serverspec 0.2.22 → 0.2.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. data/lib/serverspec.rb +22 -0
  2. data/lib/serverspec/backend/exec.rb +17 -12
  3. data/lib/serverspec/backend/ssh.rb +6 -1
  4. data/lib/serverspec/commands/base.rb +45 -37
  5. data/lib/serverspec/commands/debian.rb +3 -3
  6. data/lib/serverspec/commands/gentoo.rb +5 -4
  7. data/lib/serverspec/commands/linux.rb +22 -0
  8. data/lib/serverspec/commands/redhat.rb +3 -3
  9. data/lib/serverspec/commands/solaris.rb +22 -16
  10. data/lib/serverspec/matchers/be_reachable.rb +1 -0
  11. data/lib/serverspec/version.rb +1 -1
  12. data/spec/debian/commands_spec.rb +30 -29
  13. data/spec/gentoo/commands_spec.rb +30 -29
  14. data/spec/redhat/commands_spec.rb +29 -28
  15. data/spec/solaris/commands_spec.rb +30 -29
  16. metadata +99 -90
data/lib/serverspec/matchers/be_reachable.rb CHANGED
@@ -10,6 +10,7 @@ RSpec::Matchers.define :be_reachable do
10
10
 
11
11
  backend.check_reachable(example, host, port, proto, timeout)
12
12
  end
13
+
13
14
  chain :with do |attr|
14
15
  @attr = attr
15
16
  end
data/lib/serverspec/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Serverspec
2
- VERSION = "0.2.22"
2
+ VERSION = "0.2.23"
3
3
  end
data/spec/debian/commands_spec.rb CHANGED
@@ -2,7 +2,7 @@ require 'spec_helper'
2
2
 
3
3
  describe 'check_enabled', :os => :debian do
4
4
  subject { commands.check_enabled('httpd') }
5
- it { should eq 'ls /etc/rc3.d/ | grep httpd' }
5
+ it { should eq 'ls /etc/rc3.d/ | grep -- httpd' }
6
6
  end
7
7
 
8
8
  describe 'check_file', :os => :debian do
@@ -12,7 +12,7 @@ end
12
12
 
13
13
  describe 'check_mounted', :os => :debian do
14
14
  subject { commands.check_mounted('/') }
15
- it { should eq "mount | grep -w 'on /'" }
15
+ it { should eq "mount | grep -w -- on\\ /" }
16
16
  end
17
17
 
18
18
  describe 'check_reachable', :os => :debian do
@@ -33,7 +33,7 @@ end
33
33
  describe 'check_resolvable', :os => :debian do
34
34
  context "resolve localhost by hosts" do
35
35
  subject { commands.check_resolvable('localhost', 'hosts') }
36
- it { should eq "grep -w localhost /etc/hosts" }
36
+ it { should eq "grep -w -- localhost /etc/hosts" }
37
37
  end
38
38
  context "resolve localhost by dns" do
39
39
  subject { commands.check_resolvable('localhost', 'dns') }
@@ -57,7 +57,7 @@ end
57
57
 
58
58
  describe 'check_group', :os => :debian do
59
59
  subject { commands.check_group('wheel') }
60
- it { should eq 'getent group | grep -wq wheel' }
60
+ it { should eq 'getent group | grep -wq -- wheel' }
61
61
  end
62
62
 
63
63
  describe 'check_installed', :os => :debian do
@@ -67,7 +67,7 @@ end
67
67
 
68
68
  describe 'check_listening', :os => :debian do
69
69
  subject { commands.check_listening(80) }
70
- it { should eq "netstat -tunl | grep ':80 '" }
70
+ it { should eq "netstat -tunl | grep -- :80\\ " }
71
71
  end
72
72
 
73
73
  describe 'check_running', :os => :debian do
@@ -83,134 +83,135 @@ end
83
83
 
84
84
  describe 'check_process', :os => :debian do
85
85
  subject { commands.check_process('httpd') }
86
- it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
86
+ it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
87
87
  end
88
88
 
89
89
  describe 'check_file_contain', :os => :debian do
90
90
  subject { commands.check_file_contain('/etc/passwd', 'root') }
91
- it { should eq "grep -q 'root' /etc/passwd" }
91
+ it { should eq "grep -q -- root /etc/passwd" }
92
92
  end
93
93
 
