serverspec-ruby19 2.24.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +26 -0
- data/.gitmodules +3 -0
- data/.travis.yml +19 -0
- data/Gemfile +8 -0
- data/Guardfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +26 -0
- data/Rakefile +30 -0
- data/WINDOWS_SUPPORT.md +118 -0
- data/appveyor.yml +56 -0
- data/bin/serverspec-init +7 -0
- data/lib/serverspec.rb +63 -0
- data/lib/serverspec/commands/base.rb +7 -0
- data/lib/serverspec/helper.rb +8 -0
- data/lib/serverspec/helper/type.rb +26 -0
- data/lib/serverspec/matcher.rb +39 -0
- data/lib/serverspec/matcher/be_enabled.rb +13 -0
- data/lib/serverspec/matcher/be_enforcing.rb +10 -0
- data/lib/serverspec/matcher/be_executable.rb +13 -0
- data/lib/serverspec/matcher/be_installed.rb +13 -0
- data/lib/serverspec/matcher/be_listening.rb +13 -0
- data/lib/serverspec/matcher/be_mounted.rb +15 -0
- data/lib/serverspec/matcher/be_permissive.rb +10 -0
- data/lib/serverspec/matcher/be_reachable.rb +17 -0
- data/lib/serverspec/matcher/be_readable.rb +13 -0
- data/lib/serverspec/matcher/be_resolvable.rb +9 -0
- data/lib/serverspec/matcher/be_running.rb +13 -0
- data/lib/serverspec/matcher/be_writable.rb +13 -0
- data/lib/serverspec/matcher/belong_to_group.rb +5 -0
- data/lib/serverspec/matcher/belong_to_primary_group.rb +5 -0
- data/lib/serverspec/matcher/contain.rb +28 -0
- data/lib/serverspec/matcher/have_entry.rb +14 -0
- data/lib/serverspec/matcher/have_rule.rb +17 -0
- data/lib/serverspec/matcher/have_site_application.rb +18 -0
- data/lib/serverspec/matcher/have_site_bindings.rb +22 -0
- data/lib/serverspec/matcher/have_virtual_dir.rb +14 -0
- data/lib/serverspec/power_assert.rb +14 -0
- data/lib/serverspec/setup.rb +338 -0
- data/lib/serverspec/subject.rb +12 -0
- data/lib/serverspec/type/base.rb +30 -0
- data/lib/serverspec/type/bond.rb +11 -0
- data/lib/serverspec/type/bridge.rb +11 -0
- data/lib/serverspec/type/cgroup.rb +17 -0
- data/lib/serverspec/type/command.rb +20 -0
- data/lib/serverspec/type/cron.rb +15 -0
- data/lib/serverspec/type/default_gateway.rb +15 -0
- data/lib/serverspec/type/docker_base.rb +29 -0
- data/lib/serverspec/type/docker_container.rb +27 -0
- data/lib/serverspec/type/docker_image.rb +4 -0
- data/lib/serverspec/type/file.rb +133 -0
- data/lib/serverspec/type/fstab.rb +11 -0
- data/lib/serverspec/type/group.rb +11 -0
- data/lib/serverspec/type/host.rb +21 -0
- data/lib/serverspec/type/iis_app_pool.rb +43 -0
- data/lib/serverspec/type/iis_website.rb +40 -0
- data/lib/serverspec/type/interface.rb +27 -0
- data/lib/serverspec/type/ip6tables.rb +13 -0
- data/lib/serverspec/type/ipfilter.rb +11 -0
- data/lib/serverspec/type/ipnat.rb +11 -0
- data/lib/serverspec/type/iptables.rb +11 -0
- data/lib/serverspec/type/kernel_module.rb +7 -0
- data/lib/serverspec/type/linux_audit_system.rb +45 -0
- data/lib/serverspec/type/linux_kernel_parameter.rb +10 -0
- data/lib/serverspec/type/lxc.rb +15 -0
- data/lib/serverspec/type/mail_alias.rb +7 -0
