Hey Ahmed,

Thanks again for great project. Though you might be interested I just created a test-kitchen plugin to use GOSS as a verifier.

Regards
Adham

Would it make sense to add Time as a factor for test success/failure?

I'm thinking that a global timer would be very interesting to find serious regressions in overall test runtime.

Also command could have a timeout/expected time? (Again thinking about finding regressions in tests).

As requested by #83

As requested in #83

First of all, thanks for building goss. I really love the simplicity of generating the "tests" from a known good system. In fact, I'm hoping to package it for Debian. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804202

Though, I've hit a bit of a snag. github.com/aelsabbahy/GOnetstat doesn't have any license information, and niether does the project it was forked from. I opened an issue about this on drael/GOnetstat#1, but that porject hasn't seen much activity in sometime now.

Unfortunately, this blocks distributing it in Debian (and presumably other distros).

I'm opening this to track the issue and start a conversation. I haven't looked too closely at whether there are other libraries providing similar functionality or not yet. Worst case, I might attempt a clean room reimplementation.

Hi,

It would be nice to have some special check for apt keys to make sure nothing is missed and nothing extra is there. Right now the only way I see how to do it is to use command check for apt-key but it's not convenient and reliable way as the order/description of keys can be changed. Also it very hard to template such check. What do you think about such feature? May be even with current functionality there is a way to simplify such checks?

thanks,
sergii

Is it possible to ensure SSH doesn't listen all IPs/interfaces? Something like this:

        "tcp:22": {
            "listening": true,
            "ip": [
                "127.0.0.1",
                "10.0.0.1"
            ]
        },
        "tcp:22": {
            "listening": false,
            "ip": [
                "0.0.0.0"
            ]
        },

As I can see here https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port---add-a-port
'listening=false' doesn't care about 'ip' value. My results for the example above is:

Failures:
Port: tcp:22: listening: doesn't match, expect: [false] found: [true]
Port: tcp:22: ip: expectations not found [0.0.0.0]

netstat -anp | grep 22
tcp        0      0  127.0.0.1:22            0.0.0.0:*               LISTEN      -               
tcp        0      0  10.0.0.1:22             0.0.0.0:*               LISTEN      - 

Tnx!

The Makefile for goss depends on goupx, which probably introduces unecessary complexity. A few mb here or there isn't a big deal to anyone who can't run it themselves.

Additionally, make depends on Docker access. Most developers will run make as an unpriveleged user; the only secure access to docker can be through sudo. However, if you run sudo make, your GOPATH and GOROOT probably aren't set correctly to build goss.

For instance, I'd love to do something like:

goss add package x --no-version

Or something like it. This would allow me to add a whole list of packages (via a shell loop) without adding the version information, which is not that important to me.

The go build command should work for all go packages, goss isn't doing anything particularly difficult in the Makefile that couldn't be ported to the go tool.

command should have a timeout parameter, similar to dns and addr lookups #19

When updating glide.yaml to use cli version 1.2.0 and attempting to build goss, I get the following error:

# github.com/aelsabbahy/goss
../../add.go:19: c.Duration undefined (type *cli.Context has no field or method Duration)
../../validate.go:26: c.GlobalIsSet undefined (type *cli.Context has no field or method GlobalIsSet)

Distributive uses a more recent version, so I can't take advantage of certain paths in goss code until this is fixed. I'll look into it.

For reference, the current pinned commit is from 2015:

$ git show 70e3fa51ebed95df8c0fbe1519c1c1f9bc16bb13
commit 70e3fa51ebed95df8c0fbe1519c1c1f9bc16bb13
Merge: f445c89 3463964
Author: Jesse Szwedko <[email protected]>
Date:   Thu Oct 29 20:11:27 2015 -0700

Hi,

Cool project, any strategies for remote scanning (using ssh), like serverspec? Also, can you support something that can exec an arbitrary command or script?

Regards,
Stephan

goss does not seem to be able to check if the setuid, setgid or sticky bits are set (for a directory in my case).

# cat svc-foo.yaml 

---
file:
  /usr/local/svc-foo:
    exists:   true
    filetype: directory
    mode:     "2775"

# chmod 2775 /usr/local/svc-foo/ -v
mode of ‘/usr/local/svc-foo/’ retained as 2775 (rwxrwsr-x)

The second test fails here when you don't expect it to.

