I have a Ruby Inspec file that isn't very complex, but I can't figure out how to structure it properly. I basically need to check if rsync
is not installed or disabled. To check if it's disabled, I run systemctl is-active rsync
and systemctl is-enabled rsync
. I then match the output to inactive
and disabled
, respectively.
control "my control" do
title "title"
desc "desc"
describe.one do
describe package('rsync') do
it { should_not be_installed }
end
# These two should be treated as one option
describe command('systemctl is-active rsync') do
its('stdout') { should match "^inactive$" }
end
describe command('systemctl is-enabled rsync') do
its('stdout') { should match "^disabled$" }
end
end
end
Try something like this:
control "my control" do
title "title"
desc "desc"
if package('rsync').installed?
# These two should be treated as one option
describe command('systemctl is-active rsync') do
its('stdout') { should match "^inactive$" }
end
describe command('systemctl is-enabled rsync') do
its('stdout') { should match "^disabled$" }
end
end
end
or you should be able to do something like:
control "my control" do
title "title"
desc "desc"
describe.one do
describe package('rsync') do
it { should_not be_installed }
end
describe 'rsync is inactive and disabled' do
# These two should be treated as one option
describe command('systemctl is-active rsync') do
its('stdout') { should match "^inactive$" }
end
describe command('systemctl is-enabled rsync') do
its('stdout') { should match "^disabled$" }
end
end
end
end