94
94
  describe 'check_file_contain_within', :os => :debian do
95
95
  context 'contain a pattern in the file' do
96
96
  subject { commands.check_file_contain_within('Gemfile', 'rspec') }
97
- it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
97
+ it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
98
98
  end
99
99
 
100
100
  context 'contain a pattern after a line in a file' do
101
101
  subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
102
- it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
102
+ it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
103
103
  end
104
104
 
105
105
  context 'contain a pattern before a line in a file' do
106
106
  subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
107
- it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
107
+ it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
108
108
  end
109
109
 
110
110
  context 'contain a pattern from within a line and another line in a file' do
111
111
  subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
112
- it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
112
+ it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
113
113
  end
114
114
  end
115
115
 
116
116
  describe 'check_mode', :os => :debian do
117
117
  subject { commands.check_mode('/etc/sudoers', 440) }
118
- it { should eq 'stat -c %a /etc/sudoers | grep \'^440$\'' }
118
+ it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
119
119
  end
120
120
 
121
121
  describe 'check_owner', :os => :debian do
122
122
  subject { commands.check_owner('/etc/passwd', 'root') }
123
- it { should eq 'stat -c %U /etc/passwd | grep \'^root$\'' }
123
+ it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
124
124
  end
125
125
 
126
126
  describe 'check_grouped', :os => :debian do
127
127
  subject { commands.check_grouped('/etc/passwd', 'wheel') }
128
- it { should eq 'stat -c %G /etc/passwd | grep \'^wheel$\'' }
128
+ it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
129
129
  end
130
130
 
131
131
  describe 'check_cron_entry', :os => :debian do
132
132
  subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
133
- it { should eq 'crontab -u root -l | grep "\* \* \* \* \* /usr/local/bin/batch.sh"' }
133
+ it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
134
134
  end
135
135
 
136
136
  describe 'check_link', :os => :debian do
137
137
  subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
138
- it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
138
+ it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
139
139
  end
140
140
 
141
141
  describe 'check_installed_by_gem', :os => :debian do
142
142
  subject { commands.check_installed_by_gem('jekyll') }
143
- it { should eq 'gem list --local | grep \'^jekyll \'' }
143
+ it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
144
144
  end
145
145
 
146
146
  describe 'check_belonging_group', :os => :debian do
147
147
  subject { commands.check_belonging_group('root', 'wheel') }
148
- it { should eq "id root | awk '{print $3}' | grep wheel" }
148
+ it { should eq "id root | awk '{print $3}' | grep -- wheel" }
149
149
  end
150
150
 
151
151
  describe 'have_gid', :os => :debian do
152
152
  subject { commands.check_gid('root', 0) }
153
- it { should eq "getent group | grep -w ^root | cut -f 3 -d ':' | grep -w 0" }
153
+ it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
154
154
  end
155
155
 
156
156
  describe 'have_uid', :os => :debian do
157
157
  subject { commands.check_uid('root', 0) }
158
- it { should eq "id root | grep '^uid=0('" }
158
+ it { should eq "id root | grep -- \\^uid\\=0\\(" }
159
159
  end
160
160
 
161
161
  describe 'have_login_shell', :os => :debian do
162
162
  subject { commands.check_login_shell('root', '/bin/bash') }
163
- it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
163
+ it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
164
164
  end
165
165
 
166
166
  describe 'have_home_directory', :os => :debian do
167
167
  subject { commands.check_home_directory('root', '/root') }
168
- it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
168
+ it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
169
169
  end
170
170
 
171
171
  describe 'have_authorized_key', :os => :debian do
172
172
  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
173
+ escaped_key = key.gsub(/ /, '\ ')
173
174
 
174
175
  context 'with commented publickey' do
175
176
  commented_key = key + " foo@bar.local"
176
177
  subject { commands.check_authorized_key('root', commented_key) }
177
178
  describe 'when command insert publickey is removed comment' do
178
- it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
179
+ it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
179
180
  end
180
181
  end
181
182
 
182
183
  context 'with uncomented publickey' do
183
184
  subject { commands.check_authorized_key('root', key) }
184
- it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
185
+ it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
185
186
  end
186
187
  end
187
188
 
188
189
  describe 'check_ipatbles', :os => :debian do
189
190
  context 'check a rule without a table and a chain' do
190
191
  subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
191
- it { should eq "iptables -S | grep '\\-P INPUT ACCEPT'" }
192
+ it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
192
193
  end
193
194
 