# goss --gossfile svc-foo.yaml validate -f tap
1..3
ok 1 - File: /usr/local/svc-foo: exists: matches expectation: [true]
not ok 2 - File: /usr/local/svc-foo: mode: doesn't match, expect: ["2775"] found: ["0775"]
ok 3 - File: /usr/local/svc-foo: filetype: matches expectation: ["directory"]

I think it would be useful to write a documentation about how to extend Goss with custom validation.

This is a trivial question that you can choose to ignore if you wish. But, purely out of curiosity...why is goss named goss? :)

Add title and meta (when provided) to rspecish and documentation output formats, example:

Title: 3.9.4 Test if sshd is running
Meta:
    foo: bar moo cow
    sev: 5
Service: sshd: enabled: matches expectation: [true]
Service: sshd: running: matches expectation: [true]

@timstoop I'm hoping this can be useful for cis-in-goss

Use of cgo complicates the build process, introduces more build-time dependencies and makes porting more difficult. Further, when using goss on systems like Alpine ( which use musl ), it requires adding glibc for goss to be able to run. This reduces the applicability of goss, since users may not want to add additional container / OS dependencies just to run tests.

It appears that adding --ldflags '-extldflags "-static"' to the build call would be one way to work around this. However, refactoring the util/group code to that looks like it was forked from the standard library seems like a cleaner way forward.

It would be nice if goss could support tilde-expanded homedirs file tests using the form '~user/' as opposed to a a priori convention of '/home/user/' (or to be forced to do a lookup first) as the homedirs may exist on NFS under a different directory, are placed differently for system users, may change over time, etc.

goss fails these checks when you expect them to pass.

cat users.yaml

---

file:  
  ~sshd:
    exists: true
  ~systemd-timesync:
    exists: true
   ~testuser/:
     exists: true
   ~testuser/.ssh/:
     exists: true
   ~testuser/.ssh/authorized_keys:
     exists: true
   ~testuser/.ssh/known_hosts:
     exists: true

# goss --gossfile users.yaml validate </dev/null -f tap
1..6
not ok 1 - File: ~sshd: exists: doesn't match, expect: [true] found: [false]
not ok 2 - File: ~testuser/.ssh/authorized_keys: exists: doesn't match, expect: [true] found: [false]
not ok 3 - File: ~testuser/.ssh/known_hosts: exists: doesn't match, expect: [true] found: [false]
not ok 4 - File: ~systemd-timesync: exists: doesn't match, expect: [true] found: [false]
not ok 5 - File: ~testuser: exists: doesn't match, expect: [true] found: [false]
not ok 6 - File: ~testuser/.ssh/: exists: doesn't match, expect: [true] found: [false]

when this is form is typically usable otherwise

root@test:/etc/goss# ls -ld ~systemd-timesync ~sshd ~testuser ~testuser/.ssh ~testuser/.ssh/authorized_keys ~testuser/.ssh/known_hosts
drwxr-xr-x 15 root root 360 Mar 23 23:49 /run/systemd
drwxr-xr-x  2 root root  40 Mar 23 07:11 /var/run/sshd
 drwxr-xr-x 3 testuser testuser   99 Mar 23 23:51 /home/testuser
 drwx------ 2 testuser testuser  149 Mar 23 23:51 /home/testuser/.ssh
 -r-------- 1 testuser testuser 2812 Mar 23 23:50 /home/testuser/.ssh/authorized_keys
 -rw------- 1 testuser testuser 2184 Mar 23 23:51 /home/testuser/.ssh/known_hosts

The package resource could easily add support for the pacman package manager used in Arch Linux. If we add support, I'll switch distributive's package check to use goss's code. Would you merge a PR to this effect?

Hi
I think goss is a great tool .
I tried to use instead of ServerSpec and Testinfra,
But, I felt the lack of some functions when actually used .

I want to add some of the features :
verify user's shell and password .
verify kernel parameters .
verify the NIC
verify package architecture.Currently I cannot verify RHEL and CentOS packages.
Example:
postgresql-ｘｘ.el6_6.i686
postgresql-ｘｘ.el6_6.x86_64

Hi,

I have tried to integrate goss-based tests with Jenkins and noticed an issues using goss over SSH.

Problem: goss does stuck when you try to execute the test over the SSH. Reproducible in 100% cases.