- data/lib/serverspec/type/mysql_config.rb +10 -0
- data/lib/serverspec/type/package.rb +66 -0
- data/lib/serverspec/type/php_config.rb +10 -0
- data/lib/serverspec/type/port.rb +40 -0
- data/lib/serverspec/type/ppa.rb +11 -0
- data/lib/serverspec/type/process.rb +27 -0
- data/lib/serverspec/type/routing_table.rb +11 -0
- data/lib/serverspec/type/selinux.rb +19 -0
- data/lib/serverspec/type/selinux_module.rb +11 -0
- data/lib/serverspec/type/service.rb +52 -0
- data/lib/serverspec/type/user.rb +43 -0
- data/lib/serverspec/type/windows_feature.rb +7 -0
- data/lib/serverspec/type/windows_hot_fix.rb +7 -0
- data/lib/serverspec/type/windows_registry_key.rb +19 -0
- data/lib/serverspec/type/windows_scheduled_task.rb +7 -0
- data/lib/serverspec/type/x509_certificate.rb +76 -0
- data/lib/serverspec/type/x509_private_key.rb +21 -0
- data/lib/serverspec/type/yumrepo.rb +11 -0
- data/lib/serverspec/type/zfs.rb +29 -0
- data/lib/serverspec/version.rb +3 -0
- data/serverspec.gemspec +28 -0
- data/spec/helper/type_spec.rb +6 -0
- data/spec/spec_helper.rb +28 -0
- data/spec/type/aix/file_spec.rb +31 -0
- data/spec/type/aix/group_spec.rb +7 -0
- data/spec/type/aix/package_spec.rb +7 -0
- data/spec/type/aix/port_spec.rb +20 -0
- data/spec/type/aix/service_spec.rb +12 -0
- data/spec/type/aix/user_spec.rb +16 -0
- data/spec/type/arch/file_spec.rb +15 -0
- data/spec/type/arch/package_spec.rb +19 -0
- data/spec/type/arch/service_spec.rb +9 -0
- data/spec/type/base/command_spec.rb +67 -0
- data/spec/type/base/cron_spec.rb +11 -0
- data/spec/type/base/default_gateway_spec.rb +11 -0
- data/spec/type/base/file_spec.rb +356 -0
- data/spec/type/base/group_spec.rb +11 -0
- data/spec/type/base/host_spec.rb +47 -0
- data/spec/type/base/mail_alias_spec.rb +7 -0
- data/spec/type/base/mysql_config_spec.rb +13 -0
- data/spec/type/base/package_spec.rb +51 -0
- data/spec/type/base/php_config_spec.rb +33 -0
- data/spec/type/base/port_spec.rb +34 -0
- data/spec/type/base/process_spec.rb +35 -0
- data/spec/type/base/routing_table_spec.rb +63 -0
- data/spec/type/base/service_spec.rb +49 -0
- data/spec/type/base/user_spec.rb +44 -0
- data/spec/type/darwin/file_spec.rb +41 -0
- data/spec/type/darwin/package_spec.rb +19 -0
- data/spec/type/darwin/port_spec.rb +27 -0
- data/spec/type/darwin/service_spec.rb +16 -0
- data/spec/type/debian/package_spec.rb +23 -0
- data/spec/type/debian/service_spec.rb +11 -0
- data/spec/type/fedora/service_spec.rb +15 -0
- data/spec/type/fedora15/service_spec.rb +15 -0
- data/spec/type/fedora20/service_spec.rb +15 -0
- data/spec/type/freebsd/file_spec.rb +29 -0
- data/spec/type/freebsd/package_spec.rb +19 -0
- data/spec/type/freebsd/port_spec.rb +27 -0
- data/spec/type/freebsd/service_spec.rb +8 -0
- data/spec/type/freebsd10/package_spec.rb +19 -0
- data/spec/type/gentoo/package_spec.rb +7 -0
- data/spec/type/gentoo/service_spec.rb +12 -0
- data/spec/type/linux/bond_spec.rb +12 -0
- data/spec/type/linux/bridge_spec.rb +12 -0