194
195
  context 'chack a rule with a table and a chain' do
195
196
  subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
196
- it { should eq "iptables -t mangle -S INPUT | grep '\\-P INPUT ACCEPT'" }
197
+ it { should eq "iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
197
198
  end
198
199
  end
199
200
 
200
201
  describe 'check_selinux', :os => :debian do
201
202
  context 'enforcing' do
202
203
  subject { commands.check_selinux('enforcing') }
203
- it { should eq "/usr/sbin/getenforce | grep -i 'enforcing'" }
204
+ it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
204
205
  end
205
206
 
206
207
  context 'permissive' do
207
208
  subject { commands.check_selinux('permissive') }
208
- it { should eq "/usr/sbin/getenforce | grep -i 'permissive'" }
209
+ it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
209
210
  end
210
211
 
211
212
  context 'disabled' do
212
213
  subject { commands.check_selinux('disabled') }
213
- it { should eq "/usr/sbin/getenforce | grep -i 'disabled'" }
214
+ it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
214
215
  end
215
216
  end
216
217
 
data/spec/gentoo/commands_spec.rb CHANGED
@@ -2,7 +2,7 @@ require 'spec_helper'
2
2
 
3
3
  describe 'check_enabled', :os => :gentoo do
4
4
  subject { commands.check_enabled('httpd') }
5
- it { should eq "/sbin/rc-update show | grep '^\\s*httpd\\s*|\\s*\\(boot\\|default\\)'" }
5
+ it { should eq "/sbin/rc-update show | grep -- \\^\\\\s\\*httpd\\\\s\\*\\|\\\\s\\*\\\\\\(boot\\\\\\|default\\\\\\)" }
6
6
  end
7
7
 
8
8
  describe 'check_file', :os => :gentoo do
@@ -12,7 +12,7 @@ end
12
12
 
13
13
  describe 'check_mounted', :os => :gentoo do
14
14
  subject { commands.check_mounted('/') }
15
- it { should eq "mount | grep -w 'on /'" }
15
+ it { should eq "mount | grep -w -- on\\ /" }
16
16
  end
17
17
 
18
18
  describe 'check_reachable', :os => :gentoo do
@@ -33,7 +33,7 @@ end
33
33
  describe 'check_resolvable', :os => :gentoo do
34
34
  context "resolve localhost by hosts" do
35
35
  subject { commands.check_resolvable('localhost', 'hosts') }
36
- it { should eq "grep -w localhost /etc/hosts" }
36
+ it { should eq "grep -w -- localhost /etc/hosts" }
37
37
  end
38
38
  context "resolve localhost by dns" do
39
39
  subject { commands.check_resolvable('localhost', 'dns') }
@@ -57,7 +57,7 @@ end
57
57
 
58
58
  describe 'check_group', :os => :gentoo do
59
59
  subject { commands.check_group('wheel') }
60
- it { should eq 'getent group | grep -wq wheel' }
60
+ it { should eq 'getent group | grep -wq -- wheel' }
61
61
  end
62
62
 
63
63
  describe 'check_installed', :os => :gentoo do
@@ -67,7 +67,7 @@ end
67
67
 
68
68
  describe 'check_listening', :os => :gentoo do
69
69
  subject { commands.check_listening(80) }
70
- it { should eq "netstat -tunl | grep ':80 '" }
70
+ it { should eq "netstat -tunl | grep -- :80\\ " }
71
71
  end
72
72
 
73
73
  describe 'check_running', :os => :gentoo do
@@ -82,134 +82,135 @@ end
82
82
 
83
83
  describe 'check_process', :os => :gentoo do
84
84
  subject { commands.check_process('httpd') }
85
- it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
85
+ it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
86
86
  end
87
87
 
88
88
  describe 'check_file_contain', :os => :gentoo do
89
89
  subject { commands.check_file_contain('/etc/passwd', 'root') }
90
- it { should eq "grep -q 'root' /etc/passwd" }
90
+ it { should eq "grep -q -- root /etc/passwd" }
91
91
  end
92
92
 
93
93
  describe 'check_file_contain_within', :os => :gentoo do
94
94
  context 'contain a pattern in the file' do
95
95
  subject { commands.check_file_contain_within('Gemfile', 'rspec') }
96
- it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
96
+ it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
97
97
  end
98
98
 
