serverspec 0.2.22 → 0.2.23
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/serverspec.rb +22 -0
- data/lib/serverspec/backend/exec.rb +17 -12
- data/lib/serverspec/backend/ssh.rb +6 -1
- data/lib/serverspec/commands/base.rb +45 -37
- data/lib/serverspec/commands/debian.rb +3 -3
- data/lib/serverspec/commands/gentoo.rb +5 -4
- data/lib/serverspec/commands/linux.rb +22 -0
- data/lib/serverspec/commands/redhat.rb +3 -3
- data/lib/serverspec/commands/solaris.rb +22 -16
- data/lib/serverspec/matchers/be_reachable.rb +1 -0
- data/lib/serverspec/version.rb +1 -1
- data/spec/debian/commands_spec.rb +30 -29
- data/spec/gentoo/commands_spec.rb +30 -29
- data/spec/redhat/commands_spec.rb +29 -28
- data/spec/solaris/commands_spec.rb +30 -29
- metadata +99 -90
data/lib/serverspec/version.rb
CHANGED
@@ -2,7 +2,7 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe 'check_enabled', :os => :debian do
|
4
4
|
subject { commands.check_enabled('httpd') }
|
5
|
-
it { should eq 'ls /etc/rc3.d/ | grep httpd' }
|
5
|
+
it { should eq 'ls /etc/rc3.d/ | grep -- httpd' }
|
6
6
|
end
|
7
7
|
|
8
8
|
describe 'check_file', :os => :debian do
|
@@ -12,7 +12,7 @@ end
|
|
12
12
|
|
13
13
|
describe 'check_mounted', :os => :debian do
|
14
14
|
subject { commands.check_mounted('/') }
|
15
|
-
it { should eq "mount | grep -w
|
15
|
+
it { should eq "mount | grep -w -- on\\ /" }
|
16
16
|
end
|
17
17
|
|
18
18
|
describe 'check_reachable', :os => :debian do
|
@@ -33,7 +33,7 @@ end
|
|
33
33
|
describe 'check_resolvable', :os => :debian do
|
34
34
|
context "resolve localhost by hosts" do
|
35
35
|
subject { commands.check_resolvable('localhost', 'hosts') }
|
36
|
-
it { should eq "grep -w localhost /etc/hosts" }
|
36
|
+
it { should eq "grep -w -- localhost /etc/hosts" }
|
37
37
|
end
|
38
38
|
context "resolve localhost by dns" do
|
39
39
|
subject { commands.check_resolvable('localhost', 'dns') }
|
@@ -57,7 +57,7 @@ end
|
|
57
57
|
|
58
58
|
describe 'check_group', :os => :debian do
|
59
59
|
subject { commands.check_group('wheel') }
|
60
|
-
it { should eq 'getent group | grep -wq wheel' }
|
60
|
+
it { should eq 'getent group | grep -wq -- wheel' }
|
61
61
|
end
|
62
62
|
|
63
63
|
describe 'check_installed', :os => :debian do
|
@@ -67,7 +67,7 @@ end
|
|
67
67
|
|
68
68
|
describe 'check_listening', :os => :debian do
|
69
69
|
subject { commands.check_listening(80) }
|
70
|
-
it { should eq "netstat -tunl | grep
|
70
|
+
it { should eq "netstat -tunl | grep -- :80\\ " }
|
71
71
|
end
|
72
72
|
|
73
73
|
describe 'check_running', :os => :debian do
|
@@ -83,134 +83,135 @@ end
|
|
83
83
|
|
84
84
|
describe 'check_process', :os => :debian do
|
85
85
|
subject { commands.check_process('httpd') }
|
86
|
-
it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
|
86
|
+
it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
|
87
87
|
end
|
88
88
|
|
89
89
|
describe 'check_file_contain', :os => :debian do
|
90
90
|
subject { commands.check_file_contain('/etc/passwd', 'root') }
|
91
|
-
it { should eq "grep -q
|
91
|
+
it { should eq "grep -q -- root /etc/passwd" }
|
92
92
|
end
|
93
93
|
|
94
94
|
describe 'check_file_contain_within', :os => :debian do
|
95
95
|
context 'contain a pattern in the file' do
|
96
96
|
subject { commands.check_file_contain_within('Gemfile', 'rspec') }
|
97
|
-
it { should eq "sed -n
|
97
|
+
it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
|
98
98
|
end
|
99
99
|
|
100
100
|
context 'contain a pattern after a line in a file' do
|
101
101
|
subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
|
102
|
-
it { should eq "sed -n
|
102
|
+
it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
|
103
103
|
end
|
104
104
|
|
105
105
|
context 'contain a pattern before a line in a file' do
|
106
106
|
subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
|
