bosh-stemcell 1.5.0.pre.1193 → 1.5.0.pre.1209

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. data/lib/bosh/stemcell/stage_collection.rb +1 -1
  2. data/lib/bosh/stemcell/version.rb +1 -1
  3. data/spec/bosh/stemcell/stage_collection_spec.rb +1 -1
  4. data/spec/stemcells/centos_spec.rb +14 -0
  5. data/spec/stemcells/ubuntu_spec.rb +21 -0
  6. metadata +4 -4
data/lib/bosh/stemcell/stage_collection.rb CHANGED
@@ -57,7 +57,7 @@ module Bosh::Stemcell
57
57
  #:system_open_vm_tools,
58
58
  :system_parameters,
59
59
  :bosh_clean,
60
- #:bosh_harden,
60
+ :bosh_harden,
61
61
  #:bosh_dpkg_list,
62
62
  :image_create,
63
63
  :image_install_grub,
data/lib/bosh/stemcell/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Bosh
2
2
  module Stemcell
3
- VERSION = '1.5.0.pre.1193'
3
+ VERSION = '1.5.0.pre.1209'
4
4
  end
5
5
  end
data/spec/bosh/stemcell/stage_collection_spec.rb CHANGED
@@ -176,7 +176,7 @@ module Bosh::Stemcell
176
176
  #:system_open_vm_tools,
177
177
  :system_parameters,
178
178
  :bosh_clean,
179
- #:bosh_harden,
179
+ :bosh_harden,
180
180
  #:bosh_dpkg_list,
181
181
  :image_create,
182
182
  :image_install_grub,
data/spec/stemcells/centos_spec.rb CHANGED
@@ -129,4 +129,18 @@ describe 'CentOs Stemcell' do
129
129
  it { should contain('centos') }
130
130
  end
131
131
  end
132
+
133
+ context 'installed by bosh_harden' do
134
+ describe 'disallow unsafe setuid binaries' do
135
+ subject { backend.run_command('find / -xdev -perm +6000 -a -type f')[:stdout].split }
136
+
137
+ it { should match_array(%w(/bin/su /usr/bin/sudo)) }
138
+ end
139
+
140
+ describe 'disallow root login' do
141
+ subject { file('/etc/ssh/sshd_config') }
142
+
143
+ it { should contain /^PermitRootLogin no$/ }
144
+ end
145
+ end
132
146
  end
data/spec/stemcells/ubuntu_spec.rb CHANGED
@@ -136,9 +136,30 @@ describe 'Ubuntu Stemcell' do
136
136
  end
137
137
  end
138
138
 
139
+ context 'installed by bosh_user' do
140
+ describe file('/etc/passwd') do
141
+ it { should be_file }
142
+ it { should contain '/home/vcap:/bin/bash' }
143
+ end
144
+ end
145
+
139
146
  context 'installed by system_parameters' do
140
147
  describe file('/var/vcap/bosh/etc/operating_system') do
141
148
  it { should contain('ubuntu') }
142
149
  end
143
150
  end
151
+
152
+ context 'installed by bosh_harden' do
153
+ describe 'disallow unsafe setuid binaries' do
154
+ subject { backend.run_command('find / -xdev -perm +6000 -a -type f')[:stdout].split }
155
+
156
+ it { should match_array(%w(/bin/su /usr/bin/sudo /usr/bin/sudoedit)) }
157
+ end
158
+
159
+ describe 'disallow root login' do
160
+ subject { file('/etc/ssh/sshd_config') }
161
+
162
+ it { should contain /^PermitRootLogin no$/ }
163
+ end
164
+ end
144
165
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bosh-stemcell
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0.pre.1193
4
+ version: 1.5.0.pre.1209
5
5
  prerelease: 6
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-10-29 00:00:00.000000000 Z
12
+ date: 2013-10-30 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bosh_aws_cpi
@@ -18,7 +18,7 @@ dependencies:
18
18
  requirements:
19
19
  - - ~>
20
20
  - !ruby/object:Gem::Version
21
- version: 1.5.0.pre.1193
21
+ version: 1.5.0.pre.1209
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
@@ -26,7 +26,7 @@ dependencies:
26
26
  requirements:
27
27
  - - ~>
28
28
  - !ruby/object:Gem::Version
29
- version: 1.5.0.pre.1193
29
+ version: 1.5.0.pre.1209
30
30
  - !ruby/object:Gem::Dependency
31
31
  name: rake
32
32
  requirement: !ruby/object:Gem::Requirement