serverspec 0.2.22 → 0.2.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. data/lib/serverspec.rb +22 -0
  2. data/lib/serverspec/backend/exec.rb +17 -12
  3. data/lib/serverspec/backend/ssh.rb +6 -1
  4. data/lib/serverspec/commands/base.rb +45 -37
  5. data/lib/serverspec/commands/debian.rb +3 -3
  6. data/lib/serverspec/commands/gentoo.rb +5 -4
  7. data/lib/serverspec/commands/linux.rb +22 -0
  8. data/lib/serverspec/commands/redhat.rb +3 -3
  9. data/lib/serverspec/commands/solaris.rb +22 -16
  10. data/lib/serverspec/matchers/be_reachable.rb +1 -0
  11. data/lib/serverspec/version.rb +1 -1
  12. data/spec/debian/commands_spec.rb +30 -29
  13. data/spec/gentoo/commands_spec.rb +30 -29
  14. data/spec/redhat/commands_spec.rb +29 -28
  15. data/spec/solaris/commands_spec.rb +30 -29
  16. metadata +99 -90
data/lib/serverspec/matchers/be_reachable.rb CHANGED
@@ -10,6 +10,7 @@ RSpec::Matchers.define :be_reachable do
10
10
 
11
11
  backend.check_reachable(example, host, port, proto, timeout)
12
12
  end
13
+
13
14
  chain :with do |attr|
14
15
  @attr = attr
15
16
  end
data/lib/serverspec/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Serverspec
2
- VERSION = "0.2.22"
2
+ VERSION = "0.2.23"
3
3
  end
data/spec/debian/commands_spec.rb CHANGED
@@ -2,7 +2,7 @@ require 'spec_helper'
2
2
 
3
3
  describe 'check_enabled', :os => :debian do
4
4
  subject { commands.check_enabled('httpd') }
5
- it { should eq 'ls /etc/rc3.d/ | grep httpd' }
5
+ it { should eq 'ls /etc/rc3.d/ | grep -- httpd' }
6
6
  end
7
7
 
8
8
  describe 'check_file', :os => :debian do
@@ -12,7 +12,7 @@ end
12
12
 
13
13
  describe 'check_mounted', :os => :debian do
14
14
  subject { commands.check_mounted('/') }
15
- it { should eq "mount | grep -w 'on /'" }
15
+ it { should eq "mount | grep -w -- on\\ /" }
16
16
  end
17
17
 
18
18
  describe 'check_reachable', :os => :debian do
@@ -33,7 +33,7 @@ end
33
33
  describe 'check_resolvable', :os => :debian do
34
34
  context "resolve localhost by hosts" do
35
35
  subject { commands.check_resolvable('localhost', 'hosts') }
36
- it { should eq "grep -w localhost /etc/hosts" }
36
+ it { should eq "grep -w -- localhost /etc/hosts" }
37
37
  end
38
38
  context "resolve localhost by dns" do
39
39
  subject { commands.check_resolvable('localhost', 'dns') }
@@ -57,7 +57,7 @@ end
57
57
 
58
58
  describe 'check_group', :os => :debian do
59
59
  subject { commands.check_group('wheel') }
60
- it { should eq 'getent group | grep -wq wheel' }
60
+ it { should eq 'getent group | grep -wq -- wheel' }
61
61
  end
62
62
 
63
63
  describe 'check_installed', :os => :debian do
@@ -67,7 +67,7 @@ end
67
67
 
68
68
  describe 'check_listening', :os => :debian do
69
69
  subject { commands.check_listening(80) }
70
- it { should eq "netstat -tunl | grep ':80 '" }
70
+ it { should eq "netstat -tunl | grep -- :80\\ " }
71
71
  end
72
72
 
73
73
  describe 'check_running', :os => :debian do
@@ -83,134 +83,135 @@ end
83
83
 
84
84
  describe 'check_process', :os => :debian do
85
85
  subject { commands.check_process('httpd') }
86
- it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
86
+ it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
87
87
  end
88
88
 
89
89
  describe 'check_file_contain', :os => :debian do
90
90
  subject { commands.check_file_contain('/etc/passwd', 'root') }
91
- it { should eq "grep -q 'root' /etc/passwd" }
91
+ it { should eq "grep -q -- root /etc/passwd" }
92
92
  end
93
93
 