107
|
-
it { should eq "sed -n
|
107
|
+
it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
|
108
108
|
end
|
109
109
|
|
110
110
|
context 'contain a pattern from within a line and another line in a file' do
|
111
111
|
subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
|
112
|
-
it { should eq "sed -n
|
112
|
+
it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
|
113
113
|
end
|
114
114
|
end
|
115
115
|
|
116
116
|
describe 'check_mode', :os => :debian do
|
117
117
|
subject { commands.check_mode('/etc/sudoers', 440) }
|
118
|
-
it { should eq 'stat -c %a /etc/sudoers | grep
|
118
|
+
it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
|
119
119
|
end
|
120
120
|
|
121
121
|
describe 'check_owner', :os => :debian do
|
122
122
|
subject { commands.check_owner('/etc/passwd', 'root') }
|
123
|
-
it { should eq 'stat -c %U /etc/passwd | grep
|
123
|
+
it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
|
124
124
|
end
|
125
125
|
|
126
126
|
describe 'check_grouped', :os => :debian do
|
127
127
|
subject { commands.check_grouped('/etc/passwd', 'wheel') }
|
128
|
-
it { should eq 'stat -c %G /etc/passwd | grep
|
128
|
+
it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
|
129
129
|
end
|
130
130
|
|
131
131
|
describe 'check_cron_entry', :os => :debian do
|
132
132
|
subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
|
133
|
-
it { should eq 'crontab -u root -l | grep
|
133
|
+
it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
134
134
|
end
|
135
135
|
|
136
136
|
describe 'check_link', :os => :debian do
|
137
137
|
subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
|
138
|
-
it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
|
138
|
+
it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
|
139
139
|
end
|
140
140
|
|
141
141
|
describe 'check_installed_by_gem', :os => :debian do
|
142
142
|
subject { commands.check_installed_by_gem('jekyll') }
|
143
|
-
it { should eq 'gem list --local | grep
|
143
|
+
it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
|
144
144
|
end
|
145
145
|
|
146
146
|
describe 'check_belonging_group', :os => :debian do
|
147
147
|
subject { commands.check_belonging_group('root', 'wheel') }
|
148
|
-
it { should eq "id root | awk '{print $3}' | grep wheel" }
|
148
|
+
it { should eq "id root | awk '{print $3}' | grep -- wheel" }
|
149
149
|
end
|
150
150
|
|
151
151
|
describe 'have_gid', :os => :debian do
|
152
152
|
subject { commands.check_gid('root', 0) }
|
153
|
-
it { should eq "getent group | grep -w
|
153
|
+
it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
|
154
154
|
end
|
155
155
|
|
156
156
|
describe 'have_uid', :os => :debian do
|
157
157
|
subject { commands.check_uid('root', 0) }
|
158
|
-
it { should eq "id root | grep
|
158
|
+
it { should eq "id root | grep -- \\^uid\\=0\\(" }
|
159
159
|
end
|
160
160
|
|
161
161
|
describe 'have_login_shell', :os => :debian do
|
162
162
|
subject { commands.check_login_shell('root', '/bin/bash') }
|
163
|
-
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
|
163
|
+
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
|
164
164
|
end
|
165
165
|
|
166
166
|
describe 'have_home_directory', :os => :debian do
|
167
167
|
subject { commands.check_home_directory('root', '/root') }
|
168
|
-
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
|
168
|
+
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
|
169
169
|
end
|
170
170
|
|
171
171
|
describe 'have_authorized_key', :os => :debian do
|
172
172
|
key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
|
173
|
+
escaped_key = key.gsub(/ /, '\ ')
|
173
174
|
|
174
175
|
context 'with commented publickey' do
|
175
176
|
commented_key = key + " foo@bar.local"
|
176
177
|
subject { commands.check_authorized_key('root', commented_key) }
|
177
178
|
