serverspec 0.3.2 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +13 -1
- data/lib/serverspec/helper.rb +4 -0
- data/lib/serverspec/helper/type.rb +11 -0
- data/lib/serverspec/matchers/be_enabled.rb +6 -2
- data/lib/serverspec/matchers/be_running.rb +12 -9
- data/lib/serverspec/setup.rb +1 -2
- data/lib/serverspec/type/service.rb +31 -0
- data/lib/serverspec/version.rb +1 -1
- data/serverspec.gemspec +3 -3
- data/spec/darwin/commands_spec.rb +31 -29
- data/spec/darwin/matchers_spec.rb +3 -1
- data/spec/darwin/service_spec.rb +9 -0
- data/spec/debian/commands_spec.rb +35 -33
- data/spec/debian/matchers_spec.rb +3 -1
- data/spec/debian/service_spec.rb +10 -0
- data/spec/gentoo/commands_spec.rb +33 -33
- data/spec/gentoo/matchers_spec.rb +3 -1
- data/spec/gentoo/service_spec.rb +10 -0
- data/spec/redhat/commands_spec.rb +35 -33
- data/spec/redhat/matchers_spec.rb +3 -1
- data/spec/redhat/service_spec.rb +10 -0
- data/spec/solaris/commands_spec.rb +38 -36
- data/spec/solaris/matchers_spec.rb +3 -1
- data/spec/solaris/service_spec.rb +10 -0
- data/spec/support/shared_service_examples.rb +72 -0
- metadata +20 -6
@@ -1,6 +1,8 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
|
3
|
+
include Serverspec::Helper::Debian
|
4
|
+
|
5
|
+
describe 'Serverspec matchers of Debian family' do
|
4
6
|
it_behaves_like 'support be_enabled matcher', 'rc.local'
|
5
7
|
it_behaves_like 'support be_installed matcher', 'openssh-server'
|
6
8
|
it_behaves_like 'support be_running matcher', 'ssh'
|
@@ -0,0 +1,10 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::Debian
|
4
|
+
|
5
|
+
describe 'Serverspec service matchers of Red Hat family' do
|
6
|
+
it_behaves_like 'support service enabled matcher', 'sshd'
|
7
|
+
it_behaves_like 'support service running matcher', 'sshd'
|
8
|
+
it_behaves_like 'support service running under supervisor matcher', 'sshd'
|
9
|
+
it_behaves_like 'support service running under unimplemented matcher', 'sshd'
|
10
|
+
end
|
@@ -1,26 +1,26 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe 'check_enabled'
|
3
|
+
describe 'check_enabled' do
|
4
4
|
subject { commands.check_enabled('httpd') }
|
5
5
|
it { should eq "/sbin/rc-update show | grep -- \\^\\\\s\\*httpd\\\\s\\*\\|\\\\s\\*\\\\\\(boot\\\\\\|default\\\\\\)" }
|
6
6
|
end
|
7
7
|
|
8
|
-
describe 'check_file'
|
8
|
+
describe 'check_file' do
|
9
9
|
subject { commands.check_file('/etc/passwd') }
|
10
10
|
it { should eq 'test -f /etc/passwd' }
|
11
11
|
end
|
12
12
|
|
13
|
-
describe 'check_mounted'
|
13
|
+
describe 'check_mounted' do
|
14
14
|
subject { commands.check_mounted('/') }
|
15
15
|
it { should eq "mount | grep -w -- on\\ /" }
|
16
16
|
end
|
17
17
|
|
18
|
-
describe 'check_routing_table'
|
18
|
+
describe 'check_routing_table' do
|
19
19
|
subject { commands.check_routing_table('192.168.100.0/24') }
|
20
20
|
it { should eq "ip route | grep -E '^192.168.100.0/24 |^default '" }
|
21
21
|
end
|
22
22
|
|
23
|
-
describe 'check_reachable'
|
23
|
+
describe 'check_reachable' do
|
24
24
|
context "connect with name from /etc/services to localhost" do
|
25
25
|
subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
|
26
26
|
it { should eq "nc -vvvvzt localhost ssh -w 1" }
|
@@ -35,7 +35,7 @@ describe 'check_reachable', :os => :gentoo do
|
|
35
35
|
end
|
36