94
94
  describe 'check_file_contain_within', :os => :debian do
95
95
  context 'contain a pattern in the file' do
96
96
  subject { commands.check_file_contain_within('Gemfile', 'rspec') }
97
- it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
97
+ it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
98
98
  end
99
99
 
100
100
  context 'contain a pattern after a line in a file' do
101
101
  subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
102
- it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
102
+ it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
103
103
  end
104
104
 
105
105
  context 'contain a pattern before a line in a file' do
106
106
  subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
107
- it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
107
+ it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
108
108
  end
109
109
 
110
110
  context 'contain a pattern from within a line and another line in a file' do
111
111
  subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
112
- it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
112
+ it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
113
113
  end
114
114
  end
115
115
 
116
116
  describe 'check_mode', :os => :debian do
117
117
  subject { commands.check_mode('/etc/sudoers', 440) }
118
- it { should eq 'stat -c %a /etc/sudoers | grep \'^440$\'' }
118
+ it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
119
119
  end
120
120
 
121
121
  describe 'check_owner', :os => :debian do
122
122
  subject { commands.check_owner('/etc/passwd', 'root') }
123
- it { should eq 'stat -c %U /etc/passwd | grep \'^root$\'' }
123
+ it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
124
124
  end
125
125
 
126
126
  describe 'check_grouped', :os => :debian do
127
127
  subject { commands.check_grouped('/etc/passwd', 'wheel') }
128
- it { should eq 'stat -c %G /etc/passwd | grep \'^wheel$\'' }
128
+ it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
129
129
  end
130
130
 
131
131
  describe 'check_cron_entry', :os => :debian do
132
132
  subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
133
- it { should eq 'crontab -u root -l | grep "\* \* \* \* \* /usr/local/bin/batch.sh"' }
133
+ it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
134
134
  end
135
135
 
136
136
  describe 'check_link', :os => :debian do
137
137
  subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
138
- it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
138
+ it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
139
139
  end
140
140
 
141
141
  describe 'check_installed_by_gem', :os => :debian do
142
142
  subject { commands.check_installed_by_gem('jekyll') }
143
- it { should eq 'gem list --local | grep \'^jekyll \'' }
143
+ it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
144
144
  end
145
145
 
146
146
  describe 'check_belonging_group', :os => :debian do
147
147
  subject { commands.check_belonging_group('root', 'wheel') }
148
- it { should eq "id root | awk '{print $3}' | grep wheel" }
148
+ it { should eq "id root | awk '{print $3}' | grep -- wheel" }
149
149
  end
150
150
 
151
151
  describe 'have_gid', :os => :debian do
152
152
  subject { commands.check_gid('root', 0) }
153
- it { should eq "getent group | grep -w ^root | cut -f 3 -d ':' | grep -w 0" }
153
+ it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
154
154
  end
155
155
 
156
156
  describe 'have_uid', :os => :debian do
157
157
  subject { commands.check_uid('root', 0) }
158
- it { should eq "id root | grep '^uid=0('" }
158
+ it { should eq "id root | grep -- \\^uid\\=0\\(" }
159
159
  end
160
160
 
161
161
  describe 'have_login_shell', :os => :debian do
162
162
  subject { commands.check_login_shell('root', '/bin/bash') }
163
- it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
163
+ it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
164
164
  end
165
165
 
166
166
  describe 'have_home_directory', :os => :debian do
167
167
  subject { commands.check_home_directory('root', '/root') }
168
- it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
168
+ it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
169
169
  end
170
170
 
171
171
  describe 'have_authorized_key', :os => :debian do
172
172
  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
173
+ escaped_key = key.gsub(/ /, '\ ')
173
174
 
174
175
  context 'with commented publickey' do
175
176
  commented_key = key + " foo@bar.local"
176
177
  subject { commands.check_authorized_key('root', commented_key) }
177
178
  describe 'when command insert publickey is removed comment' do
178
- it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
179
+ it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
179
180
  end
180
181
  end
181
182
 
182
183
  context 'with uncomented publickey' do
183
184
  subject { commands.check_authorized_key('root', key) }
184
- it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
185
+ it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
185
186
  end
186
187
  end
187
188
 
188
189
  describe 'check_ipatbles', :os => :debian do
189
190
  context 'check a rule without a table and a chain' do
190
191
  subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
191
- it { should eq "iptables -S | grep '\\-P INPUT ACCEPT'" }
192
+ it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
192
193
  end
193
194
 