99
99
  context 'contain a pattern after a line in a file' do
100
100
  subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
101
- it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
101
+ it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
102
102
  end
103
103
 
104
104
  context 'contain a pattern before a line in a file' do
105
105
  subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
106
- it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
106
+ it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
107
107
  end
108
108
 
109
109
  context 'contain a pattern from within a line and another line in a file' do
110
110
  subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
111
- it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
111
+ it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
112
112
  end
113
113
  end
114
114
 
115
115
  describe 'check_mode', :os => :gentoo do
116
116
  subject { commands.check_mode('/etc/sudoers', 440) }
117
- it { should eq 'stat -c %a /etc/sudoers | grep \'^440$\'' }
117
+ it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
118
118
  end
119
119
 
120
120
  describe 'check_owner', :os => :gentoo do
121
121
  subject { commands.check_owner('/etc/passwd', 'root') }
122
- it { should eq 'stat -c %U /etc/passwd | grep \'^root$\'' }
122
+ it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
123
123
  end
124
124
 
125
125
  describe 'check_grouped', :os => :gentoo do
126
126
  subject { commands.check_grouped('/etc/passwd', 'wheel') }
127
- it { should eq 'stat -c %G /etc/passwd | grep \'^wheel$\'' }
127
+ it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
128
128
  end
129
129
 
130
130
  describe 'check_cron_entry', :os => :gentoo do
131
131
  subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
132
- it { should eq 'crontab -u root -l | grep "\* \* \* \* \* /usr/local/bin/batch.sh"' }
132
+ it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
133
133
  end
134
134
 
135
135
  describe 'check_link', :os => :gentoo do
136
136
  subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
137
- it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
137
+ it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
138
138
  end
139
139
 
140
140
  describe 'check_installed_by_gem', :os => :gentoo do
141
141
  subject { commands.check_installed_by_gem('jekyll') }
142
- it { should eq 'gem list --local | grep \'^jekyll \'' }
142
+ it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
143
143
  end
144
144
 
145
145
  describe 'check_belonging_group', :os => :gentoo do
146
146
  subject { commands.check_belonging_group('root', 'wheel') }
147
- it { should eq "id root | awk '{print $3}' | grep wheel" }
147
+ it { should eq "id root | awk '{print $3}' | grep -- wheel" }
148
148
  end
149
149
 
150
150
  describe 'have_gid', :os => :gentoo do
151
151
  subject { commands.check_gid('root', 0) }
152
- it { should eq "getent group | grep -w ^root | cut -f 3 -d ':' | grep -w 0" }
152
+ it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
153
153
  end
154
154
 
155
155
  describe 'have_uid', :os => :gentoo do
156
156
  subject { commands.check_uid('root', 0) }
157
- it { should eq "id root | grep '^uid=0('" }
157
+ it { should eq "id root | grep -- \\^uid\\=0\\(" }
158
158
  end
159
159
 
160
160
  describe 'have_login_shell', :os => :gentoo do
161
161
  subject { commands.check_login_shell('root', '/bin/bash') }
162
- it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
162
+ it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
163
163
  end
164
164
 
165
165
  describe 'have_home_directory', :os => :gentoo do
166
166
  subject { commands.check_home_directory('root', '/root') }
167
- it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
167
+ it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
168
168
  end
169
169
 
170
170
  describe 'have_authorized_key', :os => :gentoo do
171
171
  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
172
+ escaped_key = key.gsub(/ /, '\ ')
172
173
 
173
174
  context 'with commented publickey' do
174
175
  commented_key = key + " foo@bar.local"
175
176
  subject { commands.check_authorized_key('root', commented_key) }
176
177
  describe 'when command insert publickey is removed comment' do
177
- it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
178
+ it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
178
179
  end
179
180
  end
180
181
 
181
182
  context 'with uncomented publickey' do
182
183
  subject { commands.check_authorized_key('root', key) }
183
- it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
184
+ it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
184
185
  end
185
186
  end
186
187
 
187
188
  describe 'check_ipatbles', :os => :gentoo do
188
189
  context 'check a rule without a table and a chain' do
189
190
  subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
190
- it { should eq "iptables -S | grep '\\-P INPUT ACCEPT'" }
191
+ it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
191
192
  end
192
193
 
193
194
  context 'chack a rule with a table and a chain' do
194
195
  subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
195
- it { should eq "iptables -t mangle -S INPUT | grep '\\-P INPUT ACCEPT'" }
196
+ it { should eq "iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
196
197
  end
197
198
  end
198
199
 
