serverspec-ruby19 2.24.3

data/spec/type/linux/docker_image_spec.rb

@@ -0,0 +1,94 @@
+# -*- coding: utf-8 -*-
+require 'spec_helper'
+
+property[:os] = nil
+set :os, {:family => 'linux'}
+
+describe docker_image('busybox:latest') do
+  it { should exist }
+end
+
+describe docker_image('busybox:latest') do
+  let(:stdout) { inspect_image }
+  its(:inspection) { should include 'Architecture' => 'amd64' }
+  its(['Architecture']) { should eq 'amd64' }
+  its(['Config.Cmd']) { should include '/bin/sh' }
+end
+
+def inspect_image
+  <<'EOS'
+[{
+    "Architecture": "amd64",
+    "Author": "Jérôme Petazzoni \u003cjerome@docker.com\u003e",
+    "Comment": "",
+    "Config": {
+        "AttachStderr": false,
+        "AttachStdin": false,
+        "AttachStdout": false,
+        "Cmd": [
+            "/bin/sh"
+        ],
+        "CpuShares": 0,
+        "Cpuset": "",
+        "Domainname": "",
+        "Entrypoint": null,
+        "Env": [
+            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        ],
+        "ExposedPorts": null,
+        "Hostname": "88f18f678e5d",
+        "Image": "e433a6c5b276a31aa38bf6eaba9cd1cfd69ea33f706ed72b3f20bafde5cd8644",
+        "Memory": 0,
+        "MemorySwap": 0,
+        "NetworkDisabled": false,
+        "OnBuild": [],
+        "OpenStdin": false,
+        "PortSpecs": null,
+        "StdinOnce": false,
+        "Tty": false,
+        "User": "",
+        "Volumes": null,
+        "WorkingDir": ""
+    },
+    "Container": "8e73b239682fe73338323d9af83d3c5aa5bb7d22a3fe84cbfcf5f47e756d6636",
+    "ContainerConfig": {
+        "AttachStderr": false,
+        "AttachStdin": false,
+        "AttachStdout": false,
+        "Cmd": [
+            "/bin/sh",
+            "-c",
+            "#(nop) CMD [/bin/sh]"
+        ],
+        "CpuShares": 0,
+        "Cpuset": "",
+        "Domainname": "",
+        "Entrypoint": null,
+        "Env": [
+            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        ],
+        "ExposedPorts": null,
+        "Hostname": "88f18f678e5d",
+        "Image": "e433a6c5b276a31aa38bf6eaba9cd1cfd69ea33f706ed72b3f20bafde5cd8644",
+        "Memory": 0,
+        "MemorySwap": 0,
+        "NetworkDisabled": false,
+        "OnBuild": [],
+        "OpenStdin": false,
+        "PortSpecs": null,
+        "StdinOnce": false,
+        "Tty": false,
+        "User": "",
+        "Volumes": null,
+        "WorkingDir": ""
+    },
+    "Created": "2014-10-01T20:46:08.914288461Z",
+    "DockerVersion": "1.2.0",
+    "Id": "e72ac664f4f0c6a061ac4ef332557a70d69b0c624b6add35f1c181ff7fff2287",
+    "Os": "linux",
+    "Parent": "e433a6c5b276a31aa38bf6eaba9cd1cfd69ea33f706ed72b3f20bafde5cd8644",
+    "Size": 0
+}
+]
+EOS
+end

data/spec/type/linux/file_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+property[:os] = nil
+set :os, {:family => 'linux'}
+
+describe file('/tmp') do
+  it { should be_readable.by_user('mail') }
+end
+
+describe file('/tmp') do
+  it { should be_writable.by_user('mail') }
+end
+
+describe file('/tmp') do
+  it { should be_executable.by_user('mail') }
+end
+
+describe file('/tmp') do
+  it { should be_immutable }
+end
+
+describe file('/tmp') do
+  let(:exit_status) { 0 }
+  let(:stdout) { 'unconfined_u:unconfined_r:unconfined_t:s0' }
+  its(:selinux_label) { should eq 'unconfined_u:unconfined_r:unconfined_t:s0' }
+end
+

data/spec/type/linux/fstab_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe fstab do
+  let(:stdout) { "/dev/sda1 /mnt ext4 ro,errors=remount-ro,barrier=0 0 2\r\n" }
+  it { should have_entry( :mount_point => '/mnt' ) }
+end
+
+describe fstab do
+  let(:exit_status) { 1 }
+  it { should_not have_entry( :mount_point => '/mnt' ) }
+end
+
+describe fstab do
+  let(:stdout) { "/dev/sda1 /mnt ext4 ro,errors=remount-ro,barrier=0 0 2\r\n" }
+  it do
+    should have_entry(
+      :device => '/dev/sda1',
+      :mount_point => '/mnt',
+      :type => 'ext4',
+      :options => {
+        :ro => true,
+        :errors => 'remount-ro',
+        :barrier => 0
+      },
+      :dump => 0,
+      :pass => 2
+    )
+  end
+end

data/spec/type/linux/interface_spec.rb

@@ -0,0 +1,30 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe interface('eth0') do
+  let(:stdout) { '1000' }
+  its(:speed) { should eq 1000 }
+end
+
+describe interface('eth0') do
+  it { should have_ipv4_address('192.168.10.10') }
+end
+
+describe interface('eth0') do
+  it { should have_ipv4_address('192.168.10.10/24') }
+end
+
+describe interface('eth0') do
+  it { should have_ipv6_address('2001:0db8:bd05:01d2:288a:1fc0:0001:10ee') }
+end
+
+describe interface('eth0') do
+  let(:stdout) { 'up' }
+  it { should be_up }
+end
+
+describe interface('invalid-interface') do
+  let(:stdout) { '1000' }
+  its(:speed) { should_not eq 100 }
+end

