service

Use the service InSpec audit resource to test if the named service is installed, running and/or enabled.

Under some circumstances, it may be necessary to specify the service manager by using one of the following service manager-specific resources: bsd_service, launchd_service, runit_service, systemd_service, sysv_service, oe upstart_service. These resources are based on the service resource.

Syntax

A service resource block declares the name of a service and then one (or more) matchers to test the state of the service:

describe service('service_name') do
  it { should be_installed }
  it { should be_enabled }
  it { should be_running }
end

where

  • ('service_name') must specify a service name
  • be_installed, be_enabled, and be_running are valid matchers for this resource

Matchers

This InSpec audit resource has the following matchers:

be

Use the be matcher to use a comparison operator—= (equal to), > (greater than), < (less than), >= (greater than or equal to), and <= (less than or equal to)—to compare two values: its('value') { should be >= value }, its('value') { should be < value }, and so on.

be_enabled

The be_enabled matcher tests if the named service is enabled:

it { should be_enabled }

be_installed

The be_installed matcher tests if the named service is installed:

it { should be_installed }

be_running

The be_running matcher tests if the named service is running:

it { should be_running }

cmp

Use the cmp matcher compare two values, such as comparing strings to numbers, comparing a single value to an array of values, comparing an array of strings to a regular expression, improving the printing of octal values, and comparing while ignoring case sensitivity.

Compare a single value to an array:

describe some_resource do
  its('users') { should cmp 'root' }
  its('users') { should cmp ['root'] }
end

Compare strings and regular expressions:

describe some_resource do
  its('setting') { should cmp /raw/i }
end

Compare strings and numbers:

describe some_resource do
  its('setting') { should eq '2' }
end

vs:

describe some_resource do
  its('setting') { should cmp '2' }
  its('setting') { should cmp 2 }
end

Ignoring case sensitivity:

describe some_resource do
  its('setting') { should cmp 'raw' }
  its('setting') { should cmp 'RAW' }
end

Printing octal values:

describe some_resource('/proc/cpuinfo') do
  its('mode') { should cmp '0345' }
end

expected: 0345
got: 0444

eq

Use the eq matcher to test the equality of two values: its('Port') { should eq '22' }.

Using its('Port') { should eq 22 } will fail because 22 is not a string value! Use the cmp matcher for less restrictive value comparisons.

include

Use the include matcher to verify that a string value is included in a list: its('list') { should include 'string' }.

match

Use the match matcher to check if a string matches a regular expression: its('string') { should_not match /regex/ }.

Examples

The following examples show how to use this InSpec audit resource.

Test if the postgresql service is both running and enabled

describe service('postgresql') do
  it { should be_enabled }
  it { should be_running }
end

Test if the mysql service is both running and enabled

describe service('mysqld') do
  it { should be_enabled }
  it { should be_running }
end

Test if ClamAV (an antivirus engine) is installed and running

describe package('clamav') do
  it { should be_installed }
  its('version') { should eq '0.98.7' }
end

describe service('clamd') do
  it { should_not be_enabled }
  it { should_not be_installed }
  it { should_not be_running }
end

Test Unix System V run levels

On targets that are using SystemV services, the existing run levels can also be checked:

describe service('sshd').runlevels do
  its('keys') { should include(2) }
end

describe service('sshd').runlevels(2,4) do
  it { should be_enabled }
end

Override the service manager

Under some circumstances, it may be required to override the logic in place to select the right service manager. For example, to check a service managed by Upstart:

describe upstart_service('service') do
  it { should_not be_enabled }
  it { should be_installed }
  it { should be_running }
end

This is also possible with systemd_service, runit_service, sysv_service, bsd_service, and launchd_service. Provide the control command when it is not to be found at the default location. For example, if the sv command for services managed by runit is not in the PATH:

describe runit_service('service', '/opt/chef/embedded/sbin/sv') do
  it { should be_enabled }
  it { should be_installed }
  it { should be_running }
end

Verify that IIS is running

describe service('W3SVC') do
  it { should be_installed }
  it { should be_running }
end