describe 'when command insert publickey is removed comment' do
|
178
|
-
it { should eq "grep -w
|
179
|
+
it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
|
179
180
|
end
|
180
181
|
end
|
181
182
|
|
182
183
|
context 'with uncomented publickey' do
|
183
184
|
subject { commands.check_authorized_key('root', key) }
|
184
|
-
it { should eq "grep -w
|
185
|
+
it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
|
185
186
|
end
|
186
187
|
end
|
187
188
|
|
188
189
|
describe 'check_ipatbles', :os => :debian do
|
189
190
|
context 'check a rule without a table and a chain' do
|
190
191
|
subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
|
191
|
-
it { should eq "iptables -S | grep
|
192
|
+
it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
|
192
193
|
end
|
193
194
|
|
194
195
|
context 'chack a rule with a table and a chain' do
|
195
196
|
subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
|
196
|
-
it { should eq "iptables -t mangle -S INPUT | grep
|
197
|
+
it { should eq "iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
|
197
198
|
end
|
198
199
|
end
|
199
200
|
|
200
201
|
describe 'check_selinux', :os => :debian do
|
201
202
|
context 'enforcing' do
|
202
203
|
subject { commands.check_selinux('enforcing') }
|
203
|
-
it { should eq "/usr/sbin/getenforce | grep -i
|
204
|
+
it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
|
204
205
|
end
|
205
206
|
|
206
207
|
context 'permissive' do
|
207
208
|
subject { commands.check_selinux('permissive') }
|
208
|
-
it { should eq "/usr/sbin/getenforce | grep -i
|
209
|
+
it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
|
209
210
|
end
|
210
211
|
|
211
212
|
context 'disabled' do
|
212
213
|
subject { commands.check_selinux('disabled') }
|
213
|
-
it { should eq "/usr/sbin/getenforce | grep -i
|
214
|
+
it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
|
214
215
|
end
|
215
216
|
end
|
216
217
|
|
@@ -2,7 +2,7 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe 'check_enabled', :os => :gentoo do
|
4
4
|
subject { commands.check_enabled('httpd') }
|
5
|
-
it { should eq "/sbin/rc-update show | grep
|
5
|
+
it { should eq "/sbin/rc-update show | grep -- \\^\\\\s\\*httpd\\\\s\\*\\|\\\\s\\*\\\\\\(boot\\\\\\|default\\\\\\)" }
|
6
6
|
end
|
7
7
|
|
8
8
|
describe 'check_file', :os => :gentoo do
|
@@ -12,7 +12,7 @@ end
|
|
12
12
|
|
13
13
|
describe 'check_mounted', :os => :gentoo do
|
14
14
|
subject { commands.check_mounted('/') }
|
15
|
-
it { should eq "mount | grep -w
|
15
|
+
it { should eq "mount | grep -w -- on\\ /" }
|
16
16
|
end
|
17
17
|
|
18
18
|
describe 'check_reachable', :os => :gentoo do
|
@@ -33,7 +33,7 @@ end
|
|
33
33
|
describe 'check_resolvable', :os => :gentoo do
|
34
34
|
context "resolve localhost by hosts" do
|
35
35
|
subject { commands.check_resolvable('localhost', 'hosts') }
|
36
|
-
it { should eq "grep -w localhost /etc/hosts" }
|
36
|
+
it { should eq "grep -w -- localhost /etc/hosts" }
|
37
37
|
end
|
38
38
|
context "resolve localhost by dns" do
|
39
39
|
subject { commands.check_resolvable('localhost', 'dns') }
|
@@ -57,7 +57,7 @@ end
|
|
57
57
|
|
58
58
|
describe 'check_group', :os => :gentoo do
|
59
59
|
subject { commands.check_group('wheel') }
|
60
|
-
it { should eq 'getent group | grep -wq wheel' }
|
60
|
+
it { should eq 'getent group | grep -wq -- wheel' }
|
61
61
|
end
|
62
62
|
|
63
63
|
describe 'check_installed', :os => :gentoo do
|
@@ -67,7 +67,7 @@ end
|
|
67
67
|
|
68
68
|
describe 'check_listening', :os => :gentoo do
|
69
69
|
subject { commands.check_listening(80) }
|
70
|
-
it { should eq "netstat -tunl | grep
|
70
|
+
it { should eq "netstat -tunl | grep -- :80\\ " }
|
71
71
|
end
|
72
72
|
|
73
73
|
describe 'check_running', :os => :gentoo do
|
@@ -82,134 +82,135 @@ end
|
|
82
82
|
|
83
83
|
describe 'check_process', :os => :gentoo do
|
