serverspec 0.3.2 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +13 -1
- data/lib/serverspec/helper.rb +4 -0
- data/lib/serverspec/helper/type.rb +11 -0
- data/lib/serverspec/matchers/be_enabled.rb +6 -2
- data/lib/serverspec/matchers/be_running.rb +12 -9
- data/lib/serverspec/setup.rb +1 -2
- data/lib/serverspec/type/service.rb +31 -0
- data/lib/serverspec/version.rb +1 -1
- data/serverspec.gemspec +3 -3
- data/spec/darwin/commands_spec.rb +31 -29
- data/spec/darwin/matchers_spec.rb +3 -1
- data/spec/darwin/service_spec.rb +9 -0
- data/spec/debian/commands_spec.rb +35 -33
- data/spec/debian/matchers_spec.rb +3 -1
- data/spec/debian/service_spec.rb +10 -0
- data/spec/gentoo/commands_spec.rb +33 -33
- data/spec/gentoo/matchers_spec.rb +3 -1
- data/spec/gentoo/service_spec.rb +10 -0
- data/spec/redhat/commands_spec.rb +35 -33
- data/spec/redhat/matchers_spec.rb +3 -1
- data/spec/redhat/service_spec.rb +10 -0
- data/spec/solaris/commands_spec.rb +38 -36
- data/spec/solaris/matchers_spec.rb +3 -1
- data/spec/solaris/service_spec.rb +10 -0
- data/spec/support/shared_service_examples.rb +72 -0
- metadata +20 -6
data/Rakefile
CHANGED
@@ -1,4 +1,16 @@
|
|
1
1
|
require "bundler/gem_tasks"
|
2
2
|
require 'rspec/core/rake_task'
|
3
3
|
|
4
|
-
|
4
|
+
task :spec => 'spec:all'
|
5
|
+
|
6
|
+
namespace :spec do
|
7
|
+
oses = %w( darwin debian gentoo redhat solaris )
|
8
|
+
|
9
|
+
task :all => oses.map {|os| "spec:#{os}" }
|
10
|
+
|
11
|
+
oses.each do |os|
|
12
|
+
RSpec::Core::RakeTask.new(os.to_sym) do |t|
|
13
|
+
t.pattern = "spec/#{os}/*_spec.rb"
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
data/lib/serverspec/helper.rb
CHANGED
@@ -1,17 +1,20 @@
|
|
1
1
|
RSpec::Matchers.define :be_running do
|
2
2
|
match do |process|
|
3
|
-
if (
|
4
|
-
|
3
|
+
if process.respond_to?(:running?)
|
4
|
+
process.running? @under
|
5
|
+
else
|
6
|
+
if (@under)
|
7
|
+
check_method = "check_running_under_#{@under}".to_sym
|
5
8
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
+
unless backend.respond_to?(check_method)
|
10
|
+
raise ArgumentError.new("`be_running` matcher doesn't support #{@under}")
|
11
|
+
end
|
9
12
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
+
backend.send(check_method, example, process)
|
14
|
+
else
|
15
|
+
backend.check_running(example, process)
|
16
|
+
end
|
13
17
|
end
|
14
|
-
|
15
18
|
end
|
16
19
|
|
17
20
|
chain :under do |under|
|
data/lib/serverspec/setup.rb
CHANGED
@@ -8,7 +8,6 @@ Select a backend type:
|
|
8
8
|
|
9
9
|
1) SSH
|
10
10
|
2) Exec (local)
|
11
|
-
3) Puppet providers (local)
|
12
11
|
|
13
12
|
Select number:
|
14
13
|
EOF
|
@@ -16,7 +15,7 @@ EOF
|
|
16
15
|
num = gets.to_i - 1
|
17
16
|
puts
|
18
17
|
|
19
|
-
@backend_type = [ 'Ssh', 'Exec'
|
18
|
+
@backend_type = [ 'Ssh', 'Exec' ][num]
|
20
19
|
if @backend_type == 'Ssh'
|
21
20
|
print "Input target host name: "
|
22
21
|
@hostname = gets.chomp
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module Serverspec
|
2
|
+
module Type
|
3
|
+
class Service
|
4
|
+
def initialize name
|
5
|
+
@name = name
|
6
|
+
end
|
7
|
+
|
8
|
+
def enabled?
