
29
|
+
|
30
|
+
<%= partial "/shared/matcher_be" %>
|
31
|
+
|
32
|
+
## be_mounted
|
33
|
+
|
34
|
+
The `be_mounted` matcher tests if the file is accessible from the file system:
|
35
|
+
|
36
|
+
it { should be_mounted }
|
37
|
+
|
38
|
+
## cmp
|
39
|
+
|
40
|
+
<%= partial "/shared/matcher_cmp" %>
|
41
|
+
|
42
|
+
## device
|
43
|
+
|
44
|
+
The `device` matcher tests the device from the `fstab` table:
|
45
|
+
|
46
|
+
its('device') { should eq '/dev/mapper/VolGroup-lv_root' }
|
47
|
+
|
48
|
+
## eq
|
49
|
+
|
50
|
+
<%= partial "/shared/matcher_eq" %>
|
51
|
+
|
52
|
+
## include
|
53
|
+
|
54
|
+
<%= partial "/shared/matcher_include" %>
|
55
|
+
|
56
|
+
## match
|
57
|
+
|
58
|
+
<%= partial "/shared/matcher_match" %>
|
59
|
+
|
60
|
+
## options
|
61
|
+
|
62
|
+
The `options` matcher tests the mount options for the file system from the `fstab` table:
|
63
|
+
|
64
|
+
its('options') { should eq ['rw', 'mode=620'] }
|
65
|
+
|
66
|
+
## type
|
67
|
+
|
68
|
+
The `type` matcher tests the file system type:
|
69
|
+
|
70
|
+
its('type') { should eq 'ext4' }
|
71
|
+
|
72
|
+
# Examples
|
73
|
+
|
74
|
+
The following examples show how to use this InSpec audit resource.
|
75
|
+
|
76
|
+
## Test a the mount point on '/'
|
77
|
+
|
78
|
+
describe mount('/') do
|
79
|
+
it { should be_mounted }
|
80
|
+
its('device') { should eq '/dev/mapper/VolGroup-lv_root' }
|
81
|
+
its('type') { should eq 'ext4' }
|
82
|
+
its('options') { should eq ['rw', 'mode=620'] }
|
83
|
+
end
|
@@ -0,0 +1,102 @@
|
|
1
|
+
---
|
2
|
+
title: About the mysql_conf Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# mysql_conf
|
6
|
+
|
7
|
+
Use the `mysql_conf` InSpec audit resource to test the contents of the configuration file for MySQL, typically located at `/etc/mysql/my.cnf` or `/etc/my.cnf`.
|
8
|
+
|
9
|
+
# Syntax
|
10
|
+
|
11
|
+
A `mysql_conf` resource block declares one (or more) settings in the `my.cnf` file, and then compares the setting in the configuration file to the value stated in the test:
|
12
|
+
|
13
|
+
describe mysql_conf('path') do
|
14
|
+
its('setting') { should eq 'value' }
|
15
|
+
end
|
16
|
+
|
17
|
+
where
|
18
|
+
|
19
|
+
* `'setting'` specifies a setting in the `my.cnf` file, such as `max_connections`
|
20
|
+
* `('path')` is the non-default path to the `my.cnf` file
|
21
|
+
* `should eq 'value'` is the value that is expected
|
22
|
+
|
23
|
+
|
24
|
+
# Matchers
|
25
|
+
|
26
|
+
This InSpec audit resource has the following matchers:
|
27
|
+
|
28
|
+
## be
|
29
|
+
|
30
|
+
<%= partial "/shared/matcher_be" %>
|
31
|
+
|
32
|
+
## cmp
|
33
|
+
|
34
|
+
<%= partial "/shared/matcher_cmp" %>
|
35
|
+
|
36
|
+
## eq
|
37
|
+
|
38
|
+
<%= partial "/shared/matcher_eq" %>
|
39
|
+
|
40
|
+
## include
|
41
|
+
|
42
|
+
<%= partial "/shared/matcher_include" %>
|
43
|
+
|
44
|
+
## match
|
45
|
+
|
46
|
+
<%= partial "/shared/matcher_match" %>
|
47
|
+
|
48
|
+
## setting
|
49
|
+
|
50
|
+
The `setting` matcher tests specific, named settings in the `my.cnf` file:
|
51
|
+
|
52
|
+
its('setting') { should eq 'value' }
|
53
|
+
|
54
|
+
Use a `setting` matcher for each setting to be tested.
|
55
|
+
|
56
|
+
# Examples
|
57
|
+
|
58
|
+
The following examples show how to use this InSpec audit resource.
|
59
|
+
|
60
|
+
## Test the maximum number of allowed connections
|
61
|
+
|
62
|
+
describe mysql_conf do
|
63
|
+
its('max_connections') { should eq '505' }
|
64
|
+
its('max_user_connections') { should eq '500' }
|
65
|
+
end
|
66
|
+
|
67
|
+
## Test slow query logging**
|
68
|
+
|
69
|
+
describe mysql_conf do
|
70
|
+
its('slow_query_log_file') { should eq 'hostname_slow.log' }
|
71
|
+
its('slow_query_log') { should eq '0' }
|
72
|
+
its('log_queries_not_using_indexes') { should eq '1' }
|
73
|
+
its('long_query_time') { should eq '0.5' }
|
74
|
+
its('min_examined_row_limit') { should eq '100' }
|
75
|
+
end
|
76
|
+
|
77
|
+
## Test the port and socket on which MySQL listens
|
78
|
+
|
79
|
+
describe mysql_conf do
|
80
|
+
its('port') { should eq '3306' }
|
81
|
+
its('socket') { should eq '/var/run/mysqld/mysql.sock' }
|
82
|
+
end
|
83
|
+
|
84
|
+
## Test connection and thread variables
|
85
|
+
|
86
|
+
describe mysql_conf do
|
87
|
+
its('port') { should eq '3306' }
|
88
|
+
its('socket') { should eq '/var/run/mysqld/mysql.sock' }
|
89
|
+
its('max_allowed_packet') { should eq '12M' }
|
90
|
+
its('default_storage_engine') { should eq 'InnoDB' }
|
91
|
+
its('character_set_server') { should eq 'utf8' }
|
92
|
+
its('collation_server') { should eq 'utf8_general_ci' }
|
93
|
+
its('max_connections') { should eq '505' }
|
94
|
+
its('max_user_connections') { should eq '500' }
|
95
|
+
its('thread_cache_size') { should eq '505' }
|
96
|
+
end
|
97
|
+
|
98
|
+
## Test the safe-user-create parameter
|
99
|
+
|
100
|
+
describe mysql_conf.params('mysqld') do
|
101
|
+
its('safe-user-create') { should eq('1') }
|
102
|
+
end
|