194
195
  context 'chack a rule with a table and a chain' do
195
196
  subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
196
- it { should eq "iptables -t mangle -S INPUT | grep '\\-P INPUT ACCEPT'" }
197
+ it { should eq "iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
197
198
  end
198
199
  end
199
200
 
200
201
  describe 'check_selinux', :os => :debian do
201
202
  context 'enforcing' do
202
203
  subject { commands.check_selinux('enforcing') }
203
- it { should eq "/usr/sbin/getenforce | grep -i 'enforcing'" }
204
+ it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
204
205
  end
205
206
 
206
207
  context 'permissive' do
207
208
  subject { commands.check_selinux('permissive') }
208
- it { should eq "/usr/sbin/getenforce | grep -i 'permissive'" }
209
+ it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
209
210
  end
210
211
 
211
212
  context 'disabled' do
212
213
  subject { commands.check_selinux('disabled') }
213
- it { should eq "/usr/sbin/getenforce | grep -i 'disabled'" }
214
+ it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
214
215
  end
215
216
  end
216
217
 
data/spec/gentoo/commands_spec.rb CHANGED
@@ -2,7 +2,7 @@ require 'spec_helper'
2
2
 
3
3
  describe 'check_enabled', :os => :gentoo do
4
4
  subject { commands.check_enabled('httpd') }
5
- it { should eq "/sbin/rc-update show | grep '^\\s*httpd\\s*|\\s*\\(boot\\|default\\)'" }
5
+ it { should eq "/sbin/rc-update show | grep -- \\^\\\\s\\*httpd\\\\s\\*\\|\\\\s\\*\\\\\\(boot\\\\\\|default\\\\\\)" }
6
6
  end
7
7
 
8
8
  describe 'check_file', :os => :gentoo do
@@ -12,7 +12,7 @@ end
12
12
 
13
13
  describe 'check_mounted', :os => :gentoo do
14
14
  subject { commands.check_mounted('/') }
15
- it { should eq "mount | grep -w 'on /'" }
15
+ it { should eq "mount | grep -w -- on\\ /" }
16
16
  end
17
17
 
18
18
  describe 'check_reachable', :os => :gentoo do
@@ -33,7 +33,7 @@ end
33
33
  describe 'check_resolvable', :os => :gentoo do
34
34
  context "resolve localhost by hosts" do
35
35
  subject { commands.check_resolvable('localhost', 'hosts') }
36
- it { should eq "grep -w localhost /etc/hosts" }
36
+ it { should eq "grep -w -- localhost /etc/hosts" }
37
37
  end
38
38
  context "resolve localhost by dns" do
39
39
  subject { commands.check_resolvable('localhost', 'dns') }
@@ -57,7 +57,7 @@ end
57
57
 
58
58
  describe 'check_group', :os => :gentoo do
59
59
  subject { commands.check_group('wheel') }
60
- it { should eq 'getent group | grep -wq wheel' }
60
+ it { should eq 'getent group | grep -wq -- wheel' }
61
61
  end
62
62
 
63
63
  describe 'check_installed', :os => :gentoo do
@@ -67,7 +67,7 @@ end
67
67
 
68
68
  describe 'check_listening', :os => :gentoo do
69
69
  subject { commands.check_listening(80) }
70
- it { should eq "netstat -tunl | grep ':80 '" }
70
+ it { should eq "netstat -tunl | grep -- :80\\ " }
71
71
  end
72
72
 
73
73
  describe 'check_running', :os => :gentoo do
@@ -82,134 +82,135 @@ end
82
82
 
83
83
  describe 'check_process', :os => :gentoo do
84
84
  subject { commands.check_process('httpd') }
85
- it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
85
+ it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
86
86
  end
87
87
 
88
88
  describe 'check_file_contain', :os => :gentoo do
89
89
  subject { commands.check_file_contain('/etc/passwd', 'root') }
90
- it { should eq "grep -q 'root' /etc/passwd" }
90
+ it { should eq "grep -q -- root /etc/passwd" }
91
91
  end
92
92
 
93
93
  describe 'check_file_contain_within', :os => :gentoo do
94
94
  context 'contain a pattern in the file' do
95
95
  subject { commands.check_file_contain_within('Gemfile', 'rspec') }
96
- it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
96
+ it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
97
97
  end
98
98
 