- data/spec/type/linux/cgroup_spec.rb +13 -0
- data/spec/type/linux/docker_container_pre_1_8_spec.rb +124 -0
- data/spec/type/linux/docker_container_spec.rb +126 -0
- data/spec/type/linux/docker_image_spec.rb +94 -0
- data/spec/type/linux/file_spec.rb +27 -0
- data/spec/type/linux/fstab_spec.rb +31 -0
- data/spec/type/linux/interface_spec.rb +30 -0
- data/spec/type/linux/ip6tables_spec.rb +19 -0
- data/spec/type/linux/iptables_spec.rb +11 -0
- data/spec/type/linux/kernel_module_spec.rb +7 -0
- data/spec/type/linux/linux_audit_system_spec.rb +139 -0
- data/spec/type/linux/linux_kernel_parameter_spec.rb +33 -0
- data/spec/type/linux/lxc_container_spec.rb +12 -0
- data/spec/type/linux/selinux_module_spec.rb +11 -0
- data/spec/type/linux/selinux_spec.rb +23 -0
- data/spec/type/linux/x509_certificate_spec.rb +62 -0
- data/spec/type/linux/x509_private_key_spec.rb +31 -0
- data/spec/type/linux/zfs_spec.rb +15 -0
- data/spec/type/nixos/package_spec.rb +15 -0
- data/spec/type/nixos/service_spec.rb +9 -0
- data/spec/type/openbsd/file_spec.rb +134 -0
- data/spec/type/openbsd/interface_spec.rb +21 -0
- data/spec/type/openbsd/mail_alias_spec.rb +7 -0
- data/spec/type/openbsd/package_spec.rb +11 -0
- data/spec/type/openbsd/port_spec.rb +7 -0
- data/spec/type/openbsd/service_spec.rb +13 -0
- data/spec/type/openbsd/user_spec.rb +12 -0
- data/spec/type/opensuse/service_spec.rb +16 -0
- data/spec/type/plamo/package_spec.rb +8 -0
- data/spec/type/plamo/service_spec.rb +8 -0
- data/spec/type/redhat/file_spec.rb +19 -0
- data/spec/type/redhat/package_spec.rb +23 -0
- data/spec/type/redhat/service_spec.rb +11 -0
- data/spec/type/redhat/yumrepo_spec.rb +11 -0
- data/spec/type/redhat5/iptables_spec.rb +11 -0
- data/spec/type/redhat7/service_spec.rb +9 -0
- data/spec/type/smartos/package_spec.rb +19 -0
- data/spec/type/smartos/service_spec.rb +16 -0
- data/spec/type/solaris/cron_spec.rb +11 -0
- data/spec/type/solaris/file_spec.rb +15 -0
- data/spec/type/solaris/group_spec.rb +7 -0
- data/spec/type/solaris/host_spec.rb +19 -0
- data/spec/type/solaris/ipfilter_spec.rb +7 -0
- data/spec/type/solaris/ipnat_spec.rb +7 -0
- data/spec/type/solaris/package_spec.rb +7 -0
- data/spec/type/solaris/port_spec.rb +34 -0
- data/spec/type/solaris/service_spec.rb +16 -0
- data/spec/type/solaris/user_spec.rb +16 -0
- data/spec/type/solaris/zfs_spec.rb +15 -0
- data/spec/type/solaris10/file_spec.rb +313 -0
- data/spec/type/solaris10/group_spec.rb +8 -0
- data/spec/type/solaris10/host_spec.rb +16 -0
- data/spec/type/solaris10/package_spec.rb +8 -0
- data/spec/type/solaris10/user_spec.rb +8 -0
- data/spec/type/suse/package_spec.rb +23 -0
- data/spec/type/suse/service_spec.rb +11 -0
- data/spec/type/ubuntu/ppa_spec.rb +11 -0
- data/spec/type/ubuntu/service_spec.rb +7 -0
- data/spec/type/windows/command_spec.rb +64 -0
- data/spec/type/windows/feature_spec.rb +17 -0
- data/spec/type/windows/file_spec.rb +120 -0
- data/spec/type/windows/group_spec.rb +23 -0
