security_policy resource
Use the security_policy Chef InSpec audit resource to test security policies on the Windows platform.
Availability
Installation
This resource is distributed along with Chef InSpec itself. You can use it automatically.
Version
This resource first became available in v1.0.0 of InSpec.
Syntax
A security_policy resource block declares the name of a security policy and the value to be tested:
describe security_policy do
its('policy_name') { should eq 'value' }
end
describe security_policy(translate_sid: true) do
its('policy_name') { should include 'sid_name' }
end
where
-
'policy_name'must specify a security policy -
{ should eq 'value' }tests the value ofpolicy_nameagainst the value declared in the test -
translate_sidconverts the security identifier (SID) into a human readable SID name iftrue. Default value isfalse.
Properties
This resource supports any of the security policy name as properties for e.g. SeNetworkLogonRigth, SeRemoteInteractiveLogonRight etc.
its('SeNetworkLogonRight') { should eq '*S-1-5-11' }
Examples
The following examples show how to use this Chef InSpec audit resource.
Verify that only the Administrators group has remote access
describe security_policy do
its('SeRemoteInteractiveLogonRight') { should eq '*S-1-5-32-544' }
end
Matchers
For a full list of available matchers, please visit our matchers page.
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/inspec/resources/security_policy/