99
99
  context 'contain a pattern after a line in a file' do
100
100
  subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
101
- it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
101
+ it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
102
102
  end
103
103
 
104
104
  context 'contain a pattern before a line in a file' do
105
105
  subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
106
- it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
106
+ it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
107
107
  end
108
108
 
109
109
  context 'contain a pattern from within a line and another line in a file' do
110
110
  subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
111
- it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
111
+ it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
112
112
  end
113
113
  end
114
114
 
115
115
  describe 'check_mode', :os => :gentoo do
116
116
  subject { commands.check_mode('/etc/sudoers', 440) }
117
- it { should eq 'stat -c %a /etc/sudoers | grep \'^440$\'' }
117
+ it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
118
118
  end
119
119
 
120
120
  describe 'check_owner', :os => :gentoo do
121
121
  subject { commands.check_owner('/etc/passwd', 'root') }
122
- it { should eq 'stat -c %U /etc/passwd | grep \'^root$\'' }
122
+ it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
123
123
  end
124
124
 
125
125
  describe 'check_grouped', :os => :gentoo do
126
126
  subject { commands.check_grouped('/etc/passwd', 'wheel') }
127
- it { should eq 'stat -c %G /etc/passwd | grep \'^wheel$\'' }
127
+ it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
128
128
  end
129
129
 
130
130
  describe 'check_cron_entry', :os => :gentoo do
131
131
  subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
132
- it { should eq 'crontab -u root -l | grep "\* \* \* \* \* /usr/local/bin/batch.sh"' }
132
+ it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
133
133
  end
134
134
 
135
135
  describe 'check_link', :os => :gentoo do
136
136
  subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
137
- it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
137
+ it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
138
138
  end
139
139
 
140
140
  describe 'check_installed_by_gem', :os => :gentoo do
141
141
  subject { commands.check_installed_by_gem('jekyll') }
142
- it { should eq 'gem list --local | grep \'^jekyll \'' }
142
+ it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
143
143
  end
144
144
 
145
145
  describe 'check_belonging_group', :os => :gentoo do
146
146
  subject { commands.check_belonging_group('root', 'wheel') }
147
- it { should eq "id root | awk '{print $3}' | grep wheel" }
147
+ it { should eq "id root | awk '{print $3}' | grep -- wheel" }
148
148
  end
149
149
 
150
150
  describe 'have_gid', :os => :gentoo do
151
151
  subject { commands.check_gid('root', 0) }
152
- it { should eq "getent group | grep -w ^root | cut -f 3 -d ':' | grep -w 0" }
152
+ it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
153
153
  end
154
154
 
155
155
  describe 'have_uid', :os => :gentoo do
156
156
  subject { commands.check_uid('root', 0) }
157
- it { should eq "id root | grep '^uid=0('" }
157
+ it { should eq "id root | grep -- \\^uid\\=0\\(" }
158
158
  end
159
159
 
160
160
  describe 'have_login_shell', :os => :gentoo do
161
161
  subject { commands.check_login_shell('root', '/bin/bash') }
162
- it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
162
+ it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
163
163
  end
164
164
 
165
165
  describe 'have_home_directory', :os => :gentoo do
166
166
  subject { commands.check_home_directory('root', '/root') }
167
- it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
167
+ it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
168
168
  end
169
169
 
170
170
  describe 'have_authorized_key', :os => :gentoo do
171
171
  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
172
+ escaped_key = key.gsub(/ /, '\ ')
172
173
 
173
174
  context 'with commented publickey' do
174
175
  commented_key = key + " foo@bar.local"
175
176
  subject { commands.check_authorized_key('root', commented_key) }
176
177
  describe 'when command insert publickey is removed comment' do
177
- it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
178
+ it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
178
179
  end
179
180
  end
180
181
 
181
182
  context 'with uncomented publickey' do
182
183
  subject { commands.check_authorized_key('root', key) }
183
- it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
184
+ it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
184
185
  end
185
186
  end
186
187
 
187
188
  describe 'check_ipatbles', :os => :gentoo do
188
189
  context 'check a rule without a table and a chain' do
189
190
  subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
190
- it { should eq "iptables -S | grep '\\-P INPUT ACCEPT'" }
191
+ it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
191
192
  end
192
193
 
193
194
  context 'chack a rule with a table and a chain' do
194
195
  subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
195
- it { should eq "iptables -t mangle -S INPUT | grep '\\-P INPUT ACCEPT'" }
196
+ it { should eq "iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
196
197
  end
197
198
  end
198
199
 