STR:

1. go to some server and generate new goss file: goss add port 22

root@spce:~# goss add port 22
Adding Port to './goss.json':

{
    "tcp:22": {
        "listening": true,
        "ip": "0.0.0.0"
    }
}

2. check it locally:

root@spce:~# goss -g goss.json validate
..

Total Duration: 0.003s
Count: 2, Failed: 0
root@spce:~# 

3. go outside and try to execute the test over ssh:

me@host:~# ssh root@spce "goss -g goss.json validate"

Actual result: the process got stuck, no any output.

I have compares strace output with normal goss call and call over ssh and noticed that goss is waiting for goss.json file from STDIN in case of call over SSH. See S_IFIFO on the picture:

Workaround: specify ssh option -t to force pseudo-tty allocation:

me@host:~# ssh root@spce -t "goss -g goss.json validate"

..

Total Duration: 0.004s
Count: 2, Failed: 0
Connection to 127.0.0.1 closed.

I suppose it can/should be properly fixed on goss side. Tnx!

As requested by #83

When validating a system it should run all tests in a given directory.
Many systems might share the same tests for something like ntpd and when I can symlink that test file into the directory for every system then I don't duplicate code.
When I create a test file for each component of the system; ssh, postfix, snmpd, ntpd, nginx, etc.; the test files are easier to maintain.

I use the desc field to comment some "command" validations. But it doesn't appear in my output. Is it possible ?

Cool tool. but having issue on Ubuntu 12.04.4 LTS for service when trying to add although its enabled it think otherwise. for e.g. 'autofs'

$ goss -g service.json a service autofs
Adding Service to 'service.json':
{
"autofs": {
"enabled": false,
"running": true
}
}

$ ls -l /etc/init.d/autofs
lrwxrwxrwx 1 root root 21 Oct 5 2012 /etc/init.d/autofs -> /lib/init/upstart-job

$ initctl show-config autofs
autofs
start on runlevel [2345]
stop on runlevel [!2345]

I am not sure whether this a "bug" or an enhancement request for the "upstart" but the upstart do have a backward compatibility so keeping that open to you to decide.

thanks!!

A simple port test (postgres in this case)

root@postgres-01:/etc/goss# cat goss.yaml 
port:
  tcp6:5432:
    listening: true
    ip:
      - 2001:db8:ff:842:5054:ff:fe12:f0d8
  tcp:5432:
    listening: true
    ip:
      - 192.168.1.174

against the following IPv6 address

root@postgres-01:/etc/goss# ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN 
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2001:db8:ff:842:5054:ff:fe12:f0d8/64 scope global mngtmpaddr dynamic 
       valid_lft 3598sec preferred_lft 598sec
    inet6 fe80::5054:ff:fe12:f0d8/64 scope link 
       valid_lft forever preferred_lft forever

seems to match against a garbled address.

root@postgres-01:/etc/goss#  goss --gossfile /etc/goss/goss.yaml validate -f tap
1..4
ok 1 - Port: tcp6:5432: listening: matches expectation: [true]
not ok 2 - Port: tcp6:5432: ip: doesn't match, expect: [["2001:db8:ff:842:5054:ff:fe12:f0d8"]] found: [["0470:0120:0842:006F:00FF:5054:F0D8:FE12"]]
ok 3 - Port: tcp:5432: listening: matches expectation: [true]
ok 4 - Port: tcp:5432: ip: matches expectation: [["192.168.1.174"]]

Looks like a problem with the stringification of the IPv6 address used in the match (the byte order representation of localaddress in /proc/net/tcp6 appears to be of different than that represented by tools?)

root@postgres-01:/etc/goss# goss --version
goss version v0.1.5

root@postgres-01:/etc/goss# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux testing (stretch)
Release:        testing
Codename:       stretch
root@postgres-01:/etc/goss# uname -r
4.3.0-1-amd64

Hi,

I'm keen to build out extensive test suites for our infrastructure using goss. Its almost entirely Docker based, is Docker something you would be interested in adding? I'm think along the lines of

{
    "container": "/nginx/",
    "running": true,
    "created": true,
    "id": ....
}

Even possibly extending the command to run inside a container.