84
84
|
subject { commands.check_process('httpd') }
|
85
|
-
it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
|
85
|
+
it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
|
86
86
|
end
|
87
87
|
|
88
88
|
describe 'check_file_contain', :os => :gentoo do
|
89
89
|
subject { commands.check_file_contain('/etc/passwd', 'root') }
|
90
|
-
it { should eq "grep -q
|
90
|
+
it { should eq "grep -q -- root /etc/passwd" }
|
91
91
|
end
|
92
92
|
|
93
93
|
describe 'check_file_contain_within', :os => :gentoo do
|
94
94
|
context 'contain a pattern in the file' do
|
95
95
|
subject { commands.check_file_contain_within('Gemfile', 'rspec') }
|
96
|
-
it { should eq "sed -n
|
96
|
+
it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
|
97
97
|
end
|
98
98
|
|
99
99
|
context 'contain a pattern after a line in a file' do
|
100
100
|
subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
|
101
|
-
it { should eq "sed -n
|
101
|
+
it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
|
102
102
|
end
|
103
103
|
|
104
104
|
context 'contain a pattern before a line in a file' do
|
105
105
|
subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
|
106
|
-
it { should eq "sed -n
|
106
|
+
it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
|
107
107
|
end
|
108
108
|
|
109
109
|
context 'contain a pattern from within a line and another line in a file' do
|
110
110
|
subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
|
111
|
-
it { should eq "sed -n
|
111
|
+
it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
|
112
112
|
end
|
113
113
|
end
|
114
114
|
|
115
115
|
describe 'check_mode', :os => :gentoo do
|
116
116
|
subject { commands.check_mode('/etc/sudoers', 440) }
|
117
|
-
it { should eq 'stat -c %a /etc/sudoers | grep
|
117
|
+
it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
|
118
118
|
end
|
119
119
|
|
120
120
|
describe 'check_owner', :os => :gentoo do
|
121
121
|
subject { commands.check_owner('/etc/passwd', 'root') }
|
122
|
-
it { should eq 'stat -c %U /etc/passwd | grep
|
122
|
+
it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
|
123
123
|
end
|
124
124
|
|
125
125
|
describe 'check_grouped', :os => :gentoo do
|
126
126
|
subject { commands.check_grouped('/etc/passwd', 'wheel') }
|
127
|
-
it { should eq 'stat -c %G /etc/passwd | grep
|
127
|
+
it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
|
128
128
|
end
|
129
129
|
|
130
130
|
describe 'check_cron_entry', :os => :gentoo do
|
131
131
|
subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
|
132
|
-
it { should eq 'crontab -u root -l | grep
|
132
|
+
it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
133
133
|
end
|
134
134
|
|
135
135
|
describe 'check_link', :os => :gentoo do
|
136
136
|
subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
|
137
|
-
it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
|
137
|
+
it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
|
138
138
|
end
|
139
139
|
|
140
140
|
describe 'check_installed_by_gem', :os => :gentoo do
|
141
141
|
subject { commands.check_installed_by_gem('jekyll') }
|
142
|
-
it { should eq 'gem list --local | grep
|
142
|
+
it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
|
143
143
|
end
|
144
144
|
|
145
145
|
describe 'check_belonging_group', :os => :gentoo do
|
146
146
|
subject { commands.check_belonging_group('root', 'wheel') }
|
147
|
-
it { should eq "id root | awk '{print $3}' | grep wheel" }
|
147
|
+
it { should eq "id root | awk '{print $3}' | grep -- wheel" }
|
148
148
|
end
|
149
149
|
|
150
150
|
describe 'have_gid', :os => :gentoo do
|
151
151
|
subject { commands.check_gid('root', 0) }
|
152
|
-
it { should eq "getent group | grep -w
|
152
|
+
it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
|
153
153
|
end
|
154
154
|
|
155
155
|
describe 'have_uid', :os => :gentoo do