- data/spec/type/windows/host_spec.rb +32 -0
- data/spec/type/windows/hot_fix_spec.rb +22 -0
- data/spec/type/windows/iis_app_pool_spec.rb +17 -0
- data/spec/type/windows/iis_webisite_spec.rb +16 -0
- data/spec/type/windows/package_spec.rb +10 -0
- data/spec/type/windows/port_spec.rb +25 -0
- data/spec/type/windows/registry_key_spec.rb +58 -0
- data/spec/type/windows/scheduled_task_spec.rb +9 -0
- data/spec/type/windows/service_spec.rb +30 -0
- data/spec/type/windows/user_spec.rb +33 -0
- data/wercker.yml +1 -0
- metadata +450 -0
@@ -0,0 +1,94 @@
|
|
1
|
+
# -*- coding: utf-8 -*-
|
2
|
+
require 'spec_helper'
|
3
|
+
|
4
|
+
property[:os] = nil
|
5
|
+
set :os, {:family => 'linux'}
|
6
|
+
|
7
|
+
describe docker_image('busybox:latest') do
|
8
|
+
it { should exist }
|
9
|
+
end
|
10
|
+
|
11
|
+
describe docker_image('busybox:latest') do
|
12
|
+
let(:stdout) { inspect_image }
|
13
|
+
its(:inspection) { should include 'Architecture' => 'amd64' }
|
14
|
+
its(['Architecture']) { should eq 'amd64' }
|
15
|
+
its(['Config.Cmd']) { should include '/bin/sh' }
|
16
|
+
end
|
17
|
+
|
18
|
+
def inspect_image
|
19
|
+
<<'EOS'
|
20
|
+
[{
|
21
|
+
"Architecture": "amd64",
|
22
|
+
"Author": "Jérôme Petazzoni \u003cjerome@docker.com\u003e",
|
23
|
+
"Comment": "",
|
24
|
+
"Config": {
|
25
|
+
"AttachStderr": false,
|
26
|
+
"AttachStdin": false,
|
27
|
+
"AttachStdout": false,
|
28
|
+
"Cmd": [
|
29
|
+
"/bin/sh"
|
30
|
+
],
|
31
|
+
"CpuShares": 0,
|
32
|
+
"Cpuset": "",
|
33
|
+
"Domainname": "",
|
34
|
+
"Entrypoint": null,
|
35
|
+
"Env": [
|
36
|
+
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
37
|
+
],
|
38
|
+
"ExposedPorts": null,
|
39
|
+
"Hostname": "88f18f678e5d",
|
40
|
+
"Image": "e433a6c5b276a31aa38bf6eaba9cd1cfd69ea33f706ed72b3f20bafde5cd8644",
|
41
|
+
"Memory": 0,
|
42
|
+
"MemorySwap": 0,
|
43
|
+
"NetworkDisabled": false,
|
44
|
+
"OnBuild": [],
|
45
|
+
"OpenStdin": false,
|
46
|
+
"PortSpecs": null,
|
47
|
+
"StdinOnce": false,
|
48
|
+
"Tty": false,
|
49
|
+
"User": "",
|
50
|
+
"Volumes": null,
|
51
|
+
"WorkingDir": ""
|
52
|
+
},
|
53
|
+
"Container": "8e73b239682fe73338323d9af83d3c5aa5bb7d22a3fe84cbfcf5f47e756d6636",
|
54
|
+
"ContainerConfig": {
|
55
|
+
"AttachStderr": false,
|
56
|
+
"AttachStdin": false,
|
57
|
+
"AttachStdout": false,
|
58
|
+
"Cmd": [
|
59
|
+
"/bin/sh",
|
60
|
+
"-c",
|
61
|
+
"#(nop) CMD [/bin/sh]"
|
62
|
+
],
|
63
|
+
"CpuShares": 0,
|
64
|
+
"Cpuset": "",
|
65
|
+
"Domainname": "",
|
66
|
+
"Entrypoint": null,
|
67
|
+
"Env": [
|
68
|
+
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
69
|
+
],
|
70
|
+
"ExposedPorts": null,
|
71
|
+
"Hostname": "88f18f678e5d",
|
72
|
+
"Image": "e433a6c5b276a31aa38bf6eaba9cd1cfd69ea33f706ed72b3f20bafde5cd8644",
|
73
|
+
"Memory": 0,
|
74
|
+
"MemorySwap": 0,
|
75
|
+
"NetworkDisabled": false,
|
76
|
+
"OnBuild": [],
|
77
|
+
"OpenStdin": false,
|
78
|
+
"PortSpecs": null,
|
79
|
+
"StdinOnce": false,
|
80
|
+
"Tty": false,