36
|
end
|
37
37
|
|
38
|
-
describe 'check_resolvable'
|
38
|
+
describe 'check_resolvable' do
|
39
39
|
context "resolve localhost by hosts" do
|
40
40
|
subject { commands.check_resolvable('localhost', 'hosts') }
|
41
41
|
it { should eq "grep -w -- localhost /etc/hosts" }
|
@@ -50,52 +50,52 @@ describe 'check_resolvable', :os => :gentoo do
|
|
50
50
|
end
|
51
51
|
end
|
52
52
|
|
53
|
-
describe 'check_directory'
|
53
|
+
describe 'check_directory' do
|
54
54
|
subject { commands.check_directory('/var/log') }
|
55
55
|
it { should eq 'test -d /var/log' }
|
56
56
|
end
|
57
57
|
|
58
|
-
describe 'check_user'
|
58
|
+
describe 'check_user' do
|
59
59
|
subject { commands.check_user('root') }
|
60
60
|
it { should eq 'id root' }
|
61
61
|
end
|
62
62
|
|
63
|
-
describe 'check_group'
|
63
|
+
describe 'check_group' do
|
64
64
|
subject { commands.check_group('wheel') }
|
65
65
|
it { should eq 'getent group | grep -wq -- wheel' }
|
66
66
|
end
|
67
67
|
|
68
|
-
describe 'check_installed'
|
68
|
+
describe 'check_installed' do
|
69
69
|
subject { commands.check_installed('httpd') }
|
70
70
|
it { should eq '/usr/bin/eix httpd --installed' }
|
71
71
|
end
|
72
72
|
|
73
|
-
describe 'check_listening'
|
73
|
+
describe 'check_listening' do
|
74
74
|
subject { commands.check_listening(80) }
|
75
75
|
it { should eq "netstat -tunl | grep -- :80\\ " }
|
76
76
|
end
|
77
77
|
|
78
|
-
describe 'check_running'
|
78
|
+
describe 'check_running' do
|
79
79
|
subject { commands.check_running('httpd') }
|
80
80
|
it { should eq '/etc/init.d/httpd status' }
|
81
81
|
end
|
82
82
|
|
83
|
-
describe 'check_running_under_supervisor'
|
83
|
+
describe 'check_running_under_supervisor' do
|
84
84
|
subject { commands.check_running_under_supervisor('httpd') }
|
85
85
|
it { should eq 'supervisorctl status httpd' }
|
86
86
|
end
|
87
87
|
|
88
|
-
describe 'check_process'
|
88
|
+
describe 'check_process' do
|
89
89
|
subject { commands.check_process('httpd') }
|
90
90
|
it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
|
91
91
|
end
|
92
92
|
|
93
|
-
describe 'check_file_contain'
|
93
|
+
describe 'check_file_contain' do
|
94
94
|
subject { commands.check_file_contain('/etc/passwd', 'root') }
|
95
95
|
it { should eq "grep -q -- root /etc/passwd" }
|
96
96
|
end
|
97
97
|
|
98
|
-
describe 'check_file_contain_within'
|
98
|
+
describe 'check_file_contain_within' do
|
99
99
|
context 'contain a pattern in the file' do
|
100
100
|
subject { commands.check_file_contain_within('Gemfile', 'rspec') }
|
101
101
|
it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
|
@@ -117,67 +117,67 @@ describe 'check_file_contain_within', :os => :gentoo do
|
|
117
117
|
end
|
118
118
|
end
|
119
119
|
|
120
|
-
describe 'check_file_md5checksum'
|
120
|
+
describe 'check_file_md5checksum' do
|
121
121
|
subject { commands.check_file_md5checksum('/etc/passwd', '96c8c50f81a29965f7af6de371ab4250') }
|
122
122
|
it { should eq "md5sum /etc/passwd | grep -iw -- ^96c8c50f81a29965f7af6de371ab4250" }
|
123
123
|
end
|
124
124
|
|
125
|
-
describe 'check_mode'
|
125
|
+
describe 'check_mode' do
|
126
126
|
subject { commands.check_mode('/etc/sudoers', 440) }
|
127
127
|
it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
|
128
128
|
end
|
129
129
|
|
130
|
-
describe 'check_owner'