|
9
|
+
backend.check_enabled(nil, @name)
|
10
|
+
end
|
11
|
+
|
12
|
+
def running? under
|
13
|
+
if under
|
14
|
+
check_method = "check_running_under_#{under}".to_sym
|
15
|
+
|
16
|
+
unless backend.respond_to?(check_method)
|
17
|
+
raise ArgumentError.new("`be_running` matcher doesn't support #{@under}")
|
18
|
+
end
|
19
|
+
|
20
|
+
backend.send(check_method, nil, @name)
|
21
|
+
else
|
22
|
+
backend.check_running(nil, @name)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def to_s
|
27
|
+
"Service #{@name}"
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
data/lib/serverspec/version.rb
CHANGED
data/serverspec.gemspec
CHANGED
@@ -18,9 +18,9 @@ Gem::Specification.new do |spec|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
19
|
spec.require_paths = ["lib"]
|
20
20
|
|
21
|
-
spec.
|
22
|
-
spec.
|
23
|
-
spec.
|
21
|
+
spec.add_runtime_dependency "net-ssh"
|
22
|
+
spec.add_runtime_dependency "rspec", "~> 2.0"
|
23
|
+
spec.add_runtime_dependency "highline"
|
24
24
|
spec.add_development_dependency "bundler", "~> 1.3"
|
25
25
|
spec.add_development_dependency "rake"
|
26
26
|
end
|
@@ -1,16 +1,18 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
|
3
|
+
include Serverspec::Helper::Darwin
|
4
|
+
|
5
|
+
describe 'check_file' do
|
4
6
|
subject { commands.check_file('/etc/passwd') }
|
5
7
|
it { should eq 'test -f /etc/passwd' }
|
6
8
|
end
|
7
9
|
|
8
|
-
describe 'check_mounted'
|
10
|
+
describe 'check_mounted' do
|
9
11
|
subject { commands.check_mounted('/') }
|
10
12
|
it { should eq "mount | grep -w -- on\\ /" }
|
11
13
|
end
|
12
14
|
|
13
|
-
describe 'check_reachable'
|
15
|
+
describe 'check_reachable' do
|
14
16
|
context "connect with name from /etc/services to localhost" do
|
15
17
|
subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
|
16
18
|
it { should eq "nc -vvvvzt localhost ssh -w 1" }
|
@@ -25,12 +27,12 @@ describe 'check_reachable', :os => :darwin do
|
|
25
27
|
end
|
26
28
|
end
|
27
29
|
|
28
|
-
describe 'check_routing_table'
|
30
|
+
describe 'check_routing_table' do
|
29
31
|
subject { commands.check_routing_table('192.168.100.0/24') }
|
30
32
|
it { should eq "ip route | grep -E '^192.168.100.0/24 |^default '" }
|
31
33
|
end
|
32
34
|
|
33
|
-
describe 'check_resolvable'
|
35
|
+
describe 'check_resolvable' do
|
34
36
|
context "resolve localhost by hosts" do
|
35
37
|
subject { commands.check_resolvable('localhost', 'hosts') }
|
36
38
|
it { should eq "grep -w -- localhost /etc/hosts" }
|
@@ -45,47 +47,47 @@ describe 'check_resolvable', :os => :darwin do
|
|
45
47
|
end
|
46
48
|
end
|
47
49
|
|
48
|
-
describe 'check_directory'
|
50
|
+
describe 'check_directory' do
|
49
51
|
subject { commands.check_directory('/var/log') }
|
50
52
|
it { should eq 'test -d /var/log' }
|
51
53
|
end
|
52
54
|
|
53
|
-
describe 'check_user'
|
55
|
+
describe 'check_user' do
|
54
56
|
subject { commands.check_user('root') }
|
55
57
|
it { should eq 'id root' }
|
56
58
|
end
|
57
59
|
|
58
|
-
describe 'check_group'
|
60
|
+
describe 'check_group' do
|
59
61
|
subject { commands.check_group('wheel') }
|
60
62
|
it { should eq 'getent group | grep -wq -- wheel' }
|
61
63
|
end
|
62
64
|
|
63
|
-
describe 'check_listening'
|
65
|
+
describe 'check_listening' do
|
64
66
|
subject { commands.check_listening(80) }
|
65
67
|
it { should eq "netstat -tunl | grep -- :80\\ " }
|
66
68
|
end
|
67
69
|
|
68
|
-
describe 'check_running'
|
70
|
+
describe 'check_running' do
|
69
71
|
subject { commands.check_running('httpd') }
|
70
72
|
it { should eq 'service httpd status' }
|