|
81
|
+
"User": "",
|
82
|
+
"Volumes": null,
|
83
|
+
"WorkingDir": ""
|
84
|
+
},
|
85
|
+
"Created": "2014-10-01T20:46:08.914288461Z",
|
86
|
+
"DockerVersion": "1.2.0",
|
87
|
+
"Id": "e72ac664f4f0c6a061ac4ef332557a70d69b0c624b6add35f1c181ff7fff2287",
|
88
|
+
"Os": "linux",
|
89
|
+
"Parent": "e433a6c5b276a31aa38bf6eaba9cd1cfd69ea33f706ed72b3f20bafde5cd8644",
|
90
|
+
"Size": 0
|
91
|
+
}
|
92
|
+
]
|
93
|
+
EOS
|
94
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
property[:os] = nil
|
4
|
+
set :os, {:family => 'linux'}
|
5
|
+
|
6
|
+
describe file('/tmp') do
|
7
|
+
it { should be_readable.by_user('mail') }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe file('/tmp') do
|
11
|
+
it { should be_writable.by_user('mail') }
|
12
|
+
end
|
13
|
+
|
14
|
+
describe file('/tmp') do
|
15
|
+
it { should be_executable.by_user('mail') }
|
16
|
+
end
|
17
|
+
|
18
|
+
describe file('/tmp') do
|
19
|
+
it { should be_immutable }
|
20
|
+
end
|
21
|
+
|
22
|
+
describe file('/tmp') do
|
23
|
+
let(:exit_status) { 0 }
|
24
|
+
let(:stdout) { 'unconfined_u:unconfined_r:unconfined_t:s0' }
|
25
|
+
its(:selinux_label) { should eq 'unconfined_u:unconfined_r:unconfined_t:s0' }
|
26
|
+
end
|
27
|
+
|
@@ -0,0 +1,31 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
set :os, :family => 'linux'
|
4
|
+
|
5
|
+
describe fstab do
|
6
|
+
let(:stdout) { "/dev/sda1 /mnt ext4 ro,errors=remount-ro,barrier=0 0 2\r\n" }
|
7
|
+
it { should have_entry( :mount_point => '/mnt' ) }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe fstab do
|
11
|
+
let(:exit_status) { 1 }
|
12
|
+
it { should_not have_entry( :mount_point => '/mnt' ) }
|
13
|
+
end
|
14
|
+
|
15
|
+
describe fstab do
|
16
|
+
let(:stdout) { "/dev/sda1 /mnt ext4 ro,errors=remount-ro,barrier=0 0 2\r\n" }
|
17
|
+
it do
|
18
|
+
should have_entry(
|
19
|
+
:device => '/dev/sda1',
|
20
|
+
:mount_point => '/mnt',
|
21
|
+
:type => 'ext4',
|
22
|
+
:options => {
|
23
|
+
:ro => true,
|
24
|
+
:errors => 'remount-ro',
|
25
|
+
:barrier => 0
|
26
|
+
},
|
27
|
+
:dump => 0,
|
28
|
+
:pass => 2
|
29
|
+
)
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
set :os, :family => 'linux'
|
4
|
+
|
5
|
+
describe interface('eth0') do
|
6
|
+
let(:stdout) { '1000' }
|
7
|
+
its(:speed) { should eq 1000 }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe interface('eth0') do
|
11
|
+
it { should have_ipv4_address('192.168.10.10') }
|
12
|
+
end
|
13
|
+
|
14
|
+
describe interface('eth0') do
|
15
|
+
it { should have_ipv4_address('192.168.10.10/24') }
|
16
|
+
end
|
17
|
+
|
18
|
+
describe interface('eth0') do
|
19
|
+
it { should have_ipv6_address('2001:0db8:bd05:01d2:288a:1fc0:0001:10ee') }
|
20
|
+
end
|
21
|
+
|
22
|
+
describe interface('eth0') do
|
23
|
+
let(:stdout) { 'up' }
|
24
|
+
it { should be_up }
|
25
|
+
end
|
26
|
+
|
27
|
+
describe interface('invalid-interface') do
|
28
|
+
let(:stdout) { '1000' }
|
29
|
+
its(:speed) { should_not eq 100 }
