On this page
kernel_module resource
Use the kernel_module Chef InSpec audit resource to test kernel modules on Linux platforms. These parameters are located under /lib/modules. Any submodule may be tested using this resource.
The kernel_module resource can also verify if a kernel module is blacklisted or if a module is disabled via a fake install using the bin_true or bin_false method.
Availability
Installation
This resource is distributed along with Chef InSpec itself. You can use it automatically.
Version
This resource first became available in v1.0.0 of InSpec.
Syntax
A kernel_module resource block declares a module name, and then tests if that module is a loaded kernel module, if it is enabled, disabled or if it is blacklisted:
describe kernel_module('module_name') do
  it { should be_loaded }
  it { should_not be_disabled }
  it { should_not be_blacklisted }
end
where
- 'module_name'must specify a kernel module, such as- 'bridge'
- { should be_loaded }tests if the module is a loaded kernel module
- { should be_blacklisted }tests if the module is blacklisted or if the module is disabled via a fake install using /bin/false or /bin/true
- { should be_disabled }tests if the module is disabled via a fake install using /bin/false or /bin/true
Examples
The following examples show how to use this Chef InSpec audit resource.
version
The version property tests if the kernel module on the system has the correct version:
its('version') { should eq '3.2.2' }
Test a kernel module’s ‘version’
  describe kernel_module('bridge') do
    it { should be_loaded }
    its('version') { should cmp >= '2.2.2' }
  end
Test if a kernel module is loaded, not disabled, and not blacklisted
  describe kernel_module('video') do
    it { should be_loaded }
    it { should_not be_disabled }
    it { should_not be_blacklisted }
  end
Check if a kernel module is blacklisted
  describe kernel_module('floppy') do
    it { should be_blacklisted }
  end
Check if a kernel module is not blacklisted and is loaded
  describe kernel_module('video') do
    it { should_not be_blacklisted }
    it { should be_loaded }
  end
Check if a kernel module is disabled via ‘bin_false’
  describe kernel_module('sstfb') do
    it { should_not be_loaded }
    it { should be_disabled }
  end
Check if a kernel module is ‘blacklisted’/‘disabled’ via ‘bin_true’
  describe kernel_module('nvidiafb') do
    it { should_not be_loaded }
    it { should be_blacklisted }
  end
Check if a kernel module is not loaded
  describe kernel_module('dhcp') do
    it { should_not be_loaded }
  end
Matchers
For a full list of available matchers, please visit our matchers page.
be_blacklisted
The be_blacklisted matcher tests if the kernel module is a blacklisted module:
it { should be_blacklisted }
be_disabled
The be_disabled matcher tests if the kernel module is disabled:
it { should be_disabled }
be_loaded
The be_loaded matcher tests if the kernel module is loaded:
it { should be_loaded }
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
 https://docs.chef.io/inspec/resources/kernel_module/