Regards,
Stephan

A copy/paste says more than a thousand words:

vagrant@ceph1:/vagrant$ goss a package vim-tiny
Adding Package to './goss.json':

{
    "vim-tiny": {
        "installed": true,
        "versions": [
            ""
        ]
    }
}

vagrant@ceph1:/vagrant$ dpkg -l vim-tiny 
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                   Version          Architecture     Description
+++-======================-================-================-==================================================
un  vim-tiny               <none>           <none>           (no description available)
vagrant@ceph1:/vagrant$

I'd expect goss a package to recognise when a package is not installed. Or am I missing something?

For certain resource types, it would be very useful to specify a white list. e.g. only users 'apache' and 'root' should exist. This whitelist might be the null set. e.g. no ports should be listening.

In the integration-tests/goss directory, there are a bunch of confusingly named json files. When adding a new Dockerfile, I can't figure out what I need to do. Could there be documentation on this?

There are a number of advantages to using YAML instead of JSON as your config file:

• superset of JSON, so nothing breaks
• nice things like references to other places in the YAML
• much nicer to read (see the example below)
• allows comments

YAML (auto generated)

command:
  redis-cli info:
    exit-status: '0'
    stdout: [redis_version]
file:
  /etc/redis.conf:
    contains: [bind 0.0.0.0]
    exists: true
    filetype: file
package:
  redis: {installed: true}
port:
  tcp:6379: {ip: 0.0.0.0, listening: true}
service:
  redis: {running: true}

JSON

{
    "package": {
        "redis": {
            "installed": true
        }
    },
    "file": {
        "/etc/redis.conf": {
            "exists": true,
            "filetype": "file",
            "contains": ["bind 0.0.0.0"]
        }
    },
    "port": {
        "tcp:6379": {
            "listening": true,
            "ip": "0.0.0.0"
        }
    },
    "service": {
        "redis": {
            "running": true
        }
    },
    "command": {
        "redis-cli info": {
            "exit-status": "0",
            "stdout": ["redis_version"]
        }
    }
}

I have a use case for this functions in distributive, I think when we fix the FIXME in the comment, we should also export whatever solution we find.

When trying to run my (obviously broken) script, I get the following error:

panic: regexp: Compile(`*\.* @@.*`): error parsing regexp: missing argument to repetition operator: `*`

goroutine 10 [running]:
panic(0x6e2940, 0xc82028ea80)
        /home/travis/.gimme/versions/go1.6.1.linux.amd64/src/runtime/panic.go:464 +0x3e6
regexp.MustCompile(0xc8200c7dc1, 0x9, 0x7d9648)
        /home/travis/.gimme/versions/go1.6.1.linux.amd64/src/regexp/regexp.go:232 +0x16f
github.com/aelsabbahy/goss/resource.newRegexPattern(0xc8200c7dc0, 0xb, 0x7d9a48)
        /home/travis/gopath/src/github.com/aelsabbahy/goss/resource/validate.go:169 +0x1e4
github.com/aelsabbahy/goss/resource.sliceToPatterns(0xc8200f33a0, 0x1, 0x1, 0x0, 0x0, 0x0)
        /home/travis/gopath/src/github.com/aelsabbahy/goss/resource/validate.go:190 +0x428
github.com/aelsabbahy/goss/resource.ValidateContains(0x7fdf2e39adb8, 0xc820072f00, 0x7e4df0, 0x8, 0xc8200f33a0, 0x1, 0x1, 0xc82012be20, 0x0, 0x0, ...)
        /home/travis/gopath/src/github.com/aelsabbahy/goss/resource/validate.go:228 +0x46f
github.com/aelsabbahy/goss/resource.(*File).Validate(0xc820072f00, 0xc820072640, 0x0, 0x0, 0x0)
        /home/travis/gopath/src/github.com/aelsabbahy/goss/resource/file.go:55 +0xb7e
github.com/aelsabbahy/goss.Validate.func2(0xc820101080, 0xc8200eb020, 0xc8200eafc0, 0xc820072640)
        /home/travis/gopath/src/github.com/aelsabbahy/goss/validate.go:69 +0xb3
created by github.com/aelsabbahy/goss.Validate
        /home/travis/gopath/src/github.com/aelsabbahy/goss/validate.go:72 +0x483

Although I recognise the error is somewhere in my code and not something in goss, but it would be helpful if it could point out a line number or something of the yaml.