199
200
  describe 'check_selinux', :os => :gentoo do
200
201
  context 'enforcing' do
201
202
  subject { commands.check_selinux('enforcing') }
202
- it { should eq "/usr/sbin/getenforce | grep -i 'enforcing'" }
203
+ it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
203
204
  end
204
205
 
205
206
  context 'permissive' do
206
207
  subject { commands.check_selinux('permissive') }
207
- it { should eq "/usr/sbin/getenforce | grep -i 'permissive'" }
208
+ it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
208
209
  end
209
210
 
210
211
  context 'disabled' do
211
212
  subject { commands.check_selinux('disabled') }
212
- it { should eq "/usr/sbin/getenforce | grep -i 'disabled'" }
213
+ it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
213
214
  end
214
215
  end
215
216
 
data/spec/redhat/commands_spec.rb CHANGED
@@ -12,7 +12,7 @@ end
12
12
 
13
13
  describe 'check_mounted', :os => :redhat do
14
14
  subject { commands.check_mounted('/') }
15
- it { should eq "mount | grep -w 'on /'" }
15
+ it { should eq "mount | grep -w -- on\\ /" }
16
16
  end
17
17
 
18
18
  describe 'check_reachable', :os => :redhat do
@@ -33,7 +33,7 @@ end
33
33
  describe 'check_resolvable', :os => :redhat do
34
34
  context "resolve localhost by hosts" do
35
35
  subject { commands.check_resolvable('localhost', 'hosts') }
36
- it { should eq "grep -w localhost /etc/hosts" }
36
+ it { should eq "grep -w -- localhost /etc/hosts" }
37
37
  end
38
38
  context "resolve localhost by dns" do
39
39
  subject { commands.check_resolvable('localhost', 'dns') }
@@ -57,7 +57,7 @@ end
57
57
 
58
58
  describe 'check_group', :os => :redhat do
59
59
  subject { commands.check_group('wheel') }
60
- it { should eq 'getent group | grep -wq wheel' }
60
+ it { should eq 'getent group | grep -wq -- wheel' }
61
61
  end
62
62
 
63
63
  describe 'check_installed', :os => :redhat do
@@ -67,7 +67,7 @@ end
67
67
 
68
68
  describe 'check_listening', :os => :redhat do
69
69
  subject { commands.check_listening(80) }
70
- it { should eq "netstat -tunl | grep ':80 '" }
70
+ it { should eq "netstat -tunl | grep -- :80\\ " }
71
71
  end
72
72
 
73
73
  describe 'check_running', :os => :redhat do
@@ -82,134 +82,135 @@ end
82
82
 
83
83
  describe 'check_process', :os => :redhat do
84
84
  subject { commands.check_process('httpd') }
85
- it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
85
+ it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
86
86
  end
87
87
 
88
88
  describe 'check_file_contain', :os => :redhat do
89
89
  subject { commands.check_file_contain('/etc/passwd', 'root') }
90
- it { should eq "grep -q 'root' /etc/passwd" }
90
+ it { should eq "grep -q -- root /etc/passwd" }
91
91
  end
92
92
 
93
93
  describe 'check_file_contain_within', :os => :redhat do
94
94
  context 'contain a pattern in the file' do
95
95
  subject { commands.check_file_contain_within('Gemfile', 'rspec') }
96
- it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
96
+ it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
97
97
  end
98
98
 
99
99
  context 'contain a pattern after a line in a file' do
100
100
  subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
101
- it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
101
+ it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
102
102
  end
103
103
 
104
104
  context 'contain a pattern before a line in a file' do
105
105
  subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
106
- it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
106
+ it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
107
107
  end
108
108
 
109
109
  context 'contain a pattern from within a line and another line in a file' do
110
110
  subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
111
- it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
111
+ it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
112
112
  end
113
113
  end
114
114
 
115
115
  describe 'check_mode', :os => :redhat do
116
116
  subject { commands.check_mode('/etc/sudoers', 440) }
117
- it { should eq 'stat -c %a /etc/sudoers | grep \'^440$\'' }
117
+ it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
118
118
  end
119
119
 
120
120
  describe 'check_owner', :os => :redhat do
121
121
  subject { commands.check_owner('/etc/passwd', 'root') }
122
- it { should eq 'stat -c %U /etc/passwd | grep \'^root$\'' }
122
+ it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
123
123
  end
124
124
 