71
73
|
end
|
72
74
|
|
73
|
-
describe 'check_running_under_supervisor'
|
75
|
+
describe 'check_running_under_supervisor' do
|
74
76
|
subject { commands.check_running_under_supervisor('httpd') }
|
75
77
|
it { should eq 'supervisorctl status httpd' }
|
76
78
|
end
|
77
79
|
|
78
|
-
describe 'check_process'
|
80
|
+
describe 'check_process' do
|
79
81
|
subject { commands.check_process('httpd') }
|
80
82
|
it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
|
81
83
|
end
|
82
84
|
|
83
|
-
describe 'check_file_contain'
|
85
|
+
describe 'check_file_contain' do
|
84
86
|
subject { commands.check_file_contain('/etc/passwd', 'root') }
|
85
87
|
it { should eq "grep -q -- root /etc/passwd" }
|
86
88
|
end
|
87
89
|
|
88
|
-
describe 'check_file_contain_within'
|
90
|
+
describe 'check_file_contain_within' do
|
89
91
|
context 'contain a pattern in the file' do
|
90
92
|
subject { commands.check_file_contain_within('Gemfile', 'rspec') }
|
91
93
|
it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
|
@@ -107,67 +109,67 @@ describe 'check_file_contain_within', :os => :darwin do
|
|
107
109
|
end
|
108
110
|
end
|
109
111
|
|
110
|
-
describe 'check_file_md5checksum'
|
112
|
+
describe 'check_file_md5checksum' do
|
111
113
|
subject { commands.check_file_md5checksum('/usr/bin/rsync', '03ba2dcdd50ec3a7a45d3900902a83ce') }
|
112
114
|
it { should eq "openssl md5 /usr/bin/rsync | cut -d'=' -f2 | cut -c 2- | grep -E ^03ba2dcdd50ec3a7a45d3900902a83ce$" }
|
113
115
|
end
|
114
116
|
|
115
|
-
describe 'check_mode'
|
117
|
+
describe 'check_mode' do
|
116
118
|
subject { commands.check_mode('/etc/sudoers', 440) }
|
117
119
|
it { should eq 'stat -f %A /etc/sudoers | grep -- \\^440\\$' }
|
118
120
|
end
|
119
121
|
|
120
|
-
describe 'check_owner'
|
122
|
+
describe 'check_owner' do
|
121
123
|
subject { commands.check_owner('/etc/passwd', 'root') }
|
122
124
|
it { should eq 'stat -f %Su /etc/passwd | grep -- \\^root\\$' }
|
123
125
|
end
|
124
126
|
|
125
|
-
describe 'check_grouped'
|
127
|
+
describe 'check_grouped' do
|
126
128
|
subject { commands.check_grouped('/etc/passwd', 'wheel') }
|
127
129
|
it { should eq 'stat -f %Sg /etc/passwd | grep -- \\^wheel\\$' }
|
128
130
|
end
|
129
131
|
|
130
|
-
describe 'check_cron_entry'
|
132
|
+
describe 'check_cron_entry' do
|
131
133
|
subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
|
132
134
|
it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
133
135
|
end
|
134
136
|
|
135
|
-
describe 'check_link'
|
137
|
+
describe 'check_link' do
|
136
138
|
subject { commands.check_link('/etc/system-release', '/etc/darwin-release') }
|
137
139
|
it { should eq 'stat -c %N /etc/system-release | grep -- /etc/darwin-release' }
|
138
140
|
end
|
139
141
|
|
140
|
-
describe 'check_installed_by_gem'
|
142
|
+
describe 'check_installed_by_gem' do
|
141
143
|
subject { commands.check_installed_by_gem('jekyll') }
|
142
144
|
it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
|
143
145
|
end
|
144
146
|
|
145
|
-
describe 'check_belonging_group'
|
147
|
+
describe 'check_belonging_group' do
|
146
148
|
subject { commands.check_belonging_group('root', 'wheel') }
|
147
149
|
it { should eq "id root | awk '{print $3}' | grep -- wheel" }
|
148
150
|
end
|
149
151
|
|
150
|
-
describe 'have_gid'
|
152
|
+
describe 'have_gid' do
|
151
153
|
subject { commands.check_gid('root', 0) }
|
152
154
|
it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
|
153
155
|
end
|
154
156
|
|
155
|
-
describe 'have_uid'
|
157
|
+
describe 'have_uid' do
|
156
158
|
subject { commands.check_uid('root', 0) }
