# cookbook: example
# recipe: mysql
controls "mysql audit" do
control "mysql package" do
it "should be installed" do
expect(package("mysql")).to be_installed.with_version("5.6")
end
end
end
controls "postgres audit" do
control "postgres package" do
it "should not be installed" do
expect(package("postgresql")).to_not be_installed
end
end
end
# cookbook: example
# recipe: config
controls "mysql config" do
control "mysql config file" do
subject { file("/etc/mysql/my.cnf") }
it "should exist with correct permissions" do
expect(it).to be_file
expect(it).to be_mode(0400)
end
it "should contain required configuration" do
expect(its(:contents)).to match(/default-time-zone='UTC'/)
end
end
end
# cookbook: example
# recipe: default
include_recipe "example::mysql"
include_recipe "example::config"
Running recipe[example::default]
on a node would run all 3 controls blocks. The logging output shows the different controls
blocks separated by whitespace. The report sent to the server will contain the 3 controls
blocks as distinct sections for reporting on.
Starting audit phase
mysql audit
mysql package
should be installed
postgres audit
postgres package
should not be installed
mysql config
mysql config file
should exist with correct permissions
should contain required configuration
Finished in 0.3367 seconds (files took 0.21214 seconds to load)
4 examples, 0 failures
Auditing complete