|
30
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
set :os, :family => 'linux'
|
4
|
+
|
5
|
+
describe ip6tables do
|
6
|
+
it { should have_rule '-P INPUT ACCEPT' }
|
7
|
+
end
|
8
|
+
|
9
|
+
describe ip6tables do
|
10
|
+
it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') }
|
11
|
+
end
|
12
|
+
|
13
|
+
|
14
|
+
|
15
|
+
|
16
|
+
|
17
|
+
|
18
|
+
|
19
|
+
|
@@ -0,0 +1,139 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
set :os, :family => 'linux'
|
4
|
+
|
5
|
+
describe linux_audit_system do
|
6
|
+
let(:stdout) { out_auditctl1_1 }
|
7
|
+
it { should be_enabled }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe linux_audit_system do
|
11
|
+
let(:stdout) { out_auditctl1_2 }
|
12
|
+
it { should_not be_enabled }
|
13
|
+
end
|
14
|
+
|
15
|
+
describe linux_audit_system do
|
16
|
+
let(:stdout) { out_auditctl1_1 }
|
17
|
+
it { should be_running }
|
18
|
+
end
|
19
|
+
|
20
|
+
describe linux_audit_system do
|
21
|
+
let(:stdout) { out_auditctl1_3 }
|
22
|
+
it { should_not be_running }
|
23
|
+
end
|
24
|
+
|
25
|
+
describe linux_audit_system do
|
26
|
+
let(:stdout) { out_auditctl1_4 }
|
27
|
+
it { should_not be_running }
|
28
|
+
end
|
29
|
+
|
30
|
+
describe linux_audit_system do
|
31
|
+
let(:stdout) { out_auditctl2_1 }
|
32
|
+
it { should be_enabled }
|
33
|
+
end
|
34
|
+
|
35
|
+
describe linux_audit_system do
|
36
|
+
let(:stdout) { out_auditctl2_2 }
|
37
|
+
it { should_not be_enabled }
|
38
|
+
end
|
39
|
+
|
40
|
+
describe linux_audit_system do
|
41
|
+
let(:stdout) { out_auditctl2_1 }
|
42
|
+
it { should be_running }
|
43
|
+
end
|
44
|
+
|
45
|
+
describe linux_audit_system do
|
46
|
+
let(:stdout) { out_auditctl2_3 }
|
47
|
+
it { should_not be_running }
|
48
|
+
end
|
49
|
+
|
50
|
+
describe linux_audit_system do
|
51
|
+
let(:stdout) { out_auditctl2_4 }
|
52
|
+
it { should_not be_running }
|
53
|
+
end
|
54
|
+
|
55
|
+
describe linux_audit_system do
|
56
|
+
let(:stdout) { '-a -w /etc/sysconfig -p wa -k test' }
|
57
|
+
its(:rules) { should match %r!-w /etc/sysconfig.*-k test! }
|
58
|
+
end
|
59
|
+
|
60
|
+
describe linux_audit_system do
|
61
|
+
let(:stdout) { 'test' }
|
62
|
+
its(:rules) { should eq 'test' }
|
63
|
+
its(:rules) { should match /es/ }
|
64
|
+
its(:rules) { should_not match /ab/ }
|
65
|
+
end
|
66
|
+
|
67
|
+
# variants of auditctl -s output for different versions
|
68
|
+
|
69
|
+
def out_auditctl1_1
|
70
|
+
"AUDIT_STATUS: enabled=1 flag=1 pid=881 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
|
71
|
+
end
|
72
|
+
|
73
|
+
def out_auditctl1_2
|
74
|
+
"AUDIT_STATUS: enabled=0 flag=1 pid=881 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
|
75
|
+
end
|
76
|
+
|
77
|
+
def out_auditctl1_3
|
78
|
+
"AUDIT_STATUS: enabled=1 flag=1 pid=0 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
|
79
|
+
end
|
80
|
+
|
81
|
+
def out_auditctl1_4
|
82
|
+
"AUDIT_STATUS: enabled=1 flag=1 pid= rate_limit=0 backlog_limit=320 lost=0 backlog=0"
