postgres_hba_conf

Use the postgres_hba_conf InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.


Syntax

An postgres_hba_conf InSpec audit resource block declares client authentication data that should be tested:

describe postgres_hba_conf.where { type == 'local' } do
 its('auth_method') { should eq ['peer'] }
end

where

  • 'attribute' is a attribute in the pg hba configuration file
  • 'filter_value' is the value that is to be filtered for
  • 'value' is the value that is to be matched expected


Properties

'address', 'auth_method', 'auth_params', 'conf_dir' , 'conf_file' , 'database', 'params' ,'type', 'user'


Property Examples

address([String])

address returns a an array of strings that matches the where condition of the filter table

describe postgres_hba_conf.where { type == 'local' } do
  its('address') { should cmp 'value' }
end

auth_method([String])

auth_method returns a an array of strings that matches the where condition of the filter table

describe postgres_hba_conf.where { type == 'local' } do
  its('auth_method') { should cmp 'value' }
end

database([String])

database returns a an array of strings that matches the where condition of the filter table

describe postgres_hba_conf.where { type == 'local' } do
  its('database') { should cmp 'value' }
end

type([String])

type returns a an array of strings that matches the where condition of the filter table

describe postgres_hba_conf.where { database == 'acme_test_db' } do
  its('type') { should cmp 'value' }
end

user([String])

user returns a an array of strings that matches the where condition of the filter table

describe postgres_hba_conf.where { database == 'acme_test_db' } do
  its('user') { should cmp 'value' }
end


Matchers

This InSpec audit resource matches any service that is listed in the HBA configuration file. For a full list of available matchers, please visit our matchers page.

its('auth_method') { should_not cmp 'peer' }

or:

its('auth_method') { should cmp 'peer' }

For example:

describe postgres_hba_conf.where { type == 'type' } do
  its('auth_method') { should cmp 'value' }
  its('user') { should cmp 'value' }
end