|
156
156
|
subject { commands.check_uid('root', 0) }
|
157
|
-
it { should eq "id root | grep
|
157
|
+
it { should eq "id root | grep -- \\^uid\\=0\\(" }
|
158
158
|
end
|
159
159
|
|
160
160
|
describe 'have_login_shell', :os => :gentoo do
|
161
161
|
subject { commands.check_login_shell('root', '/bin/bash') }
|
162
|
-
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
|
162
|
+
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
|
163
163
|
end
|
164
164
|
|
165
165
|
describe 'have_home_directory', :os => :gentoo do
|
166
166
|
subject { commands.check_home_directory('root', '/root') }
|
167
|
-
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
|
167
|
+
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
|
168
168
|
end
|
169
169
|
|
170
170
|
describe 'have_authorized_key', :os => :gentoo do
|
171
171
|
key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
|
172
|
+
escaped_key = key.gsub(/ /, '\ ')
|
172
173
|
|
173
174
|
context 'with commented publickey' do
|
174
175
|
commented_key = key + " foo@bar.local"
|
175
176
|
subject { commands.check_authorized_key('root', commented_key) }
|
176
177
|
describe 'when command insert publickey is removed comment' do
|
177
|
-
it { should eq "grep -w
|
178
|
+
it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
|
178
179
|
end
|
179
180
|
end
|
180
181
|
|
181
182
|
context 'with uncomented publickey' do
|
182
183
|
subject { commands.check_authorized_key('root', key) }
|
183
|
-
it { should eq "grep -w
|
184
|
+
it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
|
184
185
|
end
|
185
186
|
end
|
186
187
|
|
187
188
|
describe 'check_ipatbles', :os => :gentoo do
|
188
189
|
context 'check a rule without a table and a chain' do
|
189
190
|
subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
|
190
|
-
it { should eq "iptables -S | grep
|
191
|
+
it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
|
191
192
|
end
|
192
193
|
|
193
194
|
context 'chack a rule with a table and a chain' do
|
194
195
|
subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
|
195
|
-
it { should eq "iptables -t mangle -S INPUT | grep
|
196
|
+
it { should eq "iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
|
196
197
|
end
|
197
198
|
end
|
198
199
|
|
199
200
|
describe 'check_selinux', :os => :gentoo do
|
200
201
|
context 'enforcing' do
|
201
202
|
subject { commands.check_selinux('enforcing') }
|
202
|
-
it { should eq "/usr/sbin/getenforce | grep -i
|
203
|
+
it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
|
203
204
|
end
|
204
205
|
|
205
206
|
context 'permissive' do
|
206
207
|
subject { commands.check_selinux('permissive') }
|
207
|
-
it { should eq "/usr/sbin/getenforce | grep -i
|
208
|
+
it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
|
208
209
|
end
|
209
210
|
|
210
211
|
context 'disabled' do
|
211
212
|
subject { commands.check_selinux('disabled') }
|
212
|
-
it { should eq "/usr/sbin/getenforce | grep -i
|
213
|
+
it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
|
213
214
|
end
|
214
215
|
end
|
215
216
|
|
@@ -12,7 +12,7 @@ end
|
|
12
12
|
|
13
13
|
describe 'check_mounted', :os => :redhat do
|
14
14
|
subject { commands.check_mounted('/') }
|
15
|
-
it { should eq "mount | grep -w
|
15
|
+
it { should eq "mount | grep -w -- on\\ /" }
|
16
16
|
end
|
17
17
|
|
18
18
|
describe 'check_reachable', :os => :redhat do
|
@@ -33,7 +33,7 @@ end
|
|
33
33
|
describe 'check_resolvable', :os => :redhat do
|
34
34
|
context "resolve localhost by hosts" do
|
35
35
|
subject { commands.check_resolvable('localhost', 'hosts') }
|
36
|
-
it { should eq "grep -w localhost /etc/hosts" }
|
36
|
+
it { should eq "grep -w -- localhost /etc/hosts" }
|
37
37
|
end
|
38
38
|
context "resolve localhost by dns" do
|
39
39
|
subject { commands.check_resolvable('localhost', 'dns') }