|
130
|
+
describe 'check_owner' do
|
131
131
|
subject { commands.check_owner('/etc/passwd', 'root') }
|
132
132
|
it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
|
133
133
|
end
|
134
134
|
|
135
|
-
describe 'check_grouped'
|
135
|
+
describe 'check_grouped' do
|
136
136
|
subject { commands.check_grouped('/etc/passwd', 'wheel') }
|
137
137
|
it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
|
138
138
|
end
|
139
139
|
|
140
|
-
describe 'check_cron_entry'
|
140
|
+
describe 'check_cron_entry' do
|
141
141
|
subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
|
142
142
|
it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
143
143
|
end
|
144
144
|
|
145
|
-
describe 'check_link'
|
145
|
+
describe 'check_link' do
|
146
146
|
subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
|
147
147
|
it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
|
148
148
|
end
|
149
149
|
|
150
|
-
describe 'check_installed_by_gem'
|
150
|
+
describe 'check_installed_by_gem' do
|
151
151
|
subject { commands.check_installed_by_gem('jekyll') }
|
152
152
|
it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
|
153
153
|
end
|
154
154
|
|
155
|
-
describe 'check_belonging_group'
|
155
|
+
describe 'check_belonging_group' do
|
156
156
|
subject { commands.check_belonging_group('root', 'wheel') }
|
157
157
|
it { should eq "id root | awk '{print $3}' | grep -- wheel" }
|
158
158
|
end
|
159
159
|
|
160
|
-
describe 'have_gid'
|
160
|
+
describe 'have_gid' do
|
161
161
|
subject { commands.check_gid('root', 0) }
|
162
162
|
it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
|
163
163
|
end
|
164
164
|
|
165
|
-
describe 'have_uid'
|
165
|
+
describe 'have_uid' do
|
166
166
|
subject { commands.check_uid('root', 0) }
|
167
167
|
it { should eq "id root | grep -- \\^uid\\=0\\(" }
|
168
168
|
end
|
169
169
|
|
170
|
-
describe 'have_login_shell'
|
170
|
+
describe 'have_login_shell' do
|
171
171
|
subject { commands.check_login_shell('root', '/bin/bash') }
|
172
172
|
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
|
173
173
|
end
|
174
174
|
|
175
|
-
describe 'have_home_directory'
|
175
|
+
describe 'have_home_directory' do
|
176
176
|
subject { commands.check_home_directory('root', '/root') }
|
177
177
|
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
|
178
178
|
end
|
179
179
|
|
180
|
-
describe 'have_authorized_key'
|
180
|
+
describe 'have_authorized_key' do
|
181
181
|
key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
|
182
182
|
escaped_key = key.gsub(/ /, '\ ')
|
183
183
|
|
@@ -195,7 +195,7 @@ describe 'have_authorized_key', :os => :gentoo do
|
|
195
195
|
end
|
196
196
|
end
|
197
197
|
|
198
|
-
describe 'check_ipatbles'
|
198
|
+
describe 'check_ipatbles' do
|
199
199
|
context 'check a rule without a table and a chain' do
|
200
200
|
subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
|
201
201
|
it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
|
@@ -207,7 +207,7 @@ describe 'check_ipatbles', :os => :gentoo do
|
|
207
207
|
end
|
208
208
|
end
|
209
209
|
|
210
|
-
describe 'check_selinux'
|
210
|
+
describe 'check_selinux' do
|
211
211
|
context 'enforcing' do
|
212
212
|
subject { commands.check_selinux('enforcing') }
|
213
213
|
it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