|
157
159
|
it { should eq "id root | grep -- \\^uid\\=0\\(" }
|
158
160
|
end
|
159
161
|
|
160
|
-
describe 'have_login_shell'
|
162
|
+
describe 'have_login_shell' do
|
161
163
|
subject { commands.check_login_shell('root', '/bin/bash') }
|
162
164
|
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
|
163
165
|
end
|
164
166
|
|
165
|
-
describe 'have_home_directory'
|
167
|
+
describe 'have_home_directory' do
|
166
168
|
subject { commands.check_home_directory('root', '/root') }
|
167
169
|
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
|
168
170
|
end
|
169
171
|
|
170
|
-
describe 'have_authorized_key'
|
172
|
+
describe 'have_authorized_key' do
|
171
173
|
key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
|
172
174
|
escaped_key = key.gsub(/ /, '\ ')
|
173
175
|
|
@@ -185,12 +187,12 @@ describe 'have_authorized_key', :os => :darwin do
|
|
185
187
|
end
|
186
188
|
end
|
187
189
|
|
188
|
-
describe 'get_mode'
|
190
|
+
describe 'get_mode' do
|
189
191
|
subject { commands.get_mode('/dev') }
|
190
192
|
it { should eq 'stat -f %A /dev' }
|
191
193
|
end
|
192
194
|
|
193
|
-
describe 'check_access_by_user'
|
195
|
+
describe 'check_access_by_user' do
|
194
196
|
context 'read access' do
|
195
197
|
subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
|
196
198
|
it { should eq 'sudo -u dummyuser1 -s /bin/test -r /tmp/something' }
|
@@ -1,6 +1,8 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
|
3
|
+
include Serverspec::Helper::Darwin
|
4
|
+
|
5
|
+
describe 'Serverspec matchers of Darwin' do
|
4
6
|
it_behaves_like 'support be_running matcher', 'sshd'
|
5
7
|
it_behaves_like 'support be_running.under("supervisor") matcher', 'growthforecast'
|
6
8
|
it_behaves_like 'support be_running.under("not implemented") matcher', 'growthforecast'
|
@@ -0,0 +1,9 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::Darwin
|
4
|
+
|
5
|
+
describe 'Serverspec service matchers of Darwin family' do
|
6
|
+
it_behaves_like 'support service running matcher', 'sshd'
|
7
|
+
it_behaves_like 'support service running under supervisor matcher', 'sshd'
|
8
|
+
it_behaves_like 'support service running under unimplemented matcher', 'sshd'
|
9
|
+
end
|
@@ -1,26 +1,28 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
|
3
|
+
include Serverspec::Helper::Debian
|
4
|
+
|
5
|
+
describe 'check_enabled' do
|
4
6
|
subject { commands.check_enabled('httpd') }
|
5
7
|
it { should eq 'ls /etc/rc3.d/ | grep -- httpd' }
|
6
8
|
end
|
7
9
|
|
8
|
-
describe 'check_file'
|
10
|
+
describe 'check_file' do
|
9
11
|
subject { commands.check_file('/etc/passwd') }
|
10
12
|
it { should eq 'test -f /etc/passwd' }
|
11
13
|
end
|
12
14
|
|
13
|
-
describe 'check_mounted'
|
15
|
+
describe 'check_mounted' do
|
14
16
|
subject { commands.check_mounted('/') }
|
15
17
|
it { should eq "mount | grep -w -- on\\ /" }
|
16
18
|
end
|
17
19
|
|
18
|
-
describe 'check_routing_table'
|
20
|
+
describe 'check_routing_table' do
|
19
21
|
subject { commands.check_routing_table('192.168.100.0/24') }
|
20
22
|
it { should eq "ip route | grep -E '^192.168.100.0/24 |^default '" }
|
21
23
|
end
|
22
24
|
|
23
|
-
describe 'check_reachable'
|
25
|
+
describe 'check_reachable' do
|
24
26
|
context "connect with name from /etc/services to localhost" do
|
25
27
|
subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
|
26
28
|
it { should eq "nc -vvvvzt localhost ssh -w 1" }
|
@@ -35,7 +37,7 @@ describe 'check_reachable', :os => :debian do
|
|
35
37
|
end
|
36
38
|
end
|
37
39
|
|
38
|
-
describe 'check_resolvable'
|