data/spec/type/linux/ip6tables_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe ip6tables do
+  it { should have_rule '-P INPUT ACCEPT' }
+end
+
+describe ip6tables do
+  it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') }
+end
+
+
+
+
+
+
+
+

data/spec/type/linux/iptables_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe iptables do
+  it { should have_rule '-P INPUT ACCEPT' }
+end
+
+describe iptables do
+  it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') }
+end

data/spec/type/linux/kernel_module_spec.rb

@@ -0,0 +1,7 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe kernel_module('lp') do
+  it { should be_loaded }
+end

data/spec/type/linux/linux_audit_system_spec.rb

@@ -0,0 +1,139 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_1 }
+  it { should be_enabled }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_2 }
+  it { should_not be_enabled }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_1 }
+  it { should be_running }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_3 }
+  it { should_not be_running }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_4 }
+  it { should_not be_running }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_1 }
+  it { should be_enabled }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_2 }
+  it { should_not be_enabled }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_1 }
+  it { should be_running }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_3 }
+  it { should_not be_running }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_4 }
+  it { should_not be_running }
+end
+
+describe linux_audit_system do
+  let(:stdout) { '-a -w /etc/sysconfig -p wa -k test' }
+  its(:rules) { should match %r!-w /etc/sysconfig.*-k test! }
+end
+
+describe linux_audit_system do
+  let(:stdout) { 'test' }
+  its(:rules) { should eq 'test' }
+  its(:rules) { should match /es/ }
+  its(:rules) { should_not match /ab/ }
+end
+
+# variants of auditctl -s output for different versions
+
+def out_auditctl1_1
+  "AUDIT_STATUS: enabled=1 flag=1 pid=881 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
+end
+
+def out_auditctl1_2
+  "AUDIT_STATUS: enabled=0 flag=1 pid=881 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
+end
+
+def out_auditctl1_3
+  "AUDIT_STATUS: enabled=1 flag=1 pid=0 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
+end
+
+def out_auditctl1_4
+  "AUDIT_STATUS: enabled=1 flag=1 pid= rate_limit=0 backlog_limit=320 lost=0 backlog=0"
+end
+
+def out_auditctl2_1
+  <<EOS
+enabled 1
+failure 1
+pid 5939
+rate_limit 0
+backlog_limit 64
+lost 0
+backlog 0
+backlog_wait_time 60000
+loginuid_immutable 0 unlocked
+EOS
+end
+
+def out_auditctl2_2
+  <<EOS
+enabled 0
+failure 1
+pid 5939
+rate_limit 0
+backlog_limit 64
+lost 0
+backlog 0
+backlog_wait_time 60000
+loginuid_immutable 0 unlocked
+EOS
+end
+
+def out_auditctl2_3
+  <<EOS
+enabled 0
+failure 1
+pid 0
+rate_limit 0
+backlog_limit 64
+lost 0
+backlog 0
+backlog_wait_time 60000
+loginuid_immutable 0 unlocked
+EOS
+end
+
+def out_auditctl2_4
+  <<EOS
+enabled 0
+failure 1
+pid
+rate_limit 0
+backlog_limit 64
+lost 0
+backlog 0
+backlog_wait_time 60000
+loginuid_immutable 0 unlocked
+EOS
+end

data/spec/type/linux/linux_kernel_parameter_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe linux_kernel_parameter('net.ipv4.tcp_syncookies') do
+  let(:stdout) { "1\n" }
+  its(:value) { should eq 1 }
+end
+
+describe linux_kernel_parameter('net.ipv4.tcp_syncookies') do
+  let(:stdout) { "1\n" }
+  its(:value) { should_not eq 2 }
+end
+
+describe linux_kernel_parameter('kernel.osrelease') do
+  let(:stdout) { "2.6.32-131.0.15.el6.x86_64\n" }
+  its(:value) { should eq "2.6.32-131.0.15.el6.x86_64" }
+end
+
+describe linux_kernel_parameter('kernel.osrelease') do
+  let(:stdout) { "2.6.32-131.0.15.el6.x86_64\n" }
+  its(:value) { should_not eq "2.6.32-131.0.15.el6.i386" }
+end
+
+describe linux_kernel_parameter('net.ipv4.tcp_wmem') do
+  let(:stdout) { "4096	16384	4194304\n" }
+  its(:value) { should match /16384/ }
+end
+
+describe linux_kernel_parameter('net.ipv4.tcp_wmem') do
+  let(:stdout) { "4096	16384	4194304\n" }
+  its(:value) { should_not match /123456/ }
+end

data/spec/type/linux/lxc_container_spec.rb

@@ -0,0 +1,12 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe lxc('ct01') do
+  it { should exist }
+end
+
+describe lxc('ct01') do
+  it { should be_running }
+end
+

data/spec/type/linux/selinux_module_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe selinux_module('bootloader') do
+  it { should be_installed }
+end
+
+describe selinux_module('bootloader') do
+  it { should be_enabled }
+end

data/spec/type/linux/selinux_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe selinux do
+  it { should be_enforcing }
+end
+
+describe selinux do
+  it { should be_enforcing.with_policy('mls') }
+end
+
+describe selinux do
+  it { should be_permissive }
+end
+
+describe selinux do
+  it { should be_permissive.with_policy('targeted') }
+end
+
+describe selinux do
+  it { should be_disabled }
+end