|
@@ -57,7 +57,7 @@ end
|
|
57
57
|
|
58
58
|
describe 'check_group', :os => :redhat do
|
59
59
|
subject { commands.check_group('wheel') }
|
60
|
-
it { should eq 'getent group | grep -wq wheel' }
|
60
|
+
it { should eq 'getent group | grep -wq -- wheel' }
|
61
61
|
end
|
62
62
|
|
63
63
|
describe 'check_installed', :os => :redhat do
|
@@ -67,7 +67,7 @@ end
|
|
67
67
|
|
68
68
|
describe 'check_listening', :os => :redhat do
|
69
69
|
subject { commands.check_listening(80) }
|
70
|
-
it { should eq "netstat -tunl | grep
|
70
|
+
it { should eq "netstat -tunl | grep -- :80\\ " }
|
71
71
|
end
|
72
72
|
|
73
73
|
describe 'check_running', :os => :redhat do
|
@@ -82,134 +82,135 @@ end
|
|
82
82
|
|
83
83
|
describe 'check_process', :os => :redhat do
|
84
84
|
subject { commands.check_process('httpd') }
|
85
|
-
it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
|
85
|
+
it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
|
86
86
|
end
|
87
87
|
|
88
88
|
describe 'check_file_contain', :os => :redhat do
|
89
89
|
subject { commands.check_file_contain('/etc/passwd', 'root') }
|
90
|
-
it { should eq "grep -q
|
90
|
+
it { should eq "grep -q -- root /etc/passwd" }
|
91
91
|
end
|
92
92
|
|
93
93
|
describe 'check_file_contain_within', :os => :redhat do
|
94
94
|
context 'contain a pattern in the file' do
|
95
95
|
subject { commands.check_file_contain_within('Gemfile', 'rspec') }
|
96
|
-
it { should eq "sed -n
|
96
|
+
it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
|
97
97
|
end
|
98
98
|
|
99
99
|
context 'contain a pattern after a line in a file' do
|
100
100
|
subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
|
101
|
-
it { should eq "sed -n
|
101
|
+
it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
|
102
102
|
end
|
103
103
|
|
104
104
|
context 'contain a pattern before a line in a file' do
|
105
105
|
subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
|
106
|
-
it { should eq "sed -n
|
106
|
+
it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
|
107
107
|
end
|
108
108
|
|
109
109
|
context 'contain a pattern from within a line and another line in a file' do
|
110
110
|
subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
|
111
|
-
it { should eq "sed -n
|
111
|
+
it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
|
112
112
|
end
|
113
113
|
end
|
114
114
|
|
115
115
|
describe 'check_mode', :os => :redhat do
|
116
116
|
subject { commands.check_mode('/etc/sudoers', 440) }
|
117
|
-
it { should eq 'stat -c %a /etc/sudoers | grep
|
117
|
+
it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
|
118
118
|
end
|
119
119
|
|
120
120
|
describe 'check_owner', :os => :redhat do
|
121
121
|
subject { commands.check_owner('/etc/passwd', 'root') }
|
122
|
-
it { should eq 'stat -c %U /etc/passwd | grep
|
122
|
+
it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
|
123
123
|
end
|
124
124
|
|
125
125
|
describe 'check_grouped', :os => :redhat do
|
126
126
|
subject { commands.check_grouped('/etc/passwd', 'wheel') }
|
127
|
-
it { should eq 'stat -c %G /etc/passwd | grep
|
127
|
+
it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
|
128
128
|
end
|
129
129
|
|
130
130
|
describe 'check_cron_entry', :os => :redhat do
|
131
131
|
subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
|
132
|
-
it { should eq 'crontab -u root -l | grep
|
132
|
+
it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
133
133
|
end
|
134
134
|
|
135
135
|
describe 'check_link', :os => :redhat do
|
136
136
|
subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
|
137
|
-
it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
|
137
|
+
it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
|
138
138
|
end
|
139
139
|
|
140
140
|
describe 'check_installed_by_gem', :os => :redhat do
|
141
141
|
subject { commands.check_installed_by_gem('jekyll') }