199
200
  describe 'check_selinux', :os => :gentoo do
200
201
  context 'enforcing' do
201
202
  subject { commands.check_selinux('enforcing') }
202
- it { should eq "/usr/sbin/getenforce | grep -i 'enforcing'" }
203
+ it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
203
204
  end
204
205
 
205
206
  context 'permissive' do
206
207
  subject { commands.check_selinux('permissive') }
207
- it { should eq "/usr/sbin/getenforce | grep -i 'permissive'" }
208
+ it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
208
209
  end
209
210
 
210
211
  context 'disabled' do
211
212
  subject { commands.check_selinux('disabled') }
212
- it { should eq "/usr/sbin/getenforce | grep -i 'disabled'" }
213
+ it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
213
214
  end
214
215
  end
215
216
 
data/spec/redhat/commands_spec.rb CHANGED
@@ -12,7 +12,7 @@ end
12
12
 
13
13
  describe 'check_mounted', :os => :redhat do
14
14
  subject { commands.check_mounted('/') }
15
- it { should eq "mount | grep -w 'on /'" }
15
+ it { should eq "mount | grep -w -- on\\ /" }
16
16
  end
17
17
 
18
18
  describe 'check_reachable', :os => :redhat do
@@ -33,7 +33,7 @@ end
33
33
  describe 'check_resolvable', :os => :redhat do
34
34
  context "resolve localhost by hosts" do
35
35
  subject { commands.check_resolvable('localhost', 'hosts') }
36
- it { should eq "grep -w localhost /etc/hosts" }
36
+ it { should eq "grep -w -- localhost /etc/hosts" }
37
37
  end
38
38
  context "resolve localhost by dns" do
39
39
  subject { commands.check_resolvable('localhost', 'dns') }
@@ -57,7 +57,7 @@ end
57
57
 
58
58
  describe 'check_group', :os => :redhat do
59
59
  subject { commands.check_group('wheel') }
60
- it { should eq 'getent group | grep -wq wheel' }
60
+ it { should eq 'getent group | grep -wq -- wheel' }
61
61
  end
62
62
 
63
63
  describe 'check_installed', :os => :redhat do
@@ -67,7 +67,7 @@ end
67
67
 
68
68
  describe 'check_listening', :os => :redhat do
69
69
  subject { commands.check_listening(80) }
70
- it { should eq "netstat -tunl | grep ':80 '" }
70
+ it { should eq "netstat -tunl | grep -- :80\\ " }
71
71
  end
72
72
 
73
73
  describe 'check_running', :os => :redhat do
@@ -82,134 +82,135 @@ end
82
82
 
83
83
  describe 'check_process', :os => :redhat do
84
84
  subject { commands.check_process('httpd') }
85
- it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
85
+ it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
86
86
  end
87
87
 
88
88
  describe 'check_file_contain', :os => :redhat do
89
89
  subject { commands.check_file_contain('/etc/passwd', 'root') }
90
- it { should eq "grep -q 'root' /etc/passwd" }
90
+ it { should eq "grep -q -- root /etc/passwd" }
91
91
  end
92
92
 
93
93
  describe 'check_file_contain_within', :os => :redhat do
94
94
  context 'contain a pattern in the file' do
95
95
  subject { commands.check_file_contain_within('Gemfile', 'rspec') }
96
- it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
96
+ it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
97
97
  end
98
98
 
99
99
  context 'contain a pattern after a line in a file' do
100
100
  subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
101
- it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
101
+ it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
102
102
  end
103
103
 
104
104
  context 'contain a pattern before a line in a file' do
105
105
  subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
106
- it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
106
+ it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
107
107
  end
108
108
 
109
109
  context 'contain a pattern from within a line and another line in a file' do
110
110
  subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
111
- it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
111
+ it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
112
112
  end
113
113
  end
114
114
 
115
115
  describe 'check_mode', :os => :redhat do
116
116
  subject { commands.check_mode('/etc/sudoers', 440) }
117
- it { should eq 'stat -c %a /etc/sudoers | grep \'^440$\'' }
117
+ it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
118
118
  end
119
119
 
120
120
  describe 'check_owner', :os => :redhat do
121
121
  subject { commands.check_owner('/etc/passwd', 'root') }
122
- it { should eq 'stat -c %U /etc/passwd | grep \'^root$\'' }
122
+ it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
123
123
  end
124
124
 