|
@@ -224,12 +224,12 @@ describe 'check_selinux', :os => :gentoo do
|
|
224
224
|
end
|
225
225
|
end
|
226
226
|
|
227
|
-
describe 'get_mode'
|
227
|
+
describe 'get_mode' do
|
228
228
|
subject { commands.get_mode('/dev') }
|
229
229
|
it { should eq 'stat -c %a /dev' }
|
230
230
|
end
|
231
231
|
|
232
|
-
describe 'check_access_by_user'
|
232
|
+
describe 'check_access_by_user' do
|
233
233
|
context 'read access' do
|
234
234
|
subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
|
235
235
|
it { should eq 'su -s /bin/sh -c "/usr/bin/test -r /tmp/something" dummyuser1' }
|
@@ -1,6 +1,8 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
|
3
|
+
include Serverspec::Helper::Gentoo
|
4
|
+
|
5
|
+
describe 'Serverspec matchers of Gentoo family' do
|
4
6
|
it_behaves_like 'support be_enabled matcher', 'sshd'
|
5
7
|
it_behaves_like 'support be_installed matcher', 'openssh'
|
6
8
|
it_behaves_like 'support be_running matcher', 'sshd'
|
@@ -0,0 +1,10 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::Gentoo
|
4
|
+
|
5
|
+
describe 'Serverspec service matchers of Red Hat family' do
|
6
|
+
it_behaves_like 'support service running matcher', 'sshd'
|
7
|
+
it_behaves_like 'support service running under supervisor matcher', 'sshd'
|
8
|
+
it_behaves_like 'support service running under unimplemented matcher', 'sshd'
|
9
|
+
it_behaves_like 'support service enabled matcher', 'sshd'
|
10
|
+
end
|
@@ -1,26 +1,28 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
|
3
|
+
include Serverspec::Helper::RedHat
|
4
|
+
|
5
|
+
describe 'check_enabled' do
|
4
6
|
subject { commands.check_enabled('httpd') }
|
5
7
|
it { should eq 'chkconfig --list httpd | grep 3:on' }
|
6
8
|
end
|
7
9
|
|
8
|
-
describe 'check_file'
|
10
|
+
describe 'check_file' do
|
9
11
|
subject { commands.check_file('/etc/passwd') }
|
10
12
|
it { should eq 'test -f /etc/passwd' }
|
11
13
|
end
|
12
14
|
|
13
|
-
describe 'check_mounted'
|
15
|
+
describe 'check_mounted' do
|
14
16
|
subject { commands.check_mounted('/') }
|
15
17
|
it { should eq "mount | grep -w -- on\\ /" }
|
16
18
|
end
|
17
19
|
|
18
|
-
describe 'check_routing_table'
|
20
|
+
describe 'check_routing_table' do
|
19
21
|
subject { commands.check_routing_table('192.168.100.0/24') }
|
20
22
|
it { should eq "ip route | grep -E '^192.168.100.0/24 |^default '" }
|
21
23
|
end
|
22
24
|
|
23
|
-
describe 'check_reachable'
|
25
|
+
describe 'check_reachable' do
|
24
26
|
context "connect with name from /etc/services to localhost" do
|
25
27
|
subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
|
26
28
|
it { should eq "nc -vvvvzt localhost ssh -w 1" }
|
@@ -35,7 +37,7 @@ describe 'check_reachable', :os => :redhat do
|
|
35
37
|
end
|
36
38
|
end
|
37
39
|
|
38
|
-
describe 'check_resolvable'
|
40
|
+
describe 'check_resolvable' do
|
39
41
|
context "resolve localhost by hosts" do
|
40
42
|
subject { commands.check_resolvable('localhost', 'hosts') }
|
41
43
|
it { should eq "grep -w -- localhost /etc/hosts" }
|
@@ -50,52 +52,52 @@ describe 'check_resolvable', :os => :redhat do
|
|
50
52
|
end
|
51
53
|
end
|
52
54
|
|
53
|
-
describe 'check_directory'
|
55
|
+
describe 'check_directory' do
|
54
56
|
subject { commands.check_directory('/var/log') }
|
55
57
|
it { should eq 'test -d /var/log' }
|
56