125
125
  describe 'check_grouped', :os => :redhat do
126
126
  subject { commands.check_grouped('/etc/passwd', 'wheel') }
127
- it { should eq 'stat -c %G /etc/passwd | grep \'^wheel$\'' }
127
+ it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
128
128
  end
129
129
 
130
130
  describe 'check_cron_entry', :os => :redhat do
131
131
  subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
132
- it { should eq 'crontab -u root -l | grep "\* \* \* \* \* /usr/local/bin/batch.sh"' }
132
+ it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
133
133
  end
134
134
 
135
135
  describe 'check_link', :os => :redhat do
136
136
  subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
137
- it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
137
+ it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
138
138
  end
139
139
 
140
140
  describe 'check_installed_by_gem', :os => :redhat do
141
141
  subject { commands.check_installed_by_gem('jekyll') }
142
- it { should eq 'gem list --local | grep \'^jekyll \'' }
142
+ it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
143
143
  end
144
144
 
145
145
  describe 'check_belonging_group', :os => :redhat do
146
146
  subject { commands.check_belonging_group('root', 'wheel') }
147
- it { should eq "id root | awk '{print $3}' | grep wheel" }
147
+ it { should eq "id root | awk '{print $3}' | grep -- wheel" }
148
148
  end
149
149
 
150
150
  describe 'have_gid', :os => :redhat do
151
151
  subject { commands.check_gid('root', 0) }
152
- it { should eq "getent group | grep -w ^root | cut -f 3 -d ':' | grep -w 0" }
152
+ it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
153
153
  end
154
154
 
155
155
  describe 'have_uid', :os => :redhat do
156
156
  subject { commands.check_uid('root', 0) }
157
- it { should eq "id root | grep '^uid=0('" }
157
+ it { should eq "id root | grep -- \\^uid\\=0\\(" }
158
158
  end
159
159
 
160
160
  describe 'have_login_shell', :os => :redhat do
161
161
  subject { commands.check_login_shell('root', '/bin/bash') }
162
- it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
162
+ it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
163
163
  end
164
164
 
165
165
  describe 'have_home_directory', :os => :redhat do
166
166
  subject { commands.check_home_directory('root', '/root') }
167
- it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
167
+ it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
168
168
  end
169
169
 
170
170
  describe 'have_authorized_key', :os => :redhat do
171
171
  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
172
+ escaped_key = key.gsub(/ /, '\ ')
172
173
 
173
174
  context 'with commented publickey' do
174
175
  commented_key = key + " foo@bar.local"
175
176
  subject { commands.check_authorized_key('root', commented_key) }
176
177
  describe 'when command insert publickey is removed comment' do
177
- it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
178
+ it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
178
179
  end
179
180
  end
180
181
 
181
182
  context 'with uncomented publickey' do
182
183
  subject { commands.check_authorized_key('root', key) }
183
- it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
184
+ it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
184
185
  end
185
186
  end
186
187
 
187
188
  describe 'check_ipatbles', :os => :redhat do
188
189
  context 'check a rule without a table and a chain' do
189
190
  subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
190
- it { should eq "iptables -S | grep '\\-P INPUT ACCEPT'" }
191
+ it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
191
192
  end
192
193
 
193
194
  context 'chack a rule with a table and a chain' do
194
195
  subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
195
- it { should eq "iptables -t mangle -S INPUT | grep '\\-P INPUT ACCEPT'" }
196
+ it { should eq "iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
196
197
  end
197
198
  end
198
199
 
199
200
  describe 'check_selinux', :os => :redhat do
200
201
  context 'enforcing' do
201
202
  subject { commands.check_selinux('enforcing') }
202
- it { should eq "/usr/sbin/getenforce | grep -i 'enforcing'" }
203
+ it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
203
204
  end
204
205
 
205
206
  context 'permissive' do
206
207
  subject { commands.check_selinux('permissive') }
207
- it { should eq "/usr/sbin/getenforce | grep -i 'permissive'" }
208
+ it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
208
209
  end
209
210
 
210
211
  context 'disabled' do
211
212
  subject { commands.check_selinux('disabled') }
212
- it { should eq "/usr/sbin/getenforce | grep -i 'disabled'" }
213
+ it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
213
214
  end
214
215
  end
215
216