125
125
  describe 'check_grouped', :os => :redhat do
126
126
  subject { commands.check_grouped('/etc/passwd', 'wheel') }
127
- it { should eq 'stat -c %G /etc/passwd | grep \'^wheel$\'' }
127
+ it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
128
128
  end
129
129
 
130
130
  describe 'check_cron_entry', :os => :redhat do
131
131
  subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
132
- it { should eq 'crontab -u root -l | grep "\* \* \* \* \* /usr/local/bin/batch.sh"' }
132
+ it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
133
133
  end
134
134
 
135
135
  describe 'check_link', :os => :redhat do
136
136
  subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
137
- it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
137
+ it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
138
138
  end
139
139
 
140
140
  describe 'check_installed_by_gem', :os => :redhat do
141
141
  subject { commands.check_installed_by_gem('jekyll') }
142
- it { should eq 'gem list --local | grep \'^jekyll \'' }
142
+ it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
143
143
  end
144
144
 
145
145
  describe 'check_belonging_group', :os => :redhat do
146
146
  subject { commands.check_belonging_group('root', 'wheel') }
147
- it { should eq "id root | awk '{print $3}' | grep wheel" }
147
+ it { should eq "id root | awk '{print $3}' | grep -- wheel" }
148
148
  end
149
149
 
150
150
  describe 'have_gid', :os => :redhat do
151
151
  subject { commands.check_gid('root', 0) }
152
- it { should eq "getent group | grep -w ^root | cut -f 3 -d ':' | grep -w 0" }
152
+ it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
153
153
  end
154
154
 
155
155
  describe 'have_uid', :os => :redhat do
156
156
  subject { commands.check_uid('root', 0) }
157
- it { should eq "id root | grep '^uid=0('" }
157
+ it { should eq "id root | grep -- \\^uid\\=0\\(" }
158
158
  end
159
159
 
160
160
  describe 'have_login_shell', :os => :redhat do
161
161
  subject { commands.check_login_shell('root', '/bin/bash') }
162
- it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
162
+ it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
163
163
  end
164
164
 
165
165
  describe 'have_home_directory', :os => :redhat do
166
166
  subject { commands.check_home_directory('root', '/root') }
167
- it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
167
+ it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
168
168
  end
169
169
 
170
170
  describe 'have_authorized_key', :os => :redhat do
171
171
  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
172
+ escaped_key = key.gsub(/ /, '\ ')
172
173
 
173
174
  context 'with commented publickey' do
174
175
  commented_key = key + " foo@bar.local"
175
176
  subject { commands.check_authorized_key('root', commented_key) }
176
177
  describe 'when command insert publickey is removed comment' do
177
- it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
178
+ it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
178
179
  end
179
180
  end
180
181
 
181
182
  context 'with uncomented publickey' do
182
183
  subject { commands.check_authorized_key('root', key) }
183
- it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
184
+ it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
184
185
  end
185
186
  end
186
187
 
187
188
  describe 'check_ipatbles', :os => :redhat do
188
189
  context 'check a rule without a table and a chain' do
189
190
  subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
190
- it { should eq "iptables -S | grep '\\-P INPUT ACCEPT'" }
191
+ it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
191
192
  end
192
193
 
193
194
  context 'chack a rule with a table and a chain' do
194
195
  subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
195
- it { should eq "iptables -t mangle -S INPUT | grep '\\-P INPUT ACCEPT'" }
196
+ it { should eq "iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
196
197
  end
197
198
  end
198
199
 
199
200
  describe 'check_selinux', :os => :redhat do
200
201
  context 'enforcing' do
201
202
  subject { commands.check_selinux('enforcing') }
202
- it { should eq "/usr/sbin/getenforce | grep -i 'enforcing'" }
203
+ it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
203
204
  end
204
205
 
205
206
  context 'permissive' do
206
207
  subject { commands.check_selinux('permissive') }
207
- it { should eq "/usr/sbin/getenforce | grep -i 'permissive'" }
208
+ it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
208
209
  end
209
210
 
210
211
  context 'disabled' do
211
212
  subject { commands.check_selinux('disabled') }
212
- it { should eq "/usr/sbin/getenforce | grep -i 'disabled'" }
213
+ it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
213
214
  end
214
215
  end
215
216