58
|
end
|
57
59
|
|
58
|
-
describe 'check_user'
|
60
|
+
describe 'check_user' do
|
59
61
|
subject { commands.check_user('root') }
|
60
62
|
it { should eq 'id root' }
|
61
63
|
end
|
62
64
|
|
63
|
-
describe 'check_group'
|
65
|
+
describe 'check_group' do
|
64
66
|
subject { commands.check_group('wheel') }
|
65
67
|
it { should eq 'getent group | grep -wq -- wheel' }
|
66
68
|
end
|
67
69
|
|
68
|
-
describe 'check_installed'
|
70
|
+
describe 'check_installed' do
|
69
71
|
subject { commands.check_installed('httpd') }
|
70
72
|
it { should eq 'rpm -q httpd' }
|
71
73
|
end
|
72
74
|
|
73
|
-
describe 'check_listening'
|
75
|
+
describe 'check_listening' do
|
74
76
|
subject { commands.check_listening(80) }
|
75
77
|
it { should eq "netstat -tunl | grep -- :80\\ " }
|
76
78
|
end
|
77
79
|
|
78
|
-
describe 'check_running'
|
80
|
+
describe 'check_running' do
|
79
81
|
subject { commands.check_running('httpd') }
|
80
82
|
it { should eq 'service httpd status' }
|
81
83
|
end
|
82
84
|
|
83
|
-
describe 'check_running_under_supervisor'
|
85
|
+
describe 'check_running_under_supervisor' do
|
84
86
|
subject { commands.check_running_under_supervisor('httpd') }
|
85
87
|
it { should eq 'supervisorctl status httpd' }
|
86
88
|
end
|
87
89
|
|
88
|
-
describe 'check_process'
|
90
|
+
describe 'check_process' do
|
89
91
|
subject { commands.check_process('httpd') }
|
90
92
|
it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
|
91
93
|
end
|
92
94
|
|
93
|
-
describe 'check_file_contain'
|
95
|
+
describe 'check_file_contain' do
|
94
96
|
subject { commands.check_file_contain('/etc/passwd', 'root') }
|
95
97
|
it { should eq "grep -q -- root /etc/passwd" }
|
96
98
|
end
|
97
99
|
|
98
|
-
describe 'check_file_contain_within'
|
100
|
+
describe 'check_file_contain_within' do
|
99
101
|
context 'contain a pattern in the file' do
|
100
102
|
subject { commands.check_file_contain_within('Gemfile', 'rspec') }
|
101
103
|
it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
|
@@ -117,67 +119,67 @@ describe 'check_file_contain_within', :os => :redhat do
|
|
117
119
|
end
|
118
120
|
end
|
119
121
|
|
120
|
-
describe 'check_file_md5checksum'
|
122
|
+
describe 'check_file_md5checksum' do
|
121
123
|
subject { commands.check_file_md5checksum('/etc/passwd', '96c8c50f81a29965f7af6de371ab4250') }
|
122
124
|
it { should eq "md5sum /etc/passwd | grep -iw -- ^96c8c50f81a29965f7af6de371ab4250" }
|
123
125
|
end
|
124
126
|
|
125
|
-
describe 'check_mode'
|
127
|
+
describe 'check_mode' do
|
126
128
|
subject { commands.check_mode('/etc/sudoers', 440) }
|
127
129
|
it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
|
128
130
|
end
|
129
131
|
|
130
|
-
describe 'check_owner'
|
132
|
+
describe 'check_owner' do
|
131
133
|
subject { commands.check_owner('/etc/passwd', 'root') }
|
132
134
|
it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
|
133
135
|
end
|
134
136
|
|
135
|
-
describe 'check_grouped'
|
137
|
+
describe 'check_grouped' do
|
136
138
|
subject { commands.check_grouped('/etc/passwd', 'wheel') }
|
137
139
|
it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
|
138
140
|
end
|
139
141
|
|
140
|
-
describe 'check_cron_entry'
|
142
|
+
describe 'check_cron_entry' do
|
141
143
|
subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