40
|
+
describe 'check_resolvable' do
|
39
41
|
context "resolve localhost by hosts" do
|
40
42
|
subject { commands.check_resolvable('localhost', 'hosts') }
|
41
43
|
it { should eq "grep -w -- localhost /etc/hosts" }
|
@@ -50,59 +52,59 @@ describe 'check_resolvable', :os => :debian do
|
|
50
52
|
end
|
51
53
|
end
|
52
54
|
|
53
|
-
describe 'check_file_md5checksum'
|
55
|
+
describe 'check_file_md5checksum' do
|
54
56
|
subject { commands.check_file_md5checksum('/etc/passwd', '96c8c50f81a29965f7af6de371ab4250') }
|
55
57
|
it { should eq "md5sum /etc/passwd | grep -iw -- ^96c8c50f81a29965f7af6de371ab4250" }
|
56
58
|
end
|
57
59
|
|
58
60
|
|
59
|
-
describe 'check_directory'
|
61
|
+
describe 'check_directory' do
|
60
62
|
subject { commands.check_directory('/var/log') }
|
61
63
|
it { should eq 'test -d /var/log' }
|
62
64
|
end
|
63
65
|
|
64
|
-
describe 'check_user'
|
66
|
+
describe 'check_user' do
|
65
67
|
subject { commands.check_user('root') }
|
66
68
|
it { should eq 'id root' }
|
67
69
|
end
|
68
70
|
|
69
|
-
describe 'check_group'
|
71
|
+
describe 'check_group' do
|
70
72
|
subject { commands.check_group('wheel') }
|
71
73
|
it { should eq 'getent group | grep -wq -- wheel' }
|
72
74
|
end
|
73
75
|
|
74
|
-
describe 'check_installed'
|
76
|
+
describe 'check_installed' do
|
75
77
|
subject { commands.check_installed('httpd') }
|
76
78
|
it { should eq 'dpkg -s httpd' }
|
77
79
|
end
|
78
80
|
|
79
|
-
describe 'check_listening'
|
81
|
+
describe 'check_listening' do
|
80
82
|
subject { commands.check_listening(80) }
|
81
83
|
it { should eq "netstat -tunl | grep -- :80\\ " }
|
82
84
|
end
|
83
85
|
|
84
|
-
describe 'check_running'
|
86
|
+
describe 'check_running' do
|
85
87
|
subject { commands.check_running('httpd') }
|
86
88
|
it { should eq 'service httpd status' }
|
87
89
|
end
|
88
90
|
|
89
91
|
|
90
|
-
describe 'check_running_under_supervisor'
|
92
|
+
describe 'check_running_under_supervisor' do
|
91
93
|
subject { commands.check_running_under_supervisor('httpd') }
|
92
94
|
it { should eq 'supervisorctl status httpd' }
|
93
95
|
end
|
94
96
|
|
95
|
-
describe 'check_process'
|
97
|
+
describe 'check_process' do
|
96
98
|
subject { commands.check_process('httpd') }
|
97
99
|
it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
|
98
100
|
end
|
99
101
|
|
100
|
-
describe 'check_file_contain'
|
102
|
+
describe 'check_file_contain' do
|
101
103
|
subject { commands.check_file_contain('/etc/passwd', 'root') }
|
102
104
|
it { should eq "grep -q -- root /etc/passwd" }
|
103
105
|
end
|
104
106
|
|
105
|
-
describe 'check_file_contain_within'
|
107
|
+
describe 'check_file_contain_within' do
|
106
108
|
context 'contain a pattern in the file' do
|
107
109
|
subject { commands.check_file_contain_within('Gemfile', 'rspec') }
|
108
110
|
it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
|
@@ -124,62 +126,62 @@ describe 'check_file_contain_within', :os => :debian do
|
|
124
126
|
end
|
125
127
|
end
|
126
128
|
|
127
|
-
describe 'check_mode'
|
129
|
+
describe 'check_mode' do
|
128
130
|
subject { commands.check_mode('/etc/sudoers', 440) }
|
129
131
|
it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
|
130
132
|
end
|
131
133
|
|
132
|
-
describe 'check_owner'
|
134
|
+
describe 'check_owner' do
|
133
135
|
subject { commands.check_owner('/etc/passwd', 'root') }
|
134
136
|
it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
|
135
137
|
end
|
136
138
|
|
137
|
-
describe 'check_grouped'
|
139
|
+
describe 'check_grouped' do
|
138
140
|
subject { commands.check_grouped('/etc/passwd', 'wheel') }