While amd64 works fine:

% GO15VENDOREXPERIMENT=1 GOOS=linux GOARCH=amd64 go build -ldflags "-X main.version="0.0.0"" -o release/goss-linux-amd64 github.com/aelsabbahy/goss/cmd/goss
% 

... compiling for 386 fails for me:

% GO15VENDOREXPERIMENT=1 GOOS=linux GOARCH=386 go build -ldflags "-X main.version="0.0.0"" -o release/goss-linux-386 github.com/aelsabbahy/goss/cmd/goss
# github.com/aelsabbahy/goss/util/group
/grml/gostuff/src/github.com/aelsabbahy/goss/util/group/lookup.go:5: undefined: currentGroup
/grml/gostuff/src/github.com/aelsabbahy/goss/util/group/lookup.go:17: cannot use gid (type string) as type int in argument to lookupGroupID
/grml/gostuff/src/github.com/aelsabbahy/goss/util/group/lookup.go:27: undefined: groupMembers

This might be totally my fault, but maybe you've an hint/idea?

Thanks for goss! :)

Hi,

You might want to point out in the docs that you're using the POSIX flavour regex for checking the contents of files. I was wrestling with my \b's and \w's before finding out I was using the incorrect flavour!

Kind regards,
Tim

Goss looks awesome. It would be great to get FreeBSD support.

Hi,

Right now to check the file size we have to write the second check based on ls/stat while it can be useful to have file size check as a part of 'file' attribute: https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#attributes-1

Tnx!

Took me quite a while to figure out what was wrong here

$ cat bad.yaml

---
service:
  sshd:
    enabled: true
    running: true
command:
  uname -a:
    exit-code: 0

$ goss -g bad.yaml v
panic: Unexpected matcher type: <nil>

goroutine 6 [running]:
github.com/aelsabbahy/goss/resource.matcherToGomegaMatcher(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
        /home/travis/gopath/src/github.com/aelsabbahy/goss/resource/gomega.go:28 +0x333
github.com/aelsabbahy/goss/resource.ValidateValue(0x7f8bcf45dab8, 0xc82004ec40, 0x7d5bf0, 0xb, 0x0, 0x0, 0x6dcc80, 0xc82000f700, 0x0, 0x0, ...)
        /home/travis/gopath/src/github.com/aelsabbahy/goss/resource/validate.go:66 +0x3f9
github.com/aelsabbahy/goss/resource.(*Command).Validate(0xc82004ec40, 0xc820078640, 0x0, 0x0, 0x0)
        /home/travis/gopath/src/github.com/aelsabbahy/goss/resource/command.go:38 +0x350
github.com/aelsabbahy/goss.Validate.func2(0xc820013e00, 0xc82000b320, 0xc82000b2c0, 0xc820078640)
        /home/travis/gopath/src/github.com/aelsabbahy/goss/validate.go:69 +0xb3
created by github.com/aelsabbahy/goss.Validate
        /home/travis/gopath/src/github.com/aelsabbahy/goss/validate.go:72 +0x471

... output truncated

I then generated a yaml file using autoadd to diff this file .. turns out I wanted to use exit-status not exit-code

diff -Naur bad.yaml good.yaml                 
--- bad.yaml    2016-04-08 16:06:38.210776099 +0200
+++ good.yaml   2016-04-08 16:14:38.606694865 +0200
@@ -1,8 +1,11 @@
 ---
+
 service:
   sshd:
     enabled: true
     running: true
+
 command:
   uname -a:
-    exit-code: 0
+    exit-status: 0
+

So a clear PEBKAC error :) but please can we make goss handle invalid input a bit better and give the user a clearer error message? This took me a good 45 minutes to figure out.

Attribute match criteria feature is something that I want to implement at some point, but it would have to affect all resources/attributes. The hard part for me is figuring out a good syntax that's easy to read but allows for the flexibility. Also deciding what to support.

Features, that might be useful:

• ALL/CONTAINS for array attributes
• eq, gt, lt, ge, le for numeric. Ex: user.uid ge 1000 (ensuring user doesn't have an id lower than 1000)
• Negation. ex: file.filetype != "file"

Example:

{
    "cnn.com": {
        "resolveable": true,
        "addrs": [
            "157.166.226.25",
            "157.166.226.26"
        ],
        "timeout": 500
    }
}

The above addr check does a "contains" check and will succeed so long as the two listed items are found in the result returned by the DNS server. If the DNS server returns 10 IPs it will still be considered a success.