|
142
144
|
it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
143
145
|
end
|
144
146
|
|
145
|
-
describe 'check_link'
|
147
|
+
describe 'check_link' do
|
146
148
|
subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
|
147
149
|
it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
|
148
150
|
end
|
149
151
|
|
150
|
-
describe 'check_installed_by_gem'
|
152
|
+
describe 'check_installed_by_gem' do
|
151
153
|
subject { commands.check_installed_by_gem('jekyll') }
|
152
154
|
it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
|
153
155
|
end
|
154
156
|
|
155
|
-
describe 'check_belonging_group'
|
157
|
+
describe 'check_belonging_group' do
|
156
158
|
subject { commands.check_belonging_group('root', 'wheel') }
|
157
159
|
it { should eq "id root | awk '{print $3}' | grep -- wheel" }
|
158
160
|
end
|
159
161
|
|
160
|
-
describe 'have_gid'
|
162
|
+
describe 'have_gid' do
|
161
163
|
subject { commands.check_gid('root', 0) }
|
162
164
|
it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
|
163
165
|
end
|
164
166
|
|
165
|
-
describe 'have_uid'
|
167
|
+
describe 'have_uid' do
|
166
168
|
subject { commands.check_uid('root', 0) }
|
167
169
|
it { should eq "id root | grep -- \\^uid\\=0\\(" }
|
168
170
|
end
|
169
171
|
|
170
|
-
describe 'have_login_shell'
|
172
|
+
describe 'have_login_shell' do
|
171
173
|
subject { commands.check_login_shell('root', '/bin/bash') }
|
172
174
|
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
|
173
175
|
end
|
174
176
|
|
175
|
-
describe 'have_home_directory'
|
177
|
+
describe 'have_home_directory' do
|
176
178
|
subject { commands.check_home_directory('root', '/root') }
|
177
179
|
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
|
178
180
|
end
|
179
181
|
|
180
|
-
describe 'have_authorized_key'
|
182
|
+
describe 'have_authorized_key' do
|
181
183
|
key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
|
182
184
|
escaped_key = key.gsub(/ /, '\ ')
|
183
185
|
|
@@ -195,7 +197,7 @@ describe 'have_authorized_key', :os => :redhat do
|
|
195
197
|
end
|
196
198
|
end
|
197
199
|
|
198
|
-
describe 'check_ipatbles'
|
200
|
+
describe 'check_ipatbles' do
|
199
201
|
context 'check a rule without a table and a chain' do
|
200
202
|
subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
|
201
203
|
it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
|
@@ -207,7 +209,7 @@ describe 'check_ipatbles', :os => :redhat do
|
|
207
209
|
end
|
208
210
|
end
|
209
211
|
|
210
|
-
describe 'check_selinux'
|
212
|
+
describe 'check_selinux' do
|
211
213
|
context 'enforcing' do
|
212
214
|
subject { commands.check_selinux('enforcing') }
|
213
215
|
it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
|
@@ -224,12 +226,12 @@ describe 'check_selinux', :os => :redhat do
|
|
224
226
|
end
|
225
227
|
end
|
226
228
|
|
227
|
-
describe 'get_mode'
|
229
|
+
describe 'get_mode' do
|
228
230
|
subject { commands.get_mode('/dev') }
|
229
231
|
it { should eq 'stat -c %a /dev' }
|
230
232
|
end
|
231
233
|
|
232
|
-
describe 'check_access_by_user'
|
234
|
+
describe 'check_access_by_user' do
|
233
235
|
context 'read access' do
|
234
236
|
subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
|
235
237
|
it { should eq 'runuser -s /bin/sh -c "test -r /tmp/something" dummyuser1' }
|