|
83
|
+
end
|
84
|
+
|
85
|
+
def out_auditctl2_1
|
86
|
+
<<EOS
|
87
|
+
enabled 1
|
88
|
+
failure 1
|
89
|
+
pid 5939
|
90
|
+
rate_limit 0
|
91
|
+
backlog_limit 64
|
92
|
+
lost 0
|
93
|
+
backlog 0
|
94
|
+
backlog_wait_time 60000
|
95
|
+
loginuid_immutable 0 unlocked
|
96
|
+
EOS
|
97
|
+
end
|
98
|
+
|
99
|
+
def out_auditctl2_2
|
100
|
+
<<EOS
|
101
|
+
enabled 0
|
102
|
+
failure 1
|
103
|
+
pid 5939
|
104
|
+
rate_limit 0
|
105
|
+
backlog_limit 64
|
106
|
+
lost 0
|
107
|
+
backlog 0
|
108
|
+
backlog_wait_time 60000
|
109
|
+
loginuid_immutable 0 unlocked
|
110
|
+
EOS
|
111
|
+
end
|
112
|
+
|
113
|
+
def out_auditctl2_3
|
114
|
+
<<EOS
|
115
|
+
enabled 0
|
116
|
+
failure 1
|
117
|
+
pid 0
|
118
|
+
rate_limit 0
|
119
|
+
backlog_limit 64
|
120
|
+
lost 0
|
121
|
+
backlog 0
|
122
|
+
backlog_wait_time 60000
|
123
|
+
loginuid_immutable 0 unlocked
|
124
|
+
EOS
|
125
|
+
end
|
126
|
+
|
127
|
+
def out_auditctl2_4
|
128
|
+
<<EOS
|
129
|
+
enabled 0
|
130
|
+
failure 1
|
131
|
+
pid
|
132
|
+
rate_limit 0
|
133
|
+
backlog_limit 64
|
134
|
+
lost 0
|
135
|
+
backlog 0
|
136
|
+
backlog_wait_time 60000
|
137
|
+
loginuid_immutable 0 unlocked
|
138
|
+
EOS
|
139
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
set :os, :family => 'linux'
|
4
|
+
|
5
|
+
describe linux_kernel_parameter('net.ipv4.tcp_syncookies') do
|
6
|
+
let(:stdout) { "1\n" }
|
7
|
+
its(:value) { should eq 1 }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe linux_kernel_parameter('net.ipv4.tcp_syncookies') do
|
11
|
+
let(:stdout) { "1\n" }
|
12
|
+
its(:value) { should_not eq 2 }
|
13
|
+
end
|
14
|
+
|
15
|
+
describe linux_kernel_parameter('kernel.osrelease') do
|
16
|
+
let(:stdout) { "2.6.32-131.0.15.el6.x86_64\n" }
|
17
|
+
its(:value) { should eq "2.6.32-131.0.15.el6.x86_64" }
|
18
|
+
end
|
19
|
+
|
20
|
+
describe linux_kernel_parameter('kernel.osrelease') do
|
21
|
+
let(:stdout) { "2.6.32-131.0.15.el6.x86_64\n" }
|
22
|
+
its(:value) { should_not eq "2.6.32-131.0.15.el6.i386" }
|
23
|
+
end
|
24
|
+
|
25
|
+
describe linux_kernel_parameter('net.ipv4.tcp_wmem') do
|
26
|
+
let(:stdout) { "4096 16384 4194304\n" }
|
27
|
+
its(:value) { should match /16384/ }
|
28
|
+
end
|
29
|
+
|
30
|
+
describe linux_kernel_parameter('net.ipv4.tcp_wmem') do
|
31
|
+
let(:stdout) { "4096 16384 4194304\n" }
|
32
|
+
its(:value) { should_not match /123456/ }
|
33
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
set :os, :family => 'linux'
|
4
|
+
|
5
|
+
describe selinux do
|
6
|
+
it { should be_enforcing }
|
7
|
+
end
|
8
|
+
|
9
|
+
describe selinux do
|
10
|
+
it { should be_enforcing.with_policy('mls') }
|
11
|
+
end
|
12
|
+
|
13
|
+
describe selinux do
|
14
|
+
it { should be_permissive }
|
15
|
+
end
|
16
|
+
|
17
|
+
describe selinux do
|
18
|
+
it { should be_permissive.with_policy('targeted') }
|
19
|
+
end
|
20
|
+
|
21
|
+
describe selinux do
|
22
|
+
it { should be_disabled }
|
23
|
+
end
|