|
139
141
|
it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
|
140
142
|
end
|
141
143
|
|
142
|
-
describe 'check_cron_entry'
|
144
|
+
describe 'check_cron_entry' do
|
143
145
|
subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
|
144
146
|
it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
145
147
|
end
|
146
148
|
|
147
|
-
describe 'check_link'
|
149
|
+
describe 'check_link' do
|
148
150
|
subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
|
149
151
|
it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
|
150
152
|
end
|
151
153
|
|
152
|
-
describe 'check_installed_by_gem'
|
154
|
+
describe 'check_installed_by_gem' do
|
153
155
|
subject { commands.check_installed_by_gem('jekyll') }
|
154
156
|
it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
|
155
157
|
end
|
156
158
|
|
157
|
-
describe 'check_belonging_group'
|
159
|
+
describe 'check_belonging_group' do
|
158
160
|
subject { commands.check_belonging_group('root', 'wheel') }
|
159
161
|
it { should eq "id root | awk '{print $3}' | grep -- wheel" }
|
160
162
|
end
|
161
163
|
|
162
|
-
describe 'have_gid'
|
164
|
+
describe 'have_gid' do
|
163
165
|
subject { commands.check_gid('root', 0) }
|
164
166
|
it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
|
165
167
|
end
|
166
168
|
|
167
|
-
describe 'have_uid'
|
169
|
+
describe 'have_uid' do
|
168
170
|
subject { commands.check_uid('root', 0) }
|
169
171
|
it { should eq "id root | grep -- \\^uid\\=0\\(" }
|
170
172
|
end
|
171
173
|
|
172
|
-
describe 'have_login_shell'
|
174
|
+
describe 'have_login_shell' do
|
173
175
|
subject { commands.check_login_shell('root', '/bin/bash') }
|
174
176
|
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
|
175
177
|
end
|
176
178
|
|
177
|
-
describe 'have_home_directory'
|
179
|
+
describe 'have_home_directory' do
|
178
180
|
subject { commands.check_home_directory('root', '/root') }
|
179
181
|
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
|
180
182
|
end
|
181
183
|
|
182
|
-
describe 'have_authorized_key'
|
184
|
+
describe 'have_authorized_key' do
|
183
185
|
key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
|
184
186
|
escaped_key = key.gsub(/ /, '\ ')
|
185
187
|
|
@@ -197,7 +199,7 @@ describe 'have_authorized_key', :os => :debian do
|
|
197
199
|
end
|
198
200
|
end
|
199
201
|
|
200
|
-
describe 'check_ipatbles'
|
202
|
+
describe 'check_ipatbles' do
|
201
203
|
context 'check a rule without a table and a chain' do
|
202
204
|
subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
|
203
205
|
it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
|
@@ -209,7 +211,7 @@ describe 'check_ipatbles', :os => :debian do
|
|
209
211
|
end
|
210
212
|
end
|
211
213
|
|
212
|
-
describe 'check_selinux'
|
214
|
+
describe 'check_selinux' do
|
213
215
|
context 'enforcing' do
|
214
216
|
subject { commands.check_selinux('enforcing') }
|
215
217
|
it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
|
@@ -226,12 +228,12 @@ describe 'check_selinux', :os => :debian do
|
|
226
228
|
end
|
227
229
|
end
|
228
230
|
|
229
|
-
describe 'get_mode'
|
231
|
+
describe 'get_mode' do
|
230
232
|
subject { commands.get_mode('/dev') }
|
231
233
|
it { should eq 'stat -c %a /dev' }
|
232
234
|
end
|
233
235
|
|
234
|
-
describe 'check_access_by_user'
|
236
|
+
describe 'check_access_by_user' do
|
235
237
|
context 'read access' do
|
236
238
|
subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
|
237
239
|
it { should eq 'su -s /bin/sh -c "/usr/bin/test -r /tmp/something" dummyuser1' }
|