Use the postgres_conf InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at /etc/postgresql/<version>/main/postgresql.conf or /var/lib/postgres/data/postgresql.conf, depending on the platform.


A postgres_conf resource block declares one (or more) settings in the postgresql.conf file, and then compares the setting in the configuration file to the value stated in the test:

describe postgres_conf('path') do
  its('setting') { should eq 'value' }


  • 'setting' specifies a setting in the postgresql.conf file
  • ('path') is the non-default path to the postgresql.conf file (optional)
  • should eq 'value' is the value that is expected


The following examples show how to use this InSpec audit resource.

Test the maximum number of allowed client connections

describe postgres_conf do
  its('max_connections') { should eq '5' }

Test system logging

describe postgres_conf do
  its('logging_collector') { should eq 'on' }
  its('log_connections') { should eq 'on' }
  its('log_disconnections') { should eq 'on' }
  its('log_duration') { should eq 'on' }
  its('log_hostname') { should eq 'on' }
  its('log_line_prefix') { should eq '%t %u %d %h' }
  its(['pgaudit.log_parameter']) { should cmp 'on' }

Test the port on which PostgreSQL listens

describe postgres_conf do
  its('port') { should eq '5432' }

Test the Unix socket settings

describe postgres_conf do
  its('unix_socket_directories') { should eq '.s.PGSQL.5432' }
  its('unix_socket_group') { should eq nil }
  its('unix_socket_permissions') { should eq '0770' }

where unix_socket_group is set to the PostgreSQL default setting (the group to which the server user belongs).


For a full list of available matchers, please visit our matchers page.


The setting matcher tests specific, named settings in the postgresql.conf file:

its('setting') { should eq 'value' }

Use a setting matcher for each setting to be tested.