|
142
|
-
it { should eq 'gem list --local | grep
|
142
|
+
it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
|
143
143
|
end
|
144
144
|
|
145
145
|
describe 'check_belonging_group', :os => :redhat do
|
146
146
|
subject { commands.check_belonging_group('root', 'wheel') }
|
147
|
-
it { should eq "id root | awk '{print $3}' | grep wheel" }
|
147
|
+
it { should eq "id root | awk '{print $3}' | grep -- wheel" }
|
148
148
|
end
|
149
149
|
|
150
150
|
describe 'have_gid', :os => :redhat do
|
151
151
|
subject { commands.check_gid('root', 0) }
|
152
|
-
it { should eq "getent group | grep -w
|
152
|
+
it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
|
153
153
|
end
|
154
154
|
|
155
155
|
describe 'have_uid', :os => :redhat do
|
156
156
|
subject { commands.check_uid('root', 0) }
|
157
|
-
it { should eq "id root | grep
|
157
|
+
it { should eq "id root | grep -- \\^uid\\=0\\(" }
|
158
158
|
end
|
159
159
|
|
160
160
|
describe 'have_login_shell', :os => :redhat do
|
161
161
|
subject { commands.check_login_shell('root', '/bin/bash') }
|
162
|
-
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
|
162
|
+
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
|
163
163
|
end
|
164
164
|
|
165
165
|
describe 'have_home_directory', :os => :redhat do
|
166
166
|
subject { commands.check_home_directory('root', '/root') }
|
167
|
-
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
|
167
|
+
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
|
168
168
|
end
|
169
169
|
|
170
170
|
describe 'have_authorized_key', :os => :redhat do
|
171
171
|
key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
|
172
|
+
escaped_key = key.gsub(/ /, '\ ')
|
172
173
|
|
173
174
|
context 'with commented publickey' do
|
174
175
|
commented_key = key + " foo@bar.local"
|
175
176
|
subject { commands.check_authorized_key('root', commented_key) }
|
176
177
|
describe 'when command insert publickey is removed comment' do
|
177
|
-
it { should eq "grep -w
|
178
|
+
it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
|
178
179
|
end
|
179
180
|
end
|
180
181
|
|
181
182
|
context 'with uncomented publickey' do
|
182
183
|
subject { commands.check_authorized_key('root', key) }
|
183
|
-
it { should eq "grep -w
|
184
|
+
it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
|
184
185
|
end
|
185
186
|
end
|
186
187
|
|
187
188
|
describe 'check_ipatbles', :os => :redhat do
|
188
189
|
context 'check a rule without a table and a chain' do
|
189
190
|
subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
|
190
|
-
it { should eq "iptables -S | grep
|
191
|
+
it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
|
191
192
|
end
|
192
193
|
|
193
194
|
context 'chack a rule with a table and a chain' do
|
194
195
|
subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
|
195
|
-
it { should eq "iptables -t mangle -S INPUT | grep
|
196
|
+
it { should eq "iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
|
196
197
|
end
|
197
198
|
end
|
198
199
|
|
199
200
|
describe 'check_selinux', :os => :redhat do
|
200
201
|
context 'enforcing' do
|
201
202
|
subject { commands.check_selinux('enforcing') }
|
202
|
-
it { should eq "/usr/sbin/getenforce | grep -i
|
203
|
+
it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
|
203
204
|
end
|
204
205
|
|
205
206
|
context 'permissive' do
|
206
207
|
subject { commands.check_selinux('permissive') }
|
207
|
-
it { should eq "/usr/sbin/getenforce | grep -i
|
208
|
+
it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
|
208
209
|
end
|
209
210
|
|
210
211
|
context 'disabled' do
|
211
212
|
subject { commands.check_selinux('disabled') }
|
212
|
-
it { should eq "/usr/sbin/getenforce | grep -i
|
213
|
+
it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
|
213
214
|
end
|
214
215
|
end
|
215
216
|
|