A user might want to only succeed if the returned result is an exact match, a possible approach might be something like this:
"addrs": { "ALL": ["157.166.226.25", "157.166.226.26"] }

Hi,

First of all thank you for the nice and really fast tool!

I am trying to check ports using goss v0.0.16 and have a problems with multiply IPs identification:

me@host:~# cat goss.json 
{
    "port": {
        "tcp:1443": {
            "listening": true,
            "ip": "10.0.0.169"
        }
    }
}
me@host:~# netstat -anp | grep 1443
tcp        0      0 10.0.0.169:1443       0.0.0.0:*               LISTEN      23894/nginx     
tcp        0      0 10.0.0.136:1443       0.0.0.0:*               LISTEN      23894/nginx     
tcp        0      0 10.0.2.15:1443        0.0.0.0:*               LISTEN      23894/nginx     
tcp        0      0 127.0.0.1:1443        0.0.0.0:*               LISTEN      23894/nginx     
tcp6       0      0 ::1:1443              :::*                    LISTEN      23894/nginx     
me@host:~# goss -g ./goss.json v
.F

Failures:
Port: tcp:1443: ip: doesn't match, expect: [10.0.0.169] found: [127.0.0.1]

Total Duration: 0.009s
Count: 2, Failed: 1
me@host:~# 

In the same time the following config works well:

me@host:~# cat goss.json 
{
    "port": {
        "tcp:1443": {
            "listening": true,
            "ip": "127.0.0.1"
        }
    }
}

I believe goss should check all available IPs and doesn't fail on the first failed match. Isn't it?

BTW, it would be nice to define multiply IPs like:

{
    "port": {
        "tcp:1443": {
            "listening": true,
            "ip": [ "10.0.0.136" , "10.0.0.169" ]
        }
    }
}

Thank you!

Resources should be able to define a meta attribute, that is an unopinionated object of string-key + any value pairs. Rename desc to title.

Example:

users:
  nobody:
    title: This is the nobody test
    meta:
      desc: ensure nobody exists as per our standard
      severity: 5
    exists: true

For now this should be exposed by the JSON output format in the test result, ex:

{
    "results": [
        {
            "duration": 102152,
            "err": null,
            "expected": [
                "true"
            ],
            "found": [
                "true"
            ],
            "human": "",
            "meta": {
                "desc": "ensure nobody exists as per our standard",
                "severity": 5
            },
            "property": "exists",
            "resource-id": "nobody",
            "resource-type": "User",
            "successful": true,
            "summary-line": "User: nobody: exists: matches expectation: [true]",
            "test-type": 0,
            "title": "This is the nobody test"
        }
    ],
    "summary": {
        "failed-count": 0,
        "summary-line": "Count: 1, Failed: 0, Duration: 0.003s",
        "test-count": 1,
        "total-duration": 3492688
    }
}

Great project. Are there any examples of running a bunch of Goss tests after push to Git on Travis CI?

Hi,

Maybe I miss something or it is an issue with latest goss 0.1.6

STR:

curl -L https://github.com/aelsabbahy/goss/releases/download/v0.1.6/goss-linux-amd64 > ./goss_0.1.6
chmod a+x goss_0.1.6
./goss_0.1.6 --version # press ENTER

and nothing happens until I press the ENTER second time, after the second press I received the output:

goss version v0.1.6

A system that is to disable IPv6 ( custom kernel or boot options ) can not run out errors such as the following .

$ cat goss.json 
{
    "port": {
        "tcp:22": {
            "listening": true,
            "ip": "0.0.0.0"
        },
        "tcp:80": {
            "listening": true,
            "ip": "0.0.0.0"
        }
    }
}
$ goss validate
open /proc/net/tcp6: no such file or directory
$ goss add port 8080
open /proc/net/tcp6: no such file or directory

One of the features asked for in #83

Hi,

This is the snippet I'm using:

"user": {
    "sshd": {
        "exists": true,
        "gid": "65534",
        "groups": [
            "nogroup"
        ],
        "home": "/var/run/sshd"
    },

Which produces this error:

User: sshd: uid: doesn't match, expect: [] found: [107]

I